iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

View previous topic View next topic Go down

iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 16th March 2013, 7:52 pm

Hi I have been infected with a number of bad things. I have a friend who has been helping me to clean and said I should ask for help here. I have run a bunch of scanners and cleaners like AVG rescue cd, Kaspersky rescue cd, malwarebytes scanner, rkill, tdskiller, dr web rescue cd and online scanner, emsisoft scanner and now use it to guard, avast scanner and others. I was using Microsoft Security Essentials and scanned faithfully but it never caught any of these. I downloaded a database app on my smartphone and when I synced it to my pc it infected it. I am not sure if any of these were already on the pc but this is some of what the scanners reported as infected.

IAMBIGBROTHER (A) BEAST (A), NOADWARE (A), Android.Exploit.PSN.A (B), Android.Exploit.zerqrush.c (B),
These were the common ones each scanner found but every scanner found others there were so many I did not write them down.
I still have the tray icons frozen until I shutdown explorer.exe and restart it. I am not sure what traces of these still are infecting me.
I ran the scans as suggested here and I am posting them. I ask for your help. Thank You.

Emsisoft Emergency Kit - Version 3.0
Last update: 3/7/2013 2:08:11 PM

Scan settings:

Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\WINDOWS\, C:\Program Files\

Detect Riskware: Off
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 3/7/2013 2:08:50 PM

Key: HKEY_CLASSES_ROOT\.BAD detected: Trace.Registry.Beast (A)

Scanned 470784
Found 1

Scan end: 3/7/2013 4:56:36 PM
Scan time: 2:47:46

# AdwCleaner v2.114 - Logfile created 03/16/2013 at 11:13:35
# Updated 05/03/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : HP_Administrator - WORK
# Boot Mode : Normal
# Running from : C:\Documents and Settings\HP_Administrator\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\searchplugins\my-web-search.xml
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\HP_Administrator\Application Data\Toolbar4
Folder Deleted : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\OpenCandy

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{312F84FB-8970-4FD3-BDDB-7012EAC4AFC9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{338B4DFE-2E2C-4338-9E41-E176D497299E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C547C6C2-561B-4169-A2A5-20BA771CA93B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\IMsiDe1egate.Application.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\TENCENT

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = [You must be registered and logged in to see this link.] --> [You must be registered and logged in to see this link.]

-\\ Mozilla Firefox v19.0.2 (en-US)

File : C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\prefs.js

C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultenginename", "My Web Search");
Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Deleted : user_pref("extensions.toolbar.mindspark._4zMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=15BE877B[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.14.1738.0

File : C:\Documents and Settings\HP_Administrator\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [7323 octets] - [16/03/2013 11:13:35]

########## EOF - C:\AdwCleaner[S1].txt - [7383 octets] ##########

OTL logfile created on: 3/16/2013 10:43:28 AM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\HP_Administrator\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.01 Gb Available Physical Memory | 51.97% Memory free
3.72 Gb Paging File | 2.76 Gb Available in Paging File | 74.09% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 230.95 Gb Free Space | 49.59% Space Free | Partition Type: NTFS

Computer Name: WORK | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\HP_Administrator\My Documents\Downloads\OTL.com (OldTimer Tools)
PRC - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
PRC - C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
PRC - C:\Program Files\Emsisoft Anti-Malware\a2guard.exe (Emsisoft GmbH)
PRC - C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\logishrd\KHAL3\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
PRC - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
PRC - C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
PRC - C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
PRC - C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
PRC - C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\Program Files\HP CD-DVD\Umbrella\DVDTray.exe (Hewlett-Packard Company)
PRC - C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe ()


========== Modules (No Company Name) ==========

MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.OracleC#\916b266e8861b8fef7e8b416ba25f253\System.Data.OracleClient.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web.Services\292056b4420bd2b917e695106368cc75\System.Web.Services.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Web\80f2c79d69b438c24cc1929fa2c9dc36\System.Web.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\d2fd4c257f9d9ad05c29e7c9764ef2e8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Program Files\Macrium\Reflect\ReflectService.exe ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data.Entity\6840d246a019bdc6b0f29eb42f494e9e\System.Data.Entity.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\c0d63fa3035a4b6d2a10209e4d6d03f9\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\488265a4a8a155b664f548a9308fe9fb\System.EnterpriseServices.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Transactions\d5430a5f8465903987644febf578089a\System.Transactions.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\b9b013711388610ae6d7d3fe33246320\System.Runtime.Serialization.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\fbc9e7f5a62cd063391f559d45a25e77\System.Xml.Linq.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cb1217cd6576910659539ee8e9d61ee0\System.Windows.Forms.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\320a2b3ee770e1faafdd955665de87b2\System.Drawing.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Numerics\2ef977c821cac0bf0c81a3f240b1990a\System.Numerics.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Security\096f245b0b82f17432e163bbce74298e\System.Security.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Xml\5efec2a1f1c4a82f2ca8a2587ce508f2\System.Xml.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Configuration\f670f3ca08725547dd4df95c94dd9fce\System.Configuration.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Data\b5ce4d98c6f64ac1b38881e81aef592a\System.Data.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Core\0a72692d39dc2b56b4fd5591a12762f5\System.Core.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\b0d46216b2d50e0db597634ca91eb3ad\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\e5de681ee33ae6535462d070428f4f1b\mscorlib.ni.dll ()
MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll ()
MOD - C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll ()
MOD - C:\WINDOWS\system32\quartz.dll ()
MOD - C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\WINDOWS\system32\sbe.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll ()
MOD - C:\Program Files\WinRAR\RarExt.dll ()
MOD - C:\WINDOWS\system32\qedit.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\WINDOWS\system32\devenum.dll ()
MOD - C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll ()
MOD - C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll ()
MOD - C:\WINDOWS\system32\HPBHEALR.DLL ()
MOD - C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnfps.dll ()
MOD - C:\Program Files\Hewlett-Packard\PhotoSmart\HP Share-to-Web\hpgs2wnf.exe ()


========== Services (SafeList) ==========

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (ReflectService.exe) -- C:\Program Files\Macrium\Reflect\ReflectService.exe ()
SRV - (a2AntiMalware) -- C:\Program Files\Emsisoft Anti-Malware\a2service.exe (Emsisoft GmbH)
SRV - (IntuitUpdateServiceV4) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intuit Inc.)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (AxAutoMntSrv) -- C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (FLEXnet Licensing Service) -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (LBTServ) -- C:\Program Files\Common Files\logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (RoxioNow Service) -- C:\Program Files\Roxio\RoxioNow Player\RNowSvc.exe (Rovi Corporation)
SRV - (MatSvc) -- C:\Program Files\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (IntuitUpdateService) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe (Intuit Inc.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (StarWindServiceAE) -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (AdobeActiveFileMonitor8.0) -- C:\Program Files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated)
SRV - (QBCFMonitorService) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe (Intuit)
SRV - (CCALib8) -- C:\Program Files\Canon\CAL\CALMAIN.exe (Canon Inc.)
SRV - (Retrospect Helper) -- C:\Program Files\Retrospect\Retrospect 7.6\rthlpsvc.exe (EMC Corporation)
SRV - (RetroLauncher) -- C:\Program Files\Retrospect\Retrospect 7.6\retrorun.exe (EMC Corporation)
SRV - (LinksysUpdater) -- C:\Program Files\Linksys\Linksys Updater\bin\LinksysUpdater.exe ()
SRV - (W3SVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (SMTPSVC) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (IISADMIN) -- C:\WINDOWS\system32\inetsrv\inetinfo.exe (Microsoft Corporation)
SRV - (nmservice) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (QBFCService) -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe (Intuit Inc.)
SRV - (ARSVC) -- C:\WINDOWS\arservice.exe (Microsoft)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (VMnetAdapter) -- system32\DRIVERS\vmnetadapter.sys File not found
DRV - (sfsync02) -- System32\drivers\sfsync02.sys File not found
DRV - (RimUsb) -- System32\Drivers\RimUsb.sys File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (motusbdevice) -- system32\DRIVERS\motusbdevice.sys File not found
DRV - (Motousbnet) -- system32\DRIVERS\Motousbnet.sys File not found
DRV - (MotoSwitchService) -- system32\DRIVERS\motswch.sys File not found
DRV - (motmodem) -- system32\DRIVERS\motmodem.sys File not found
DRV - (MotDev) -- system32\DRIVERS\motodrv.sys File not found
DRV - (motccgpfl) -- system32\DRIVERS\motccgpfl.sys File not found
DRV - (motccgp) -- system32\DRIVERS\motccgp.sys File not found
DRV - (motandroidusb) -- System32\Drivers\motoandroid.sys File not found
DRV - (MCSTRM) -- File not found
DRV - (LVUVC) -- system32\DRIVERS\lvuvc.sys File not found
DRV - (LVUSBSta) -- system32\drivers\LVUSBSta.sys File not found
DRV - (lbrtfdc) -- File not found
DRV - (Lavasoft Kernexplorer) -- C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys File not found
DRV - (i2omgmt) -- File not found
DRV - (dgderdrv) -- System32\drivers\dgderdrv.sys File not found
DRV - (Changer) -- File not found
DRV - (BTCFilterService) -- system32\DRIVERS\motfilt.sys File not found
DRV - (aemo218b) -- File not found
DRV - (Ad-Watch Connect Filter) -- C:\WINDOWS\system32\drivers\NSDriver.sys File not found
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (vidsflt53) -- C:\WINDOWS\system32\drivers\vsflt53.sys (Acronis)
DRV - (PSVolAcc) -- C:\WINDOWS\System32\drivers\PSVolAcc.sys (Paramount Software UK Ltd)
DRV - (pssnap) -- C:\WINDOWS\system32\drivers\pssnap.sys (Macrium Software)
DRV - (PSMounterEx) -- C:\WINDOWS\system32\drivers\psmounterex.sys ()
DRV - (ssadmdm) -- C:\WINDOWS\system32\drivers\ssadmdm.sys (MCCI Corporation)
DRV - (ssadbus) -- C:\WINDOWS\system32\drivers\ssadbus.sys (MCCI Corporation)
DRV - (ssadserd) -- C:\WINDOWS\system32\drivers\ssadserd.sys (MCCI Corporation)
DRV - (androidusb) -- C:\WINDOWS\system32\drivers\ssadadb.sys (Google Inc)
DRV - (ssadmdfl) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys (MCCI Corporation)
DRV - (sptd) -- C:\WINDOWS\system32\drivers\sptd.sys (Duplex Secure Ltd.)
DRV - (PSMounter) -- C:\WINDOWS\system32\drivers\psmounter.sys (Macrium Software)
DRV - (a2acc) -- C:\Program Files\Emsisoft Anti-Malware\a2accx86.sys (Emsisoft GmbH)
DRV - (a2injectiondriver) -- C:\Program Files\Emsisoft Anti-Malware\a2dix86.sys (Emsisoft GmbH)
DRV - (vididr) -- C:\WINDOWS\system32\drivers\vididr.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (LBeepKE) -- C:\WINDOWS\system32\drivers\LBeepKE.sys (Logitech, Inc.)
DRV - (A2DDA) -- C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys (Emsi Software GmbH)
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (NPF) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (a2util) -- C:\Program Files\Emsisoft Anti-Malware\a2util32.sys (Emsi Software GmbH)
DRV - (StarOpen) -- C:\WINDOWS\System32\drivers\StarOpen.sys ()
DRV - (RMCAST) -- C:\WINDOWS\system32\drivers\rmcast.sys (Microsoft Corporation)
DRV - (MQAC) -- C:\WINDOWS\system32\drivers\mqac.sys (Microsoft Corporation)
DRV - (pnarp) -- C:\WINDOWS\system32\drivers\pnarp.sys (Pure Networks, Inc.)
DRV - (purendis) -- C:\WINDOWS\system32\drivers\purendis.sys (Pure Networks, Inc.)
DRV - (Cdralw2k) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (Cdr4_xp) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (RTL8023xp) -- C:\WINDOWS\system32\drivers\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (DYUSB) -- C:\WINDOWS\system32\drivers\dyusb.sys (Cypress Semiconductor)
DRV - (SynasUSB) -- C:\WINDOWS\system32\drivers\synasUSB.sys (SIA Syncrosoft)
DRV - (ALCXWDM) -- C:\WINDOWS\system32\drivers\alcxwdm.sys (Realtek Semiconductor Corp.)
DRV - (Ps2) -- C:\WINDOWS\system32\drivers\PS2.sys (Hewlett-Packard Company)
DRV - (dot4ufd) -- C:\WINDOWS\system32\drivers\Hppaufd0.sys (HP)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (sfdrv01) -- C:\WINDOWS\system32\drivers\sfdrv01.sys (Protection Technology)
DRV - (ftsata2) -- C:\WINDOWS\system32\drivers\ftsata2.sys (Promise Technology, Inc.)
DRV - (sfhlp02) -- C:\WINDOWS\system32\drivers\sfhlp02.sys (Protection Technology)
DRV - (BANTExt) -- C:\WINDOWS\system32\drivers\BANTExt.sys ()
DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (rtl8139) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (MAPMEM) -- C:\Program Files\CheckIt\Diagnostics\MAPMEM.SYS ()
DRV - (BCMNTIO) -- C:\Program Files\CheckIt\Diagnostics\BCMNTIO.SYS ()
DRV - (SilverLink) -- C:\WINDOWS\system32\drivers\SilvrLnk.sys (Texas Instruments Incorporated)
DRV - (pfc) -- C:\WINDOWS\system32\drivers\pfc.sys (Padus, Inc.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes,DefaultScope = {461fc775-35b6-4d0b-9ff3-af280bfaba83}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKLM\..\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}: "URL" = [You must be registered and logged in to see this link.]

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {752929fc-c897-4620-9fa8-0303247277e2} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\Program Files\Copernic Agent\CopernicAgentExt.dll (Copernic Technologies Inc.)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {1C237080-D6B3-47B2-AA65-25CCA4BE45F4}
IE - HKCU\..\SearchScopes\{01E1FF36-F7B8-45C7-8AC6-D17864469CE8}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{1C237080-D6B3-47B2-AA65-25CCA4BE45F4}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{461fc775-35b6-4d0b-9ff3-af280bfaba83}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{81019C98-ECE9-4478-8C21-8D2EB1E5D077}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{9D1C416D-EDC4-458C-A8CB-443D335D8E40}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{C4AC4F5C-AA89-4E15-B3E8-F4D0CB5AA1AD}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\..\SearchScopes\{DF0B9223-EFB2-4103-8DA2-B91318699C78}: "URL" = [You must be registered and logged in to see this link.]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;*.local;

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "My Web Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.treasured4ever.com/"
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Be3f6c2cc-d8db-498c-af6c-499fb211db97%7D:1.12.9.1
FF - prefs.js..extensions.enabledAddons: %7B3112ca9c-de6d-4884-a869-9855de680400%7D:1.4.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de680400}:1.4.0.5
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.0
FF - prefs.js..extensions.enabledItems: {e3f6c2cc-d8db-498c-af6c-499fb211db97}:1.10.1
FF - prefs.js..extensions.enabledItems: {70a9aa80-d283-4eae-8a87-ee7b769edf53}:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {195A3098-0BD5-4e90-AE22-BA1C540AFD1E}:2.9.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.2
FF - prefs.js..extensions.enabledItems: {BAEBEF65-9289-47c5-8524-C345CC5D860D}:1.10
FF - prefs.js..extensions.enabledItems: [You must be registered and logged in to see this link.]:1.7.3
FF - prefs.js..keyword.URL: "http://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=15BE877B-C2EF-4679-AB5E-30AE02A82F04&n=77fc480d&ind=2013022221&p2=^HJ^xdm017^YY^us&si=pconverter&searchfor="
FF - prefs.js..network.proxy.no_proxies_on: "localho,t,127.0.0.1,*.local"
FF - prefs.js..network.proxy.type: 4


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@ConservativeTalkNow_4n.com/Plugin: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin\NP4nStub.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPAPIX: C:\Program Files\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF - HKLM\Software\MozillaPlugins\@fluxdvd.com/NPFluxBrowserHelper: C:\Program Files\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2010/09/14 09:54:45 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files\Common Files\mpDRM\NPMPDRM.dll ()
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{400F0BDB-6C49-43A4-BE1F-76D7327A604D}: C:\Program Files\Common Files\fluxDVD\Download Manager\Mozilla [2008/12/03 12:31:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\4nffxtbr@ConservativeTalkNow_4n.com: C:\Program Files\ConservativeTalkNow_4n\bar\1.bin [2011/12/02 18:08:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/10 12:14:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/03/08 23:55:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/03/08 23:54:48 | 000,000,000 | ---D | M]

[2009/08/11 09:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions
[2009/08/11 09:29:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Extensions\celtx@celtx.com
[2013/02/25 12:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions
[2012/12/02 11:35:32 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2010/05/10 13:52:47 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/07 11:30:40 | 000,000,000 | ---D | M] (Page Speed Closure Compiler Extension) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\{70a9aa80-d283-4eae-8a87-ee7b769edf53}
[2012/08/28 15:31:05 | 000,000,000 | ---D | M] (Page Speed) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\{e3f6c2cc-d8db-498c-af6c-499fb211db97}
[2013/02/25 12:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\trash
[2013/02/25 12:02:49 | 002,163,784 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\firebug@software.joehewitt.com.xpi
[2012/12/13 21:40:32 | 002,151,598 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\extensions\trash\firebug@software.joehewitt.com.xpi
[2013/02/22 22:01:21 | 000,009,615 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\searchplugins\my-web-search.xml
[2013/03/08 23:54:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2013/03/08 23:54:43 | 000,000,000 | ---D | M] ("CinemaNow Plugin for Firefox") -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de680400}
[2013/03/08 23:55:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2006/10/02 23:59:57 | 000,040,552 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2007/03/02 09:17:24 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPAPIX.dll
[2007/01/17 07:18:04 | 000,095,200 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPFluxBrowserHelper.dll
[2007/07/02 11:42:20 | 000,103,064 | ---- | M] () -- C:\Program Files\mozilla firefox\plugins\NPMPDRM.dll
[2007/06/01 14:25:00 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\mozilla firefox\plugins\npmusicn.dll
[2012/10/11 12:30:54 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/10/24 13:50:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013/02/27 00:23:59 | 000,002,086 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 16th March 2013, 9:24 pm

part 2
========== Chrome ==========

CHR - homepage:
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage:
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.60\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.230.5 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U23 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Adobe ESD Manager Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
CHR - plugin: Active Process Information eXchange (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAPIX.dll
CHR - plugin: fluxDVD (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPFluxBrowserHelper.dll
CHR - plugin: NPMPDRM License Acquisition Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPMPDRM.dll
CHR - plugin: Musicnotes (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Yahoo! activeX Plug-in Bridge (Enabled) = C:\Program Files\Yahoo!\Common\npyaxmpb.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\HP_Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2008/05/09 15:57:24 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Download Manager Browser Helper Object) - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll File not found
O2 - BHO: (DivX Plus Web Player HTML5

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 16th March 2013, 9:28 pm

part 3
========== Custom Scans ==========

< %AppData%\Roaming\Mozilla\Firefox\Profiles\*.default\extensions\ /s /md5 >

< %AppData%\Local\ >

< %systemroot%\system32\sysprep >

< *.xpi /md5 >

< %systemroot%\Downloaded Program Files\ >

< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile >
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts]

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /HideShortcuts [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /ShowShortcuts [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\open\command\\: C:\Program Files\Celtx\celtx.exe [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\properties\command\\: "C:\Program Files\Celtx\celtx.exe" -preferences [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\safemode\command\\: "C:\Program Files\Celtx\celtx.exe" -safe-mode [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /HideShortcuts [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /ShowShortcuts [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Celtx\uninstall\helper.exe" /SetAsDefaultAppGlobal [2009/06/12 12:14:34 | 000,495,872 | ---- | M] (celtx.com)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\open\command\\: C:\Program Files\Celtx\celtx.exe [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\properties\command\\: "C:\Program Files\Celtx\celtx.exe" -preferences [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\CELTX.EXE\shell\safemode\command\\: "C:\Program Files\Celtx\celtx.exe" -safe-mode [2009/06/12 12:14:30 | 008,530,944 | ---- | M] (Greyfirst Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013/03/08 23:54:58 | 000,865,744 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2013/03/08 23:55:01 | 000,917,400 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2012/08/28 08:07:34 | 000,174,080 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: C:\Program Files\Internet Explorer\iexplore.exe [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera\Opera.exe" /ShowIconsCommand [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera\Opera.exe" /HideIconsCommand [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera\Opera.exe" /ReInstallBrowser [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera\Opera.exe" [2013/03/08 18:11:02 | 000,879,456 | ---- | M] (Opera Software)

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\drivers\*.sys /90 >
[2013/03/04 21:45:00 | 000,016,400 | ---- | M] (Logitech, Inc.) -- C:\WINDOWS\system32\drivers\LNonPnP.sys
[2013/02/28 13:21:37 | 000,055,416 | ---- | M] () -- C:\WINDOWS\system32\drivers\psmounterex.sys
[2013/02/28 13:22:35 | 000,016,504 | ---- | M] (Macrium Software) -- C:\WINDOWS\system32\drivers\pssnap.sys
[2013/02/28 13:23:00 | 000,013,432 | ---- | M] (Paramount Software UK Ltd) -- C:\WINDOWS\system32\drivers\PSVolAcc.sys
[2012/12/25 21:36:39 | 000,466,008 | ---- | M] (Duplex Secure Ltd.) -- C:\WINDOWS\system32\drivers\sptd.sys
[2013/01/31 04:19:34 | 000,030,312 | ---- | M] (Google Inc) -- C:\WINDOWS\system32\drivers\ssadadb.sys
[2013/01/31 04:19:34 | 000,121,064 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadbus.sys
[2013/01/31 04:19:34 | 000,010,472 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadcm.sys
[2013/01/31 04:19:34 | 000,010,472 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadcmnt.sys
[2013/01/31 04:19:34 | 000,012,776 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadmdfl.sys
[2013/01/31 04:19:34 | 000,136,808 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadmdm.sys
[2013/01/31 04:19:34 | 000,114,280 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadserd.sys
[2013/01/31 04:19:34 | 000,010,344 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadwh.sys
[2013/01/31 04:19:34 | 000,010,344 | ---- | M] (MCCI Corporation) -- C:\WINDOWS\system32\drivers\ssadwhnt.sys
[2013/03/15 03:22:51 | 000,601,408 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\timntr.sys
[2013/03/15 03:22:41 | 000,083,392 | ---- | M] (Acronis) -- C:\WINDOWS\system32\drivers\vsflt53.sys

< %systemroot%\System32\config\*.sav >

< %SYSTEMDRIVE%\*.exe /md5 >
[2008/04/11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) MD5=E8B4398587AAAFA5EA6A6B7C085C5C8D -- C:\install.exe
[2011/12/08 12:17:16 | 006,776,168 | ---- | M] (Microsoft Corporation) MD5=F723820B8656E82958FA7ED854A7EEFE -- C:\WindowsUpdateAgent30-x86.exe
[2011/12/08 12:31:24 | 001,266,056 | ---- | M] (Microsoft Corporation) MD5=ADB6AA3190443232B2491160B587A6DB -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[1 C:\*.tmp files -> C:\*.tmp -> ]

< "%WinDir%\$NtUninstallKB*$." /30 >

< %systemdrive%\Program Files\Common Files\ComObjects\*.* /s >

< %systemroot%\*. /mp /s >

< %systemroot%\*. /rp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\Installer\ /s >

< %systemroot%\system32\Cache\ /s >

< %systemroot%\system32\config\systemprofile\ /s >

< %PROGRAMFILES%\*. >
[2009/06/30 10:08:33 | 000,000,000 | ---D | M] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2008/01/30 21:59:32 | 000,000,000 | ---D | M] -- C:\Program Files\ACD Systems
[2012/03/02 15:16:22 | 000,000,000 | ---D | M] -- C:\Program Files\Acronis
[2012/12/16 00:11:17 | 000,000,000 | ---D | M] -- C:\Program Files\Adobe
[2012/06/10 12:31:41 | 000,000,000 | ---D | M] -- C:\Program Files\Agree Free MP4 to AVI WMV MOV 3GP FLV Converter
[2007/11/01 16:33:47 | 000,000,000 | ---D | M] -- C:\Program Files\Akamai
[2009/09/12 12:27:14 | 000,000,000 | ---D | M] -- C:\Program Files\Alcohol Soft
[2011/06/11 11:57:02 | 000,000,000 | ---D | M] -- C:\Program Files\Amazon
[2012/12/13 23:55:28 | 000,000,000 | ---D | M] -- C:\Program Files\AMR Player
[2012/09/04 19:20:27 | 000,000,000 | ---D | M] -- C:\Program Files\Android Commander
[2013/02/22 21:16:57 | 000,000,000 | ---D | M] -- C:\Program Files\AnvSoft
[2011/06/11 11:30:43 | 000,000,000 | ---D | M] -- C:\Program Files\Apple Software Update
[2011/11/22 13:20:26 | 000,000,000 | ---D | M] -- C:\Program Files\ArcSoft
[2005/11/12 11:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\ATI Technologies
[2013/03/08 14:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\AVAST Software
[2009/07/19 09:53:04 | 000,000,000 | ---D | M] -- C:\Program Files\Avery
[2010/05/08 14:09:47 | 000,000,000 | ---D | M] -- C:\Program Files\Avery Dennison
[2012/10/09 15:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\AVS4YOU
[2011/05/16 23:03:44 | 000,000,000 | ---D | M] -- C:\Program Files\BBDBViewerPlus
[2006/03/26 00:36:48 | 000,000,000 | ---D | M] -- C:\Program Files\Belarc
[2012/09/17 16:37:43 | 000,000,000 | ---D | M] -- C:\Program Files\Bonjour
[2008/11/07 19:40:03 | 000,000,000 | ---D | M] -- C:\Program Files\Cakewalk
[2010/12/22 17:58:36 | 000,000,000 | ---D | M] -- C:\Program Files\Caminova
[2011/02/13 13:37:21 | 000,000,000 | ---D | M] -- C:\Program Files\Canon
[2012/06/10 11:40:13 | 000,000,000 | ---D | M] -- C:\Program Files\CATVids
[2012/06/10 16:00:09 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner
[2011/09/08 12:42:53 | 000,000,000 | ---D | M] -- C:\Program Files\Celtx
[2006/10/09 13:37:28 | 000,000,000 | ---D | M] -- C:\Program Files\CheckIt
[2008/12/03 12:30:49 | 000,000,000 | ---D | M] -- C:\Program Files\CinemaNow
[2011/11/11 22:59:35 | 000,000,000 | ---D | M] -- C:\Program Files\Codebox
[2011/06/11 13:55:06 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast
[2006/10/14 09:47:36 | 000,000,000 | ---D | M] -- C:\Program Files\Comcast Web Controls
[2013/03/10 18:36:37 | 000,000,000 | ---D | M] -- C:\Program Files\Common Files
[2005/08/31 16:00:26 | 000,000,000 | ---D | M] -- C:\Program Files\ComPlus Applications
[2010/03/14 09:04:16 | 000,000,000 | ---D | M] -- C:\Program Files\CONEXANT
[2011/08/17 16:07:11 | 000,000,000 | ---D | M] -- C:\Program Files\ConservativeTalkNow_4n
[2011/08/17 16:06:38 | 000,000,000 | ---D | M] -- C:\Program Files\ConservativeTalkNow_4nEI
[2006/03/28 12:25:21 | 000,000,000 | ---D | M] -- C:\Program Files\Copernic Agent
[2012/06/10 13:57:58 | 000,000,000 | ---D | M] -- C:\Program Files\Cucusoft
[2011/11/22 13:22:38 | 000,000,000 | ---D | M] -- C:\Program Files\CyberLink
[2007/07/05 21:04:02 | 000,000,000 | ---D | M] -- C:\Program Files\Dantz
[2012/02/04 21:22:01 | 000,000,000 | ---D | M] -- C:\Program Files\DAZZLE
[2008/04/21 23:07:24 | 000,000,000 | ---D | M] -- C:\Program Files\DeductionPro 2007
[2009/07/29 12:17:47 | 000,000,000 | ---D | M] -- C:\Program Files\DIFX
[2011/12/04 10:17:57 | 000,000,000 | ---D | M] -- C:\Program Files\directx
[2012/06/10 12:14:09 | 000,000,000 | ---D | M] -- C:\Program Files\DivX
[2008/08/06 11:37:33 | 000,000,000 | ---D | M] -- C:\Program Files\Documents To Go
[2012/10/22 01:50:56 | 000,000,000 | ---D | M] -- C:\Program Files\DYMO DiscPainter
[2007/10/14 23:53:48 | 000,000,000 | ---D | M] -- C:\Program Files\EA GAMES
[2008/04/21 23:04:52 | 000,000,000 | ---D | M] -- C:\Program Files\EasyChord
[2013/03/16 10:39:03 | 000,000,000 | ---D | M] -- C:\Program Files\Emsisoft Anti-Malware
[2012/06/21 21:30:54 | 000,000,000 | ---D | M] -- C:\Program Files\epson
[2012/06/21 21:29:42 | 000,000,000 | ---D | M] -- C:\Program Files\Epson Software
[2010/06/27 13:44:51 | 000,000,000 | ---D | M] -- C:\Program Files\Evrsoft First Page 2006
[2012/12/23 14:38:56 | 000,000,000 | ---D | M] -- C:\Program Files\FileAssociationManager
[2012/12/25 20:25:45 | 000,000,000 | ---D | M] -- C:\Program Files\FileZilla FTP Client
[2012/06/30 13:00:40 | 000,000,000 | ---D | M] -- C:\Program Files\Foxit Software
[2009/03/24 18:05:43 | 000,000,000 | ---D | M] -- C:\Program Files\Free FTP
[2012/12/23 17:02:32 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin
[2012/12/19 15:07:09 | 000,000,000 | ---D | M] -- C:\Program Files\Garmin GPS Plugin
[2006/04/16 14:31:22 | 000,000,000 | ---D | M] -- C:\Program Files\GemMaster
[2012/12/11 21:34:49 | 000,000,000 | ---D | M] -- C:\Program Files\GetFLV
[2009/05/02 15:41:09 | 000,000,000 | ---D | M] -- C:\Program Files\GIMP-2.0
[2006/04/04 22:33:56 | 000,000,000 | ---D | M] -- C:\Program Files\GlobalSCAPE
[2013/01/14 12:03:06 | 000,000,000 | ---D | M] -- C:\Program Files\Google
[2008/01/05 19:11:04 | 000,000,000 | ---D | M] -- C:\Program Files\Grisoft
[2013/01/09 12:42:04 | 000,000,000 | ---D | M] -- C:\Program Files\Haali
[2006/04/16 12:30:12 | 000,000,000 | ---D | M] -- C:\Program Files\HammerTap
[2010/03/13 15:34:51 | 000,000,000 | ---D | M] -- C:\Program Files\Hewlett-Packard
[2009/07/15 08:49:07 | 000,000,000 | ---D | M] -- C:\Program Files\HP
[2011/11/22 13:24:27 | 000,000,000 | ---D | M] -- C:\Program Files\HP CD-DVD
[2006/03/02 15:27:11 | 000,000,000 | ---D | M] -- C:\Program Files\HP Rhapsody
[2006/04/30 01:45:13 | 000,000,000 | ---D | M] -- C:\Program Files\ieSpell
[2011/08/18 15:19:03 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallJammer Registry
[2013/02/27 23:23:30 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2009/05/11 08:15:28 | 000,000,000 | ---D | M] -- C:\Program Files\InterActual
[2012/10/11 14:36:46 | 000,000,000 | ---D | M] -- C:\Program Files\Internet Explorer
[2005/11/12 12:20:21 | 000,000,000 | ---D | M] -- C:\Program Files\InterVideo
[2012/09/17 16:43:13 | 000,000,000 | ---D | M] -- C:\Program Files\iPod
[2009/04/10 12:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\iPod(2)
[2012/09/17 16:44:56 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes
[2009/04/10 12:08:52 | 000,000,000 | ---D | M] -- C:\Program Files\iTunes(2)
[2013/01/17 16:09:07 | 000,000,000 | ---D | M] -- C:\Program Files\Java
[2012/06/10 12:29:24 | 000,000,000 | ---D | M] -- C:\Program Files\K-Lite Codec Pack
[2011/05/07 16:21:58 | 000,000,000 | ---D | M] -- C:\Program Files\LG Electronics
[2008/05/07 09:03:28 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribe
[2008/06/22 18:44:23 | 000,000,000 | ---D | M] -- C:\Program Files\LightScribeTemplateLabeler
[2008/08/06 18:16:16 | 000,000,000 | ---D | M] -- C:\Program Files\Linksys
[2011/11/11 22:48:24 | 000,000,000 | ---D | M] -- C:\Program Files\Logitech
[2011/11/12 00:40:18 | 000,000,000 | ---D | M] -- C:\Program Files\Macrium
[2013/03/06 22:34:36 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/23 09:55:12 | 000,000,000 | ---D | M] -- C:\Program Files\MediaPlayerLite
[2008/08/14 15:20:54 | 000,000,000 | ---D | M] -- C:\Program Files\Messenger
[2012/02/08 22:52:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft
[2007/05/09 15:38:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2012/02/11 10:46:35 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Fix it Center
[2006/04/16 15:57:13 | 000,000,000 | ---D | M] -- C:\Program Files\microsoft frontpage
[2011/08/22 14:41:10 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint
[2011/08/22 14:40:36 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft IntelliPoint 5.5
[2007/01/03 18:23:06 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Location Finder
[2013/03/07 20:31:37 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Office
[2012/10/11 14:36:45 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Silverlight
[2006/11/03 14:19:16 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Streets & Trips
[2005/11/12 12:24:02 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio
[2011/04/02 09:15:31 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Visual Studio 8
[2013/03/07 20:31:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft Works
[2012/03/26 10:29:03 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET
[2007/04/16 23:52:46 | 000,000,000 | ---D | M] -- C:\Program Files\Mixman Technologies
[2011/11/27 11:46:33 | 000,000,000 | ---D | M] -- C:\Program Files\Mobipocket.com
[2013/03/08 18:21:52 | 000,000,000 | ---D | M] -- C:\Program Files\Motorola
[2011/11/11 20:51:11 | 000,000,000 | ---D | M] -- C:\Program Files\Movie Maker
[2013/03/09 14:14:16 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox
[2013/03/10 11:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Maintenance Service
[2012/03/13 17:16:09 | 000,000,000 | ---D | M] -- C:\Program Files\MS Word To EPUB Converter Software
[2007/02/07 17:35:44 | 000,000,000 | ---D | M] -- C:\Program Files\MSBuild
[2010/10/03 09:20:36 | 000,000,000 | ---D | M] -- C:\Program Files\MSECACHE
[2005/09/01 14:28:48 | 000,000,000 | ---D | M] -- C:\Program Files\MSN
[2005/11/12 12:12:11 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Encarta Standard
[2005/09/01 14:28:58 | 000,000,000 | ---D | M] -- C:\Program Files\MSN Gaming Zone
[2006/10/14 15:22:19 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 4.0
[2007/08/15 09:39:17 | 000,000,000 | ---D | M] -- C:\Program Files\MSXML 6.0
[2008/03/06 23:47:51 | 000,000,000 | ---D | M] -- C:\Program Files\Musicnotes
[2005/11/12 12:27:25 | 000,000,000 | ---D | M] -- C:\Program Files\muvee Technologies
[2013/02/26 01:59:54 | 000,000,000 | ---D | M] -- C:\Program Files\MyFree Codec
[2011/05/23 15:35:40 | 000,000,000 | ---D | M] -- C:\Program Files\Netflix
[2011/11/11 20:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\NetMeeting
[2009/04/12 11:29:45 | 000,000,000 | ---D | M] -- C:\Program Files\NOS
[2013/03/03 02:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Online Services
[2007/10/14 01:19:51 | 000,000,000 | ---D | M] -- C:\Program Files\OpenAL
[2012/09/07 16:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\OpenOffice.org 3
[2013/03/08 18:15:02 | 000,000,000 | ---D | M] -- C:\Program Files\Opera
[2010/12/18 12:52:06 | 000,000,000 | ---D | M] -- C:\Program Files\Outlook Express
[2012/07/21 15:49:46 | 000,000,000 | ---D | M] -- C:\Program Files\Paint.NET
[2010/10/26 11:25:53 | 000,000,000 | ---D | M] -- C:\Program Files\PANTECH
[2006/03/30 10:34:31 | 000,000,000 | ---D | M] -- C:\Program Files\PayPal
[2006/04/16 14:18:32 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor 5 for Windows
[2005/11/12 12:35:56 | 000,000,000 | ---D | M] -- C:\Program Files\PC-Doctor for DOS
[2007/07/23 22:03:12 | 000,000,000 | ---D | M] -- C:\Program Files\PCDJInstaller
[2008/04/21 23:07:18 | 000,000,000 | ---D | M] -- C:\Program Files\PDF995
[2012/06/19 11:33:42 | 000,000,000 | ---D | M] -- C:\Program Files\Photo File Organizer
[2012/03/25 19:18:36 | 000,000,000 | ---D | M] -- C:\Program Files\Photo Stamp Remover
[2010/02/03 12:07:39 | 000,000,000 | ---D | M] -- C:\Program Files\Primera Technology
[2006/03/28 16:56:21 | 000,000,000 | ---D | M] -- C:\Program Files\ProfitCalc
[2013/02/28 16:04:59 | 000,000,000 | ---D | M] -- C:\Program Files\QuickBooks 2008
[2008/11/23 12:56:12 | 000,000,000 | ---D | M] -- C:\Program Files\Quicken
[2012/12/01 09:25:22 | 000,000,000 | ---D | M] -- C:\Program Files\QuickTime
[2012/06/24 15:47:01 | 000,000,000 | ---D | M] -- C:\Program Files\Real
[2012/02/06 23:11:45 | 000,000,000 | ---D | M] -- C:\Program Files\Realtek AC97
[2011/12/27 22:05:27 | 000,000,000 | ---D | M] -- C:\Program Files\Red Eye Removal
[2007/02/07 17:32:27 | 000,000,000 | ---D | M] -- C:\Program Files\Reference Assemblies
[2012/08/13 09:41:28 | 000,000,000 | ---D | M] -- C:\Program Files\Remove Logo Now!
[2008/07/05 23:55:16 | 000,000,000 | ---D | M] -- C:\Program Files\Retrospect
[2008/02/10 02:33:10 | 000,000,000 | ---D | M] -- C:\Program Files\Rhapsody
[2013/03/09 00:06:32 | 000,000,000 | ---D | M] -- C:\Program Files\RMPrepUSB
[2008/08/05 00:36:58 | 000,000,000 | ---D | M] -- C:\Program Files\RockSim 8 demo
[2009/01/28 01:52:24 | 000,000,000 | ---D | M] -- C:\Program Files\RockStar Recipes
[2012/06/19 11:01:33 | 000,000,000 | ---D | M] -- C:\Program Files\Roxio
[2013/02/27 23:23:33 | 000,000,000 | ---D | M] -- C:\Program Files\SAMSUNG
[2008/04/21 23:04:51 | 000,000,000 | ---D | M] -- C:\Program Files\ScaleTool
[2013/03/03 14:11:41 | 000,000,000 | ---D | M] -- C:\Program Files\Seagate
[2013/01/22 17:38:11 | 000,000,000 | ---D | M] -- C:\Program Files\Shrink-O-Matic
[2012/06/19 14:44:36 | 000,000,000 | ---D | M] -- C:\Program Files\Simple Backup
[2009/04/10 12:08:28 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client
[2006/03/28 22:17:51 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 2.0
[2006/03/28 22:17:40 | 000,000,000 | ---D | M] -- C:\Program Files\SmartFTP Client 2.0 Setup Files
[2006/04/16 15:05:37 | 000,000,000 | ---D | M] -- C:\Program Files\Snapshot Viewer
[2011/12/27 22:04:03 | 000,000,000 | ---D | M] -- C:\Program Files\SoftOrbits Digital Photo Suite
[2011/12/27 23:01:53 | 000,000,000 | ---D | M] -- C:\Program Files\SoftOrbits Flash Drive Recovery
[2012/04/09 17:07:53 | 000,000,000 | ---D | M] -- C:\Program Files\SomePDF
[2011/12/08 13:58:13 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic
[2006/02/26 15:28:04 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry
[2006/02/26 14:26:20 | 000,000,000 | ---D | M] -- C:\Program Files\Sonic Foundry Setup
[2012/10/31 14:18:16 | 000,000,000 | ---D | M] -- C:\Program Files\Sony
[2006/02/26 16:35:38 | 000,000,000 | ---D | M] -- C:\Program Files\Sony Setup
[2012/12/17 18:07:22 | 000,000,000 | ---D | M] -- C:\Program Files\SourceTec
[2010/03/25 13:40:58 | 000,000,000 | ---D | M] -- C:\Program Files\Steinberg
[2009/08/16 17:36:42 | 000,000,000 | ---D | M] -- C:\Program Files\Stellar Phoenix Outlook PST Repair
[2012/03/26 12:00:42 | 000,000,000 | ---D | M] -- C:\Program Files\Support.com
[2010/02/03 12:09:11 | 000,000,000 | ---D | M] -- C:\Program Files\SureThing CD Labeler 5 - Primera
[2008/05/16 21:42:05 | 000,000,000 | ---D | M] -- C:\Program Files\SwiftView
[2010/03/25 13:40:19 | 000,000,000 | ---D | M] -- C:\Program Files\Syncrosoft
[2007/04/16 23:52:11 | 000,000,000 | ---D | M] -- C:\Program Files\Temp
[2010/03/27 19:01:09 | 000,000,000 | ---D | M] -- C:\Program Files\Total Training
[2008/01/08 23:21:29 | 000,000,000 | ---D | M] -- C:\Program Files\Trend Micro
[2012/12/11 23:39:01 | 000,000,000 | ---D | M] -- C:\Program Files\TubeMaster++
[2013/01/13 17:32:08 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax
[2005/11/12 12:27:47 | 000,000,000 | ---D | M] -- C:\Program Files\TurboTax Online
[2006/10/01 15:46:29 | 000,000,000 | ---D | M] -- C:\Program Files\Ubisoft
[2005/08/31 16:00:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2005/11/12 12:31:35 | 000,000,000 | ---D | M] -- C:\Program Files\Updates from HP
[2013/02/18 20:23:05 | 000,000,000 | ---D | M] -- C:\Program Files\USDigital DiscStudio
[2010/07/23 11:29:26 | 000,000,000 | ---D | M] -- C:\Program Files\VideoLAN
[2010/09/14 09:54:45 | 000,000,000 | ---D | M] -- C:\Program Files\Virtual Earth 3D
[2012/10/31 13:59:27 | 000,000,000 | ---D | M] -- C:\Program Files\VSTplugins
[2012/06/09 14:46:41 | 000,000,000 | ---D | M] -- C:\Program Files\WAV to AC3 Encoder
[2008/08/06 18:18:15 | 000,000,000 | ---D | M] -- C:\Program Files\WebEx
[2009/09/09 22:12:51 | 000,000,000 | ---D | M] -- C:\Program Files\Western Digital
[2006/04/16 14:31:51 | 000,000,000 | ---D | M] -- C:\Program Files\WildTangent
[2011/11/12 11:24:30 | 000,000,000 | ---D | M] -- C:\Program Files\Windows AIK
[2009/03/27 15:23:55 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Desktop Search
[2011/11/12 11:23:31 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Imaging
[2008/02/12 16:19:28 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Installer Clean Up
[2006/12/29 14:33:06 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Connect 2
[2011/11/11 20:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Media Player
[2011/11/11 20:51:12 | 000,000,000 | ---D | M] -- C:\Program Files\Windows NT
[2005/09/01 14:29:46 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Plus
[2009/07/01 09:20:34 | 000,000,000 | ---D | M] -- C:\Program Files\Windows Resource Kits
[2005/08/31 16:00:44 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2012/12/11 23:34:55 | 000,000,000 | ---D | M] -- C:\Program Files\WinPcap
[2009/06/28 11:44:20 | 000,000,000 | ---D | M] -- C:\Program Files\WinRAR
[2010/12/19 15:02:54 | 000,000,000 | ---D | M] -- C:\Program Files\Wireless Database Viewer Plus
[2005/09/01 14:29:56 | 000,000,000 | ---D | M] -- C:\Program Files\xerox
[2012/08/12 12:22:34 | 000,000,000 | ---D | M] -- C:\Program Files\Xiph.Org
[2012/08/12 12:31:18 | 000,000,000 | ---D | M] -- C:\Program Files\Xtranormal
[2008/06/05 09:45:38 | 000,000,000 | ---D | M] -- C:\Program Files\Yahoo!
[2010/08/30 21:49:55 | 000,000,000 | ---D | M] -- C:\Program Files\YPOPs
[2009/07/16 15:53:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Zenographics
[2008/06/05 07:56:36 | 000,000,000 | ---D | M] -- C:\Program Files\Zenographics(2)
[2009/06/30 10:11:20 | 000,000,000 | -H-D | M] -- C:\Program Files\Zero G Registry

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 16th March 2013, 9:29 pm

part 4
< %appdata%\*.* >
[2011/12/08 15:30:06 | 000,000,840 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\burnaware.ini
[2005/08/31 00:52:20 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\desktop.ini
[2012/12/31 22:14:15 | 000,009,400 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\DiscPainter.ini
[2006/05/02 22:09:18 | 000,013,204 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\GdiplusUpgrade_MSIApproach_Wrapper.log
[2006/05/02 22:11:12 | 000,004,398 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\HPSU_48BitScanUpdate.log
[2006/05/02 22:11:19 | 000,092,523 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_HP_CounterReport_Update_HPSU.log
[2006/05/02 22:10:11 | 000,006,042 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\PatchUpdate_InstantShareJPG.log
[2006/11/26 16:48:43 | 000,000,564 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\SCDataLastRun.dat
[2006/10/31 17:03:24 | 000,131,072 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\svfiles.log
[2012/06/10 11:58:00 | 000,000,036 | -H-- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\swk.ini
[2006/05/02 22:08:03 | 000,096,377 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\Update_HP_RedboxHprblog_HPSU.log
[2010/01/31 08:41:45 | 000,000,472 | ---- | M] () -- C:\Documents and Settings\HP_Administrator\Application Data\wklnhst.dat

< MD5 for: AFD.SYS >
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3GDR\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\DRWINNT.TMP\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\DRWINNT.TMP\system32\drivers\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\dllcache\afd.sys
[2011/08/17 09:49:54 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=1E44BC1E83D8FD2305F8D452DB109CF9 -- C:\WINDOWS\system32\drivers\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\DRWINNT.TMP\$NtUninstallKB2509553$\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\DRWINNT.TMP\ServicePackFiles\i386\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\afd.sys
[2008/04/13 15:19:23 | 000,138,112 | ---- | M] (Microsoft Corporation) MD5=322D0E36693D6E24A2398BEE62A268CD -- C:\WINDOWS\ServicePackFiles\i386\afd.sys
[2011/02/16 09:22:48 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=355556D9E580915118CD7EF736653A89 -- C:\WINDOWS\$NtUninstallKB2592799$\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\DRWINNT.TMP\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\afd.sys
[2008/10/16 11:07:58 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=38D7B715504DA4741DF35E3594FE2099 -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\DRWINNT.TMP\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\DRWINNT.TMP\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3QFE\afd.sys
[2008/08/14 06:34:26 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=4D43E74F2A1239D53929B82600F1971C -- C:\WINDOWS\$hf_mig$\KB956803\SP3QFE\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\afd.sys
[2008/08/14 05:51:43 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=55E6E1C51B6D30E54335750955453702 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2GDR\afd.sys
[2005/11/12 06:41:14 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\DRWINNT.TMP\$NtUninstallKB951748$\afd.sys
[2004/08/10 08:00:00 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=5AC495F4CB807B2B98AD2AD591E6D92E -- C:\WINDOWS\$NtServicePackUninstall$\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\DRWINNT.TMP\$hf_mig$\KB956803\SP2QFE\afd.sys
[2008/08/14 05:48:52 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=6A0397376853E604DE8E1E7A87FC08AC -- C:\DRWINNT.TMP\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP2QFE\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\DRWINNT.TMP\$NtUninstallKB2592799$\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\afd.sys
[2008/10/16 10:43:01 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7618D5218F2A614672EC61A80D854A37 -- C:\WINDOWS\$NtUninstallKB2503665$\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\DRWINNT.TMP\$hf_mig$\KB956803\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\a94a6432dbac6901fc5bf15157f718f8\SP3GDR\afd.sys
[2008/08/14 06:04:36 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=7E775010EF291DA96AD17CA4B17137D7 -- C:\WINDOWS\$NtUninstallKB2509553$\afd.sys
[2011/02/16 09:25:05 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=8D499B1276012EB907E7A9E0F4D8FDA4 -- C:\WINDOWS\$hf_mig$\KB2503665\SP3QFE\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\DRWINNT.TMP\$NtUninstallKB956803$\afd.sys
[2008/06/20 06:44:38 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=944CA435BFCFC82CC1ED9E3A7D731AA9 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\afd.sys
[2008/06/20 07:48:03 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=D6EE6014241D034E63C49A50CB2B442A -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP2QFE\afd.sys
[2008/06/20 06:44:08 | 000,138,368 | ---- | M] (Microsoft Corporation) MD5=D99DDFFB33DEACDCF20717CB520379F6 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP3GDR\afd.sys
[2008/06/20 07:40:08 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=E3049B90FE06F3F740B7CFDA44995E2C -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\DRWINNT.TMP\$hf_mig$\KB2592799\SP3QFE\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\cd75fc2c9aa3d47009fe2d95c9f43154\SP3QFE\afd.sys
[2011/08/17 09:41:46 | 000,138,496 | ---- | M] (Microsoft Corporation) MD5=F6B7B1ECD7B41736BDB6FF4B092BCB79 -- C:\WINDOWS\$hf_mig$\KB2592799\SP3QFE\afd.sys

< MD5 for: ATAPI.SYS >
[2005/11/12 06:42:06 | 016,971,599 | ---- | M] () .cab file -- C:\DRWINNT.TMP\Driver Cache\i386\sp2.cab:atapi.sys
[2011/11/11 19:05:38 | 023,852,652 | ---- | M] () .cab file -- C:\DRWINNT.TMP\Driver Cache\i386\sp3.cab:atapi.sys
[2011/11/11 19:05:38 | 023,852,652 | ---- | M] () .cab file -- C:\DRWINNT.TMP\ServicePackFiles\i386\sp3.cab:atapi.sys
[2011/11/11 19:05:38 | 023,852,652 | ---- | M] () .cab file -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sp3.cab:atapi.sys
[2004/08/10 15:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/10 08:00:00 | 016,971,599 | ---- | M] () .cab file -- C:\WINDOWS\I386\sp2.cab:atapi.sys
[2008/04/14 05:51:44 | 020,056,462 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\DRWINNT.TMP\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\DRWINNT.TMP\system32\drivers\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 00:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2005/11/12 06:41:16 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\atapi.sys
[2004/08/04 09:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys

< MD5 for: CRYPTSVC.DLL >
[2005/11/12 06:41:23 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\DRWINNT.TMP\$NtServicePackUninstall$\cryptsvc.dll
[2004/08/10 08:00:00 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=10654F9DDCEA9C46CFB77554231BE73B -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\DRWINNT.TMP\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\DRWINNT.TMP\system32\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/13 20:11:51 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=3D4E199942E29207970E04315D02AD3B -- C:\WINDOWS\system32\cryptsvc.dll

< MD5 for: DNSRSLVR.DLL >
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\DRWINNT.TMP\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\DRWINNT.TMP\ServicePackFiles\i386\dnsrslvr.dll
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\dnsrslvr.dll
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\$NtUninstallKB2509553$\dnsrslvr.dll
[2008/04/13 20:11:52 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=474B4DC3983173E4B4C9740B0DAC98A6 -- C:\WINDOWS\ServicePackFiles\i386\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\DRWINNT.TMP\system32\dllcache\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\DRWINNT.TMP\system32\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dllcache\dnsrslvr.dll
[2009/04/20 13:17:26 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=5F7E24FA9EAB896051FFB87F840730D2 -- C:\WINDOWS\system32\dnsrslvr.dll
[2005/11/12 06:41:25 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=7379DE06FD196E396A00AA97B990C00D -- C:\DRWINNT.TMP\$NtServicePackUninstall$\dnsrslvr.dll
[2008/02/20 01:32:43 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=AAC8FFBFD61E784FA3BAC851D4A0BD5F -- C:\WINDOWS\$NtServicePackUninstall$\dnsrslvr.dll
[2009/04/20 13:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\DRWINNT.TMP\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll
[2009/04/20 13:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\dnsrslvr.dll
[2009/04/20 13:06:44 | 000,045,568 | ---- | M] (Microsoft Corporation) MD5=D977659AE4D8ECE5286D99D1ED34614D -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\dnsrslvr.dll

< MD5 for: ES.DLL >
[2008/04/13 20:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\DRWINNT.TMP\ServicePackFiles\i386\es.dll
[2008/04/13 20:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\es.dll
[2008/04/13 20:11:53 | 000,246,272 | ---- | M] (Microsoft Corporation) MD5=19A799805B24990867B00C120D300C3A -- C:\WINDOWS\ServicePackFiles\i386\es.dll
[2005/07/26 07:39:46 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=34BBD9ACC1538818F2C878898C64E793 -- C:\WINDOWS\$NtServicePackUninstall$\es.dll
[2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\DRWINNT.TMP\$NtServicePackUninstall$\es.dll
[2008/07/07 16:32:22 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=60D1A6342238378BFB7545C81EE3606C -- C:\DRWINNT.TMP\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2gdr\es.dll
[2005/07/26 07:20:28 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=95F5FEA4C6DE2C3F28784D0DCC8F0DD3 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\es.dll
[2008/07/07 16:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\DRWINNT.TMP\$hf_mig$\KB950974\SP2QFE\es.dll
[2008/07/07 16:06:43 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=A4AB3DCA4A383F0DF4988ABDEB84F9A4 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp2qfe\es.dll
[2005/11/12 06:41:30 | 000,243,200 | ---- | M] (Microsoft Corporation) MD5=ACD36A2DD7D1E9D8A060AA651DC07E63 -- C:\DRWINNT.TMP\$NtUninstallKB950974$\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\DRWINNT.TMP\$hf_mig$\KB950974\SP3GDR\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\DRWINNT.TMP\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3gdr\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\DRWINNT.TMP\system32\dllcache\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\DRWINNT.TMP\system32\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\dllcache\es.dll
[2008/07/07 16:26:58 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=D4991D98F2DB73C60D042F1AEF79EFAE -- C:\WINDOWS\system32\es.dll
[2008/07/07 16:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\DRWINNT.TMP\$hf_mig$\KB950974\SP3QFE\es.dll
[2008/07/07 16:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\DRWINNT.TMP\SoftwareDistribution\Download\8cac00e8efc87d728c0261686f85c975\sp3qfe\es.dll
[2008/07/07 16:23:18 | 000,253,952 | ---- | M] (Microsoft Corporation) MD5=F17F6226BDC0CD5F0BEF0DAF84D29BEC -- C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll

< MD5 for: EXPLORER.EXE >
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\DRWINNT.TMP\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\DRWINNT.TMP\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\system32\dllcache\explorer.exe
[2007/06/13 07:26:03 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=7712DF0CDDE3A5AC89843E61CD5B3658 -- C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
[2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) MD5=97BD6515465659FF8F3B7BE375B2EA87 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2005/11/12 06:41:30 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\explorer.exe

< MD5 for: IPNATHLP.DLL >
[2005/11/12 06:41:35 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\DRWINNT.TMP\$NtServicePackUninstall$\ipnathlp.dll
[2004/08/10 08:00:00 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=36CC8C01B5E50163037BEF56CB96DEFF -- C:\WINDOWS\$NtServicePackUninstall$\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\DRWINNT.TMP\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\DRWINNT.TMP\system32\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\ServicePackFiles\i386\ipnathlp.dll
[2008/04/13 20:11:55 | 000,331,264 | ---- | M] (Microsoft Corporation) MD5=83F41D0D89645D7235C051AB1D9523AC -- C:\WINDOWS\system32\ipnathlp.dll

< MD5 for: IPSEC.SYS >
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\DRWINNT.TMP\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\DRWINNT.TMP\system32\drivers\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\ServicePackFiles\i386\ipsec.sys
[2008/04/13 15:19:42 | 000,075,264 | ---- | M] (Microsoft Corporation) MD5=23C74D75E36E7158768DD63D92789A91 -- C:\WINDOWS\system32\drivers\ipsec.sys
[2005/11/12 06:41:35 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\ipsec.sys
[2004/08/10 08:00:00 | 000,074,752 | ---- | M] (Microsoft Corporation) MD5=64537AA5C003A6AFEEE1DF819062D0D1 -- C:\WINDOWS\$NtServicePackUninstall$\ipsec.sys

< MD5 for: NETBT.SYS >
[2005/11/12 06:41:53 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\DRWINNT.TMP\$NtServicePackUninstall$\netbt.sys
[2004/08/10 08:00:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=0C80E410CD2F47134407EE7DD19CC86B -- C:\WINDOWS\$NtServicePackUninstall$\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\DRWINNT.TMP\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\DRWINNT.TMP\system32\drivers\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\ServicePackFiles\i386\netbt.sys
[2008/04/13 15:21:00 | 000,162,816 | ---- | M] (Microsoft Corporation) MD5=74B2B2F5BEA5E9A3DC021D685551BD3D -- C:\WINDOWS\system32\drivers\netbt.sys

< MD5 for: NETMAN.DLL >
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\DRWINNT.TMP\ServicePackFiles\i386\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\DRWINNT.TMP\system32\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\ServicePackFiles\i386\netman.dll
[2008/04/13 20:12:01 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=13E67B55B3ABD7BF3FE7AAE5A0F9A9DE -- C:\WINDOWS\system32\netman.dll
[2005/08/22 14:24:55 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=3516D8A18B36784B1005B950B84232E1 -- C:\WINDOWS\$hf_mig$\KB905414\SP2QFE\netman.dll
[2005/08/22 14:29:46 | 000,197,632 | ---- | M] (Microsoft Corporation) MD5=36739B39267914BA69AD0610A0299732 -- C:\WINDOWS\$NtServicePackUninstall$\netman.dll
[2005/11/12 06:41:54 | 000,198,144 | ---- | M] (Microsoft Corporation) MD5=DAB9E6C7105D2EF49876FE92C524F565 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\netman.dll

< MD5 for: QMGR.DLL >
[2005/11/12 06:42:01 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\DRWINNT.TMP\$NtServicePackUninstall$\qmgr.dll
[2004/08/10 08:00:00 | 000,382,464 | ---- | M] (Microsoft Corporation) MD5=2C69EC7E5A311334D10DD95F338FCCEA -- C:\WINDOWS\$NtServicePackUninstall$\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\DRWINNT.TMP\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\DRWINNT.TMP\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\DRWINNT.TMP\system32\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\ServicePackFiles\i386\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\bits\qmgr.dll
[2008/04/13 20:12:03 | 000,409,088 | ---- | M] (Microsoft Corporation) MD5=574738F61FCA2935F5265DC4E5691314 -- C:\WINDOWS\system32\qmgr.dll

< MD5 for: RPCSS.DLL >
[2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=01095FEBF33BEEA00C2A0730B9B3EC28 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\rpcss.dll
[2009/02/09 06:20:34 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=01095FEBF33BEEA00C2A0730B9B3EC28 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\rpcss.dll
[2009/02/09 06:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP2QFE\rpcss.dll
[2009/02/09 06:01:53 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=24B5D53B9ACCC1E2EDCF0A878D6659D4 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\rpcss.dll
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\DRWINNT.TMP\ServicePackFiles\i386\rpcss.dll
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\rpcss.dll
[2008/04/13 20:12:04 | 000,399,360 | ---- | M] (Microsoft Corporation) MD5=2589FE6015A316C0F5D5112B4DA7B509 -- C:\WINDOWS\ServicePackFiles\i386\rpcss.dll
[2005/11/12 06:42:02 | 000,395,776 | ---- | M] (Microsoft Corporation) MD5=5C83A4408604F737717AB96371201680 -- C:\DRWINNT.TMP\$NtUninstallKB956572$\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP3GDR\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\DRWINNT.TMP\system32\dllcache\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\DRWINNT.TMP\system32\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\dllcache\rpcss.dll
[2009/02/09 08:10:48 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=6B27A5C03DFB94B4245739065431322C -- C:\WINDOWS\system32\rpcss.dll
[2009/02/09 06:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2009/02/09 06:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\rpcss.dll
[2009/02/09 06:56:36 | 000,401,408 | ---- | M] (Microsoft Corporation) MD5=9222562D44021B988B9F9F62207FB6F2 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\rpcss.dll
[2005/07/26 07:20:40 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=C369DF215D352B6F3A0B8C3469AA34F8 -- C:\WINDOWS\$hf_mig$\KB902400\SP2QFE\rpcss.dll
[2005/07/26 07:39:50 | 000,397,824 | ---- | M] (Microsoft Corporation) MD5=CE94A2BD25E3E9F4D46A7373FF455C6D -- C:\WINDOWS\$NtServicePackUninstall$\rpcss.dll

< MD5 for: SERVICES.EXE >
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP3QFE\services.exe
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3QFE\services.exe
[2009/02/06 07:06:24 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=020CEAAEDC8EB655B6506B8C70D53BB6 -- C:\WINDOWS\$hf_mig$\KB956572\SP3QFE\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\DRWINNT.TMP\ServicePackFiles\i386\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\services.exe
[2008/04/13 20:12:34 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=0E776ED5F7CC9F94299E70461B7B8185 -- C:\WINDOWS\ServicePackFiles\i386\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\DRWINNT.TMP\$NtServicePackUninstall$\services.exe
[2009/02/06 13:14:03 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=37561F8D4160D62DA86D24AE41FAE8DE -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2GDR\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP2QFE\services.exe
[2009/02/06 06:22:21 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=4712531AB7A01B7EE059853CA17D39BD -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP2QFE\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\DRWINNT.TMP\$hf_mig$\KB956572\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\51401b498f4675531d9efb941ee01ef3\SP3GDR\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\DRWINNT.TMP\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\DRWINNT.TMP\system32\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\dllcache\services.exe
[2009/02/06 07:11:05 | 000,110,592 | ---- | M] (Microsoft Corporation) MD5=65DF52F5B8B6E9BBD183505225C37315 -- C:\WINDOWS\system32\services.exe
[2005/11/12 06:42:04 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\DRWINNT.TMP\$NtUninstallKB956572$\services.exe
[2004/08/10 08:00:00 | 000,108,032 | ---- | M] (Microsoft Corporation) MD5=C6CE6EEC82F187615D1002BB3BB50ED4 -- C:\WINDOWS\$NtServicePackUninstall$\services.exe

< MD5 for: SR.SYS >
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\DRWINNT.TMP\ServicePackFiles\i386\sr.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\sr.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\DRWINNT.TMP\system32\drivers\sr.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\ServicePackFiles\i386\sr.sys
[2008/04/13 14:36:52 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=76BB022C2FB6902FD5BDD4F78FC13A5D -- C:\WINDOWS\system32\drivers\sr.sys
[2005/11/12 06:42:08 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\sr.sys
[2004/08/10 08:00:00 | 000,073,472 | ---- | M] (Microsoft Corporation) MD5=E41B6D037D6CD08461470AF04500DC24 -- C:\WINDOWS\$NtServicePackUninstall$\sr.sys

< MD5 for: SRSVC.DLL >
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\DRWINNT.TMP\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\DRWINNT.TMP\system32\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\ServicePackFiles\i386\srsvc.dll
[2008/04/13 20:12:07 | 000,171,008 | ---- | M] (Microsoft Corporation) MD5=3805DF0AC4296A34BA4BF93B346CC378 -- C:\WINDOWS\system32\srsvc.dll
[2005/11/12 06:42:08 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\srsvc.dll
[2004/08/10 08:00:00 | 000,170,496 | ---- | M] (Microsoft Corporation) MD5=92BDF74F12D6CBEC43C94D4B7F804838 -- C:\WINDOWS\$NtServicePackUninstall$\srsvc.dll

< MD5 for: SVCHOST.EXE >
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\DRWINNT.TMP\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\DRWINNT.TMP\system32\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 20:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\system32\svchost.exe
[2005/11/12 06:42:08 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\svchost.exe
[2004/08/10 08:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: TCPIP.SYS >
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 06:45:13 | 000,360,320 | ---- | M] (Microsoft Corporation) MD5=2A5554FC5B1E04E131230E3CE035C3F9 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2gdr\tcpip.sys
[2006/01/13 13:07:08 | 000,360,448 | ---- | M] (Microsoft Corporation) MD5=5562CC0A47B2AEF06D3417B733F3C195 -- C:\WINDOWS\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[2005/03/14 04:17:18 | 000,359,936 | ---- | M] (Microsoft Corporation) MD5=6129E70F3D2F1E60860C930EBEAF92C2 -- C:\WINDOWS\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[2007/10/30 12:53:32 | 000,360,832 | ---- | M] (Microsoft Corporation) MD5=64798ECFA43D78C7178375FCDD16D8C8 -- C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[2008/06/20 06:44:42 | 000,360,960 | ---- | M] (Microsoft Corporation) MD5=744E57C99232201AE98C49168B918F48 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp2qfe\tcpip.sys
[2007/10/30 13:20:55 | 000,360,064 | ---- | M] (Microsoft Corporation) MD5=90CAFF4B094573449A0872A0F919B178 -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\DRWINNT.TMP\$NtUninstallKB2509553$\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\DRWINNT.TMP\ServicePackFiles\i386\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\tcpip.sys
[2008/04/13 15:20:16 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3gdr\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3gdr\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\DRWINNT.TMP\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\DRWINNT.TMP\system32\drivers\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2005/11/12 06:42:10 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\DRWINNT.TMP\$NtUninstallKB951748$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\DRWINNT.TMP\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\DRWINNT.TMP\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ad744bdeedce85bf37a096f34577ff3a\sp3qfe\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\DRWINNT.TMP\SoftwareDistribution\Download\ff0686f2f699fa07ed5ad0848fa3055b\sp3qfe\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[2006/04/20 08:18:35 | 000,360,576 | ---- | M] (Microsoft Corporation) MD5=B2220C618B42A2212A59D91EBD6FC4B4 -- C:\WINDOWS\$hf_mig$\KB917953\SP2QFE\tcpip.sys

< MD5 for: USERINIT.EXE >
[2005/11/12 06:42:12 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\DRWINNT.TMP\$NtServicePackUninstall$\userinit.exe
[2004/08/10 08:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\DRWINNT.TMP\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\DRWINNT.TMP\system32\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 20:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\system32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\DRWINNT.TMP\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\DRWINNT.TMP\system32\drivers\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2005/11/12 06:42:12 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\DRWINNT.TMP\$NtServicePackUninstall$\volsnap.sys
[2004/08/10 08:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2005/11/12 06:42:14 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\DRWINNT.TMP\$NtServicePackUninstall$\winlogon.exe
[2004/08/10 08:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2012/12/14 17:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\DRWINNT.TMP\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\DRWINNT.TMP\system32\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 20:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< MD5 for: WMISVC.DLL >
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\DRWINNT.TMP\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wmisvc.dll
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\DRWINNT.TMP\system32\wbem\wmisvc.dll
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\ServicePackFiles\i386\wmisvc.dll
[2008/04/13 20:12:09 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=2D0E4ED081963804CCC196A0929275B5 -- C:\WINDOWS\system32\wbem\wmisvc.dll
[2005/11/12 06:42:15 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\DRWINNT.TMP\$NtServicePackUninstall$\wmisvc.dll
[2004/08/10 08:00:00 | 000,144,896 | ---- | M] (Microsoft Corporation) MD5=F399242A80C4066FD155EFA4CF96658E -- C:\WINDOWS\$NtServicePackUninstall$\wmisvc.dll

< MD5 for: WSCSVC.DLL >
[2005/11/12 06:42:17 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\DRWINNT.TMP\$NtServicePackUninstall$\wscsvc.dll
[2004/08/10 08:00:00 | 000,081,408 | ---- | M] (Microsoft Corporation) MD5=4D59DAA66C60858CDF4F67A900F42D4A -- C:\WINDOWS\$NtServicePackUninstall$\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\DRWINNT.TMP\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\DRWINNT.TMP\system32\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\ServicePackFiles\i386\wscsvc.dll
[2008/04/13 20:12:10 | 000,080,896 | ---- | M] (Microsoft Corporation) MD5=7C278E6408D1DCE642230C0585A854D5 -- C:\WINDOWS\system32\wscsvc.dll

< MD5 for: WUAUSERV.DLL >
[2005/11/12 06:42:17 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\DRWINNT.TMP\$NtServicePackUninstall$\wuauserv.dll
[2004/08/10 08:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=13D72740963CBA12D9FF76A7F218BCD8 -- C:\WINDOWS\$NtServicePackUninstall$\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\DRWINNT.TMP\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\DRWINNT.TMP\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\DRWINNT.TMP\system32\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\ServicePackFiles\i386\wuauserv.dll
[2008/04/13 20:12:11 | 000,006,656 | ---- | M] (Microsoft Corporation) MD5=35321FB577CDC98CE3EB3A3EB9E4610A -- C:\WINDOWS\system32\wuauserv.dll

========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.0.335.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.0.335.0_x-ww_29a6be0d -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv2\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv2_540d4816ead86321_3.1.31.0_x-ww_8b778a47 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.0.335.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.0.335.0_x-ww_e51d7605 -> Junction
[C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\3.1.31.0__540d4816ead86321] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_540d4816ead86321_3.1.31.0_x-ww_46ee423f -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_32\System.EnterpriseServices\v4.0_4.0.0.0__b03f5f7f11d50a3a] -> C:\WINDOWS\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_4.0.0.0_x-ww_29b51492 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.56.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.56.0_x-ww_4c48c2f3 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.ConfigUXv4\v4.0_4.0.78.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.ConfigUXv4_3ff6b78e2989595a_4.0.78.0_x-ww_aa528373 -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.56.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.56.0_x-ww_aab1d96d -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.Update\v4.0_4.0.78.0__3ff6b78e2989595a] -> C:\WINDOWS\WinSxS\MSIL_Intuit.Spc.Esd.WinClient.Application.Update_3ff6b78e2989595a_4.0.78.0_x-ww_8bb99ed -> Junction
[C:\WINDOWS\Microsoft.NET\assembly\GAC_MSIL\Microsoft.Workflow.Compiler\v4.0_4.0.0.0__31bf3856ad364e35] -> C:\WINDOWS\WinSxS\MSIL_Microsoft.Workflow.Compiler_31bf3856ad364e35_4.0.0.0_x-ww_97359ba5 -> Junction

========== Alternate Data Streams ==========

@Alternate Data Stream - 940 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:6LCOb1MUgQT3rldze7
@Alternate Data Stream - 866 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:wzxOfUBBCxhDch9CkLbSQFISw
@Alternate Data Stream - 821 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:SN4LsWRku29hdDuxd
@Alternate Data Stream - 777 bytes -> C:\Program Files\Common Files\System:jEOrAHWozFwEv6zPpDX4
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B4227B4
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B7BEAFF

< End of report >

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 16th March 2013, 11:42 pm

Hello and welcome to GeekPolice.Net My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*****************************************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************
Please download Malwarebytes Anti-Malware from [You must be registered and logged in to see this link.]
Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Full Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
  • Please save the log to a location you will remember.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

To prevent your anti-virus application interfering with ComboFix we need to disable it. See [You must be registered and logged in to see this link.] for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.

    You will see the following image:



Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 16th March 2013, 11:56 pm

Thanks doing it now

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 17th March 2013, 3:30 am

here are the logs requested
ComboFix 13-03-16.02 - HP_Administrator 03/16/2013 23:10:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1982.999 [GMT -4:00]
Running from: c:\documents and settings\HP_Administrator\Desktop\ComboFix.exe
AV: Emsisoft Anti-Malware *Disabled/Updated* {0F8591BB-342B-4493-91C3-4E948ED21255}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi
c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm
c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe
c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab
c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi
c:\documents and settings\Default User\WINDOWS
c:\documents and settings\HP_Administrator\G_Code.exe
c:\documents and settings\HP_Administrator\Local Settings\Application Data\assembly\tmp
c:\documents and settings\HP_Administrator\System
c:\documents and settings\HP_Administrator\System\win_qs8.jqx
C:\install.exe
c:\program files\SoftOrbits Digital Photo Suite\Batch Picture Resizer\DLLReg.dll
c:\windows\desktop
c:\windows\system32\Cache
c:\windows\system32\config\systemprofile\WINDOWS
c:\windows\system32\ctfmon(2).exe
c:\windows\system32\msvcp71.1
c:\windows\system32\ps2.bat
c:\windows\system32\tmp8B.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\usp10(2).dll
c:\windows\wt
c:\windows\wt\data.wts
c:\windows\wt\updater\wcmdmgr.exe
c:\windows\wt\updater\wcmdmgrl.exe
c:\windows\wt\updater\wt.ini
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\4.1.1\actorobject.dll
c:\windows\wt\webdriver\4.1.1\dx5drv.dll
c:\windows\wt\webdriver\4.1.1\dx7drv.dll
c:\windows\wt\webdriver\4.1.1\objectbundle.dll
c:\windows\wt\webdriver\4.1.1\sound.dll
c:\windows\wt\webdriver\4.1.1\wdcaps.ded
c:\windows\wt\webdriver\4.1.1\wdengine.dll
c:\windows\wt\webdriver\4.1.1\webdriver.dll
c:\windows\wt\webdriver\4.1.1\wthost.exe
c:\windows\wt\webdriver\4.1.1\wthostctl.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.dll
c:\windows\wt\webdriver\4.1.1\wtmulti.jar
c:\windows\wt\webdriver\4.1.1\wtwmplug.ax
c:\windows\wt\webdriver\4.1.1\wtwmplug.ini
c:\windows\wt\webdriver\export.dat
c:\windows\wt\webdriver\jdriver.dll
c:\windows\wt\webdriver\rdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\webdriver\wtdmmp.dll
c:\windows\wt\webdriver\wtdmmpi.jar
c:\windows\wt\webdriver\wtdmmpv.dll
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\controlPanel\index.html
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\update_info\data.wts
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmp.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpi.jar
c:\windows\wt\wtupdates\dmmp\3.0.2.000\files\wtdmmpv.dll
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\dmmp.cdanfo
c:\windows\wt\wtupdates\dmmp\3.0.2.000\install\DMMP_Uninstall.cdas
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\controlPanel\index.html
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\DRM0302Java.jar
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\jDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\rDRM0302.dll
c:\windows\wt\wtupdates\DRM\3.2.0.19\files\wt.sto
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302.cdanfo
c:\windows\wt\wtupdates\DRM\3.2.0.19\install\DRM0302_Uninstall.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\actorobject.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\controlPanel\index.html
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx5drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\dx7drv.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\jdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\data.wts
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\legacy\wt3d.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\npWTHost.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\nsIWTHostPlugin.xpt
c:\windows\wt\wtupdates\Webd\4.1.1\files\ObjectBundle.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\rdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Sound.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\update_info\data.wts
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdcaps.ded
c:\windows\wt\wtupdates\Webd\4.1.1\files\wdengine.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331.cdanfo
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_fileList.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\Webd331_Uninstall.cdas
c:\windows\wt\wtupdates\Webd\4.1.1\files\webdriver.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wildtangent.jar
c:\windows\wt\wtupdates\Webd\4.1.1\files\wt3d.ini
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHost.exe
c:\windows\wt\wtupdates\Webd\4.1.1\files\WTHostCtl.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtmulti.jar
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtvh.dll
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ax
c:\windows\wt\wtupdates\Webd\4.1.1\files\wtwmplug.ini
c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1.cdanfo
c:\windows\wt\wtupdates\Webd\4.1.1\install\Webd4_1_1_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\controlpanel\index.html
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl.cdanfo
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\install\WireControl_Uninstall.cdas
c:\windows\wt\wtupdates\WireControl\1.0.0.63\files\WireControl.dll
c:\windows\wt\wtupdates\wtdmmp\update_info\data.wts
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-02-17 to 2013-03-17 )))))))))))))))))))))))))))))))
.
.
2013-03-12 03:48 . 2011-02-16 21:52 11520 ----a-w- c:\windows\system32\drivers\wdcsam.sys
2013-03-10 22:11 . 2013-03-10 22:46 -------- d-----w- c:\windows\debug
2013-03-10 15:34 . 2013-03-10 15:36 -------- d-----w- C:\WD30DRIVE
2013-03-09 04:06 . 2013-03-09 04:06 -------- d-----w- c:\program files\RMPrepUSB
2013-03-08 23:33 . 2013-03-08 23:51 -------- d-----w- C:\bd_logs
2013-03-08 22:18 . 2013-03-08 22:18 5 ----a-w- c:\windows\system32\lMMLDeleteUserData42107612FX.tmp
2013-03-08 18:48 . 2013-03-06 23:32 228600 ----a-w- c:\windows\system32\aswBoot.exe
2013-03-08 18:46 . 2013-03-08 18:46 -------- d-----w- c:\program files\AVAST Software
2013-03-08 18:45 . 2013-03-11 22:00 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-03-07 16:53 . 2013-03-17 03:20 -------- d-----w- c:\documents and settings\Administrator
2013-03-07 05:10 . 2013-03-17 03:00 -------- d-----w- c:\program files\Emsisoft Anti-Malware
2013-03-05 01:44 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2013-03-05 01:44 . 2008-04-14 05:09 14592 ----a-w- c:\windows\system32\dllcache\kbdhid.sys
2013-03-03 23:35 . 2013-03-03 23:35 -------- d-----w- c:\documents and settings\NetworkService\Application Data\VMware
2013-03-03 18:11 . 2013-03-03 18:11 -------- d-----w- c:\program files\Seagate
2013-02-28 18:47 . 2013-02-28 17:23 13432 ----a-w- c:\windows\system32\drivers\PSVolAcc.sys
2013-02-28 18:47 . 2013-02-28 17:22 16504 ----a-w- c:\windows\system32\drivers\pssnap.sys
2013-02-28 18:47 . 2013-02-28 17:21 55416 ----a-w- c:\windows\system32\drivers\psmounterex.sys
2013-02-28 03:27 . 2013-02-28 03:27 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\IAC
2013-02-26 06:28 . 2013-01-31 08:19 114280 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2013-02-26 06:28 . 2013-01-31 08:19 30312 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2013-02-26 06:28 . 2013-01-31 08:19 1416680 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2013-02-26 06:28 . 2013-01-31 08:19 136808 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2013-02-26 06:28 . 2013-01-31 08:19 12776 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2013-02-26 06:28 . 2013-01-31 08:19 10472 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2013-02-26 06:28 . 2013-01-31 08:19 121064 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2013-02-26 06:28 . 2013-01-31 08:19 10344 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2013-02-26 06:04 . 2013-02-28 03:23 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\Samsung
2013-02-26 06:03 . 2013-02-28 03:23 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\Samsung
2013-02-26 05:59 . 2013-02-26 05:59 -------- d-----w- c:\program files\MyFree Codec
2013-02-26 05:58 . 2013-02-05 22:53 4659712 ----a-w- c:\windows\system32\Redemption.dll
2013-02-26 04:20 . 2013-02-26 04:21 -------- d-----w- c:\documents and settings\All Users\Application Data\HardwareHelper
2013-02-23 02:01 . 2013-02-23 02:01 -------- d-----w- c:\documents and settings\HP_Administrator\Local Settings\Application Data\TrafficSpaceLLC
2013-02-19 00:25 . 2013-02-19 00:25 -------- d-----w- c:\documents and settings\HP_Administrator\Application Data\DiscWorks
2013-02-19 00:23 . 2009-12-15 04:17 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys
2013-02-19 00:23 . 2013-02-19 00:23 -------- d-----w- c:\program files\USDigital DiscStudio
2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files\Internet Explorer\PLUGINS\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-15 07:22 . 2012-03-02 19:22 601408 ----a-w- c:\windows\system32\drivers\timntr.sys
2013-03-15 07:22 . 2012-03-02 19:21 83392 ----a-w- c:\windows\system32\drivers\vsflt53.sys
2013-03-14 20:33 . 2012-10-11 17:41 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-14 20:33 . 2012-01-23 00:21 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-05 01:45 . 2011-08-22 18:08 16400 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2013-02-05 22:52 . 2013-02-05 22:52 974848 ----a-w- c:\windows\system32\cis-2.4.dll
2013-02-05 22:52 . 2013-02-05 22:52 81920 ----a-w- c:\windows\system32\issacapi_bs-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 65536 ----a-w- c:\windows\system32\issacapi_pe-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\system32\MTXSYNCICON.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\system32\MK_Lyric.dll
2013-02-05 22:52 . 2013-02-05 22:52 57344 ----a-w- c:\windows\system32\issacapi_se-2.3.dll
2013-02-05 22:52 . 2013-02-05 22:52 569344 ----a-w- c:\windows\system32\muzdecode.ax
2013-02-05 22:52 . 2013-02-05 22:52 491520 ----a-w- c:\windows\system32\muzapp.dll
2013-02-05 22:52 . 2013-02-05 22:52 49152 ----a-w- c:\windows\system32\MaJGUILib.dll
2013-02-05 22:52 . 2013-02-05 22:52 45320 ----a-w- c:\windows\system32\MAMACExtract.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\system32\MaXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 45056 ----a-w- c:\windows\system32\MACXMLProto.dll
2013-02-05 22:52 . 2013-02-05 22:52 40960 ----a-w- c:\windows\system32\MTTELECHIP.dll
2013-02-05 22:52 . 2013-02-05 22:52 352256 ----a-w- c:\windows\system32\MSLUR71.dll
2013-02-05 22:52 . 2013-02-05 22:52 258048 ----a-w- c:\windows\system32\muzoggsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 245760 ----a-w- c:\windows\system32\MSCLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 24576 ----a-w- c:\windows\system32\MASetupCleaner.exe
2013-02-05 22:52 . 2013-02-05 22:52 200704 ----a-w- c:\windows\system32\muzwmts.dll
2013-02-05 22:52 . 2013-02-05 22:52 172032 ----a-w- c:\windows\system32\muzapp.exe
2013-02-05 22:52 . 2013-02-05 22:52 155648 ----a-w- c:\windows\system32\MSFLib.dll
2013-02-05 22:52 . 2013-02-05 22:52 143360 ----a-w- c:\windows\system32\3DAudio.ax
2013-02-05 22:52 . 2013-02-05 22:52 135168 ----a-w- c:\windows\system32\muzaf1.dll
2013-02-05 22:52 . 2013-02-05 22:52 131072 ----a-w- c:\windows\system32\muzmpgsp.ax
2013-02-05 22:52 . 2013-02-05 22:52 122880 ----a-w- c:\windows\system32\muzeffect.ax
2013-02-05 22:52 . 2013-02-05 22:52 118784 ----a-w- c:\windows\system32\MaDRM.dll
2013-02-05 22:52 . 2013-02-05 22:52 110592 ----a-w- c:\windows\system32\muzmp4sp.ax
2013-01-31 08:19 . 2011-05-13 07:21 10344 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2013-01-31 08:19 . 2011-05-13 07:21 10472 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2013-01-30 10:53 . 2012-02-03 07:50 232336 ------w- c:\windows\system32\MpSigStub.exe
2012-12-26 01:36 . 2012-06-19 20:10 466008 ----a-w- c:\windows\system32\drivers\sptd.sys
2013-03-09 03:55 . 2013-03-09 03:54 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2004-08-10 12:00 94784 --sha-w- c:\windows\twain.dll
2008-04-14 00:12 50688 --sha-w- c:\windows\twain_32.dll
2004-07-30 15:04 1216 --sha-w- c:\windows\Twunk_16.dll
2004-07-30 15:04 1216 --sha-w- c:\windows\Twunk_32.dll
2011-02-08 13:33 978944 --sha-w- c:\windows\system32\mfc42.dll
2008-04-14 00:12 57344 --sha-w- c:\windows\system32\msvcirt.dll
2004-08-10 12:00 413696 --sha-w- c:\windows\system32\msvcp60(3)(2).dll
2010-12-20 17:32 551936 --sha-w- c:\windows\system32\oleaut32.dll
2008-04-14 00:12 84992 --sha-w- c:\windows\system32\olepro32.dll
2008-04-14 00:12 11776 --sha-w- c:\windows\system32\regsvr32.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 00:50 556648 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2012-01-05 75624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPBootOp"="c:\program files\Hewlett-Packard\HP Boot Optimizer\HPBootOp.exe" [2005-09-21 1605740]
"CXMon"="c:\program files\Hewlett-Packard\PhotoSmart\Photo Imaging\Hpi_Monitor.exe" [2001-08-27 45056]
"AlwaysReady Power Message APP"="ARPWRMSG.EXE" [2005-08-03 77312]
"HPHUPD08"="c:\program files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 49152]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2005-12-04 461584]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1387288]
"DVDBitSet"="c:\program files\HP CD-DVD\Umbrella\DVDBitSet.exe" [2002-12-06 200704]
"DVDTray"="c:\program files\HP CD-DVD\Umbrella\DVDTray.exe" [2002-12-18 53248]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 57344]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-04-27 2637784]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2012-10-11 296096]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2012-10-25 421888]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-04-27 395384]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"emsisoft anti-malware"="c:\program files\emsisoft anti-malware\a2guard.exe" [2013-01-30 3365288]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start [You must be registered and logged in to see this link.] [?]
"Malwarebytes Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
.
c:\documents and settings\HP_Administrator\Start Menu\Programs\Startup\
Start WDBVPSyncService.lnk - c:\program files\Wireless Database Viewer Plus\Desktop Files\WDBVPStartSyncService.exe [N/A]
.
c:\documents and settings\Default User\Start Menu\Programs\Startup\
Pin.lnk - c:\hp\bin\CLOAKER.EXE [2005-11-12 27136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2011-06-17 07:33 66328 ----a-w- c:\program files\Common Files\logishrd\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"aawservice"=2 (0x2)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\Updates from HP\\9972322\\Program\\Updates from HP.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\WINDOWS\\kdx\\khost.exe"=
"c:\\WINDOWS\\system32\\mqsvc.exe"=
"c:\\Program Files\\Hewlett-Packard\\HP Download Manager\\hpjdwnld.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Adobe\\Elements Organizer 8.0\\AdobePhotoshopElementsMediaServer.exe"=
"c:\\Program Files\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\Roxio\\RoxioNow Player\\RNowShell.exe"=
"c:\\Program Files\\Xtranormal\\Desktop\\Launcher.exe"=
"c:\\Program Files\\Xtranormal\\Desktop\\State.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\xampp\\apache\\bin\\httpd.exe"=
"c:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service
"1038:TCP"= 1038:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
.
R0 pssnap;Paramount Software Snapshot Filter;c:\windows\system32\drivers\pssnap.sys [2/28/2013 2:47 PM 16504]
R0 sptd;sptd;\SystemRoot\\SystemRoot\System32\Drivers\sptd.sys --> \SystemRoot\\SystemRoot\System32\Drivers\sptd.sys [?]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [3/2/2012 3:21 PM 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [3/2/2012 3:21 PM 83392]
R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [3/7/2013 1:11 AM 17904]
R1 a2injectiondriver;a2injectiondriver;c:\program files\Emsisoft Anti-Malware\a2dix86.sys [3/7/2013 1:11 AM 37856]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\Emsisoft Anti-Malware\a2util32.sys [3/7/2013 1:11 AM 11776]
R2 a2AntiMalware;Emsisoft Anti-Malware 7.0 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [3/7/2013 1:10 AM 3089320]
R2 AdobeActiveFileMonitor8.0;Adobe Active File Monitor V8;c:\program files\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe [10/9/2009 6:45 AM 169312]
R2 BCMNTIO;BCMNTIO;c:\progra~1\CheckIt\DIAGNO~1\BCMNTIO.sys [10/9/2006 1:40 PM 3744]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [8/23/2012 1:37 PM 13672]
R2 LBeepKE;Logitech Beep Suppression Driver;c:\windows\system32\drivers\LBeepKE.sys [8/22/2011 2:07 PM 12184]
R2 MAPMEM;MAPMEM;c:\progra~1\CheckIt\DIAGNO~1\MAPMEM.sys [10/9/2006 1:40 PM 3904]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [6/25/2010 1:07 PM 35088]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2/28/2013 2:47 PM 225400]
R3 a2acc;a2acc;c:\program files\Emsisoft Anti-Malware\a2accx86.sys [3/7/2013 1:11 AM 54072]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [1/5/2012 11:42 AM 75624]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2/26/2013 2:28 AM 30312]
S3 BTCFilterService;USB Networking Driver Filter Service;c:\windows\system32\DRIVERS\motfilt.sys --> c:\windows\system32\DRIVERS\motfilt.sys [?]
S3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys --> c:\windows\system32\drivers\dgderdrv.sys [?]
S3 DYUSB;DYMO DiscPainter USB Status Monitor Driver;c:\windows\system32\drivers\dyusb.sys [10/22/2007 11:07 AM 35200]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;\??\c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys --> c:\program files\Lavasoft\Ad-Aware\KernExplorer.sys [?]
S3 LinksysUpdater;Linksys Updater;c:\program files\Linksys\Linksys Updater\bin\LinksysUpdater.exe [4/18/2008 5:30 AM 204800]
S3 MatSvc;Microsoft Automated Troubleshooting Service;c:\program files\Microsoft Fix it Center\Matsvc.exe [6/13/2011 11:09 PM 267568]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\Drivers\motoandroid.sys --> c:\windows\system32\Drivers\motoandroid.sys [?]
S3 motccgp;Motorola USB Composite Device Driver;c:\windows\system32\DRIVERS\motccgp.sys --> c:\windows\system32\DRIVERS\motccgp.sys [?]
S3 motccgpfl;MotCcgpFlService;c:\windows\system32\DRIVERS\motccgpfl.sys --> c:\windows\system32\DRIVERS\motccgpfl.sys [?]
S3 MotDev;Motorola Inc. USB Device;c:\windows\system32\DRIVERS\motodrv.sys --> c:\windows\system32\DRIVERS\motodrv.sys [?]
S3 Motousbnet;Motorola USB Networking Driver Service;c:\windows\system32\DRIVERS\Motousbnet.sys --> c:\windows\system32\DRIVERS\Motousbnet.sys [?]
S3 motusbdevice;Motorola USB Dev Driver;c:\windows\system32\DRIVERS\motusbdevice.sys --> c:\windows\system32\DRIVERS\motusbdevice.sys [?]
S3 PSMounter;Macrium Reflect Image Explorer Service;c:\windows\system32\drivers\psmounter.sys [8/6/2012 10:40 AM 53952]
S3 PSMounterEx;Macrium Reflect Image Explorer Driver;c:\windows\system32\drivers\psmounterex.sys [2/28/2013 2:47 PM 55416]
S3 PSVolAcc;PSVolAcc;c:\windows\system32\drivers\PSVolAcc.sys [2/28/2013 2:47 PM 13432]
S3 RoxioNow Service;RoxioNow Service;c:\program files\Roxio\RoxioNow Player\RNowSvc.exe [8/2/2011 8:37 PM 400368]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2/26/2013 2:28 AM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2/26/2013 2:28 AM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2/26/2013 2:28 AM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2/26/2013 2:28 AM 114280]
S3 SynasUSB;SynasUSB;c:\windows\system32\drivers\synasUSB.sys [3/25/2010 1:40 PM 18432]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [3/11/2013 11:48 PM 11520]
S3 wimmount;wimmount;c:\windows\system32\drivers\wimmount.sys [7/13/2009 7:20 PM 19024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 20:33]
.
2013-03-01 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 21:57]
.
2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 16:02]
.
2013-03-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-07 16:02]
.
2013-03-16 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-368602806-3486394386-1207012647-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-03-12 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-368602806-3486394386-1207012647-1008.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 18:27]
.
2013-03-16 c:\windows\Tasks\User_Feed_Synchronization-{A784B890-818D-43E7-A545-9CBC3600F50B}.job
- c:\windows\system32\msfeedssync.exe [2006-10-17 08:31]
.
.
------- Supplementary Scan -------
.
uLocal Page = \blank.htm
uStart Page = [You must be registered and logged in to see this link.]
uDefault_Search_URL = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mSearch Bar = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;
uSearchAssistant = [You must be registered and logged in to see this link.]
uSearchURL,(Default) = [You must be registered and logged in to see this link.]
IE: &ieSpell Options - c:\program files\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Check &Spelling - c:\program files\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000
IE: Search Using Copernic Agent - c:\program files\Copernic Agent\CopernicAgentExt.dll/INTEGRATION_MENU_SEARCHEXT
Trusted Zone: buy.com\ssl
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com
Trusted Zone: nationalnotary.org\www
Trusted Zone: roxio.com
Trusted Zone: roxionow.com
Trusted Zone: sonic.com
Trusted Zone: turbotax.com
Trusted Zone: usps.com\sss-web
Trusted Zone: usps.com\www
TCP: DhcpNameServer = 75.75.75.75 75.75.76.76
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
DPF: {4E77DBA6-3506-46EC-93C0-AB1E0DBD7E4A} - [You must be registered and logged in to see this link.]
DPF: {BE6A7ED0-B2FF-409D-930C-79422B899802} - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\4tsctwxx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: !HIDDEN! 2009-06-23 16:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKU-Default-RunOnce-WUAppSetup - c:\program files\Common Files\logishrd\WUApp32.exe
ShellExecuteHooks-{56F9679E-7826-4C84-81F3-532071A8BCC5} - (no file)
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2013-03-16 23:21
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwOpenFile
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-368602806-3486394386-1207012647-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Environment*]
"v5Licence"="16-TQGC-JXT6-WVSZ-FYMK-96CJ-C6JMSZ1"
"Activated"="Y"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(920)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
.
Completion time: 2013-03-16 23:24:33
ComboFix-quarantined-files.txt 2013-03-17 03:24
.
Pre-Run: 247,793,029,120 bytes free
Post-Run: 248,833,380,352 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 4D45AD10B97D02010E4C169F059B194D

Results of screen317's Security Check version 0.99.61
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Emsisoft Anti-Malware
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Out of date HijackThis installed!
Malwarebytes Anti-Malware version 1.70.0.1100
HijackThis 2.0.2
CCleaner
Adobe Flash Player 11.6.602.180
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.6 Adobe Reader out of Date!
Mozilla Firefox (19.0.2)
````````Process Check: objlist.exe by Laurent````````
Emsisoft Anti-Malware a2service.exe
emsisoft anti-malware a2guard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

Malwarebytes Anti-Malware 1.70.0.1100
[You must be registered and logged in to see this link.]

Database version: v2013.03.16.12

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: WORK [administrator]

3/16/2013 8:35:53 PM
mbam-log-2013-03-16 (20-35-53).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 639706
Time elapsed: 2 hour(s), 17 minute(s), 30 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)


cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 17th March 2013, 5:30 pm

You really should turn on your Windows Firewall.

Internet Explorer's security is based upon a set of zones. Each zone has different security in terms of what scripts and applications can be run from a site that is in that zone. There is a security zone called the Trusted Zone. This zone has the lowest security and allows scripts and applications from sites in this zone to run without your knowledge. It is therefore a popular setting for malware sites to use so that future infections can be easily done on your computer without your knowledge as these sites will be in the Trusted Zone. Therefore, I recommend that nothing be allowed in the trusted zone. If you agree, please run the following ComboFix script.

Re-running ComboFix to remove infections:


  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  • Open notepad and copy/paste the text in the quotebox below into it:

    KillAll::

    Firefox::
    Trusted Zone: buy.com\ssl
    Trusted Zone: cinemanow.com
    Trusted Zone: intuit.com
    Trusted Zone: nationalnotary.org\www
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    Trusted Zone: turbotax.com
    Trusted Zone: usps.com\sss-web
    Trusted Zone: usps.com\www

    DDS::
    Trusted Zone: buy.com\ssl
    Trusted Zone: cinemanow.com
    Trusted Zone: intuit.com
    Trusted Zone: nationalnotary.org\www
    Trusted Zone: roxio.com
    Trusted Zone: roxionow.com
    Trusted Zone: sonic.com
    Trusted Zone: turbotax.com
    Trusted Zone: usps.com\sss-web
    Trusted Zone: usps.com\www

  • Save this as CFScript.txt, in the same location as ComboFix.exe



  • Referring to the picture above, drag CFScript into ComboFix.exe
  • When finished, it shall produce a log for you at C:\ComboFix.txt
  • I won't need to see the log from this script

*******************************************
Update your Adobe Reader. [You must be registered and logged in to see this link.].

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

********************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

[You must be registered and logged in to see this link.]

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.

    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

  • At the bottom of the page

    • Hidden Objects Only << Selected

  • Click on the Create Log button on the bottom right.
  • After a few seconds a new window should appear.
  • Select Scan Root Drive. Click on the Start button.
  • When it is complete a new window will appear to indicate that the scan is finished.
  • The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 17th March 2013, 11:49 pm

Superdave thanks so much for all your help. I have tried to turn on the firewall but it says I am unable to do so. I go to the security center and try to turn it on but it says unable to start go into the firewall setting and turn on. That is what I am trying to do. It says windows is unable to show firewall settings. It also says AVG reports the firewall is turned off. I do not have AVG on the machine.
Do you have any suggestions for me here?

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 18th March 2013, 12:56 am

I'm sorry. I made a boo boo about the firewall. The Security check shows that it's enabled. Please run the SysProt AntiRootkit scan and post the log.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 12:58 am

doing it now

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 1:07 am

how long should the blue bar be filling across the bottom? I hit create log and it just keeps going across the bottom filling and refilling. its been 5 minutes now

its scanning now

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 18th March 2013, 1:11 am

If it doesn't respond in 30 mins. we'll try something else.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 1:16 am

right when it started scanning a bunch of things happened. The device manager popped up, the windows update icon appeared in the sys tray and the start button opened.
I tried to fix the firewall issue before I started with this scanner with microsoft fixit for firewall issue. It reported back that it repaired the firewall and restarted the computer. It still shows the firewall turned off

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 1:22 am

SysProt AntiRootkit v1.0.1.0
by swatkat

******************************************************************************************
******************************************************************************************

No Hidden Processes found

******************************************************************************************
******************************************************************************************
Kernel Modules:
Module Name: \SystemRoot\System32\Drivers\acfs1nn1.SYS
Service Name: ---
Module Base: B91F0000
Module End: B9232000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B4C28000
Module End: B4C40000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: BA5EE000
Module End: BA5F0000
Hidden: Yes

******************************************************************************************
******************************************************************************************
No SSDT Hooks found

******************************************************************************************
******************************************************************************************
No Kernel Hooks found

******************************************************************************************
******************************************************************************************
No hidden files/folders found



cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 1:57 am

yeah the firewall is on the esisoft was guarding it

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 18th March 2013, 2:43 am

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
[You must be registered and logged in to see this link.]

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.

•Check
•Click the button.
•Accept any security warnings from your browser.

  • Leave the check mark next to Remove found threats.

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 9:16 pm

C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\App_Manager\App_Backups\user_apps\com.charmingapps.rebelflag.apk a variant of Android/Adware.AirPush.G application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\TitaniumBackup\com.charmingapps.rebelflag-2e43b4cc0c66b79c382df1a4044e5191.apk.gz a variant of Android/Adware.AirPush.G application deleted - quarantined
C:\Documents and Settings\HP_Administrator\My Documents\samsung files sd card\TitaniumBackup\com.charmingapps.rebelflag-ec930064db8a53503f88c34c285a17ba.apk.gz a variant of Android/Adware.AirPush.G application deleted - quarantined


cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 18th March 2013, 10:08 pm

How's your computer working now? Any other issues before we clean up?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 10:15 pm

Is the system clean. each time it scans there seems to be files found. If its clean then I am making an image so I have a clean start.
The only thing I see now is that explorer thing. The tray is frozen until I kill explorer in processes and then start a new task and then its ok. I see if I let it sit for 20 minutes sometimes it returns to normal. Any suggestions?
If we are done I have my second system that I will need help with since I infected all my pc's by using usb sticks between them.
Let me know if this one os clean and about the explorer thing.
Thanks a ton

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 10:16 pm

tornado here now shutting down I will check back here after the storms are past

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 18th March 2013, 10:23 pm

Do you mean Internet explorer?

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 18th March 2013, 11:15 pm

no when I boot to desktop the tray icons are frozen so is the start button and there are no icons in the sys tray. I have to shutdown explorer.exe under processes and then restart it as a new task and they all work and the icons appear in the sys tray. When this happens I cant get to device manager or system restore. This all occurred after the infection.

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 19th March 2013, 12:33 am

to be clear when that freeze thing happens the device manager or system restore are not accessible. When I shut down explorer and restart it everything works

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 19th March 2013, 1:29 am

Please try this even if you don't have the OS disk and tell me what happens.

Do you have an XP CD?

If so, place it in your CD ROM drive and follow the instructions below:
•Click on Start > Run and type sfc /scannow then press Enter (note the space between scf and /scannow)
*Let this run undisturbed until the window with the blue progress bar goes away
SFC - Which stands for System File Checker, retrieves the correct version of the file from %Systemroot%\System32\Dllcache or the Windows installation source files, and then replaces the incorrect file.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 19th March 2013, 1:34 am

no I have only the HP restore discs but they do not work since I changed the processor a couple years ago.
I did install Microsoft Security Essentials and when it scanned it found 2 trojans
trojan:Win64/Sirefef.E and trojan:Win64/Sirefef.D it has quarantined them and suggests I remove them. What should I do?
Yes, remove them and please run the SFC even if you don't have the disk. If it finds something wrong, it will ask for the disk. Please let me know.

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 19th March 2013, 2:01 am

doing it now

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 19th March 2013, 2:08 am

it ran for awhile and is now asking for the Win Pro Service Pack 3 disc

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 19th March 2013, 7:26 pm

it ran for awhile and is now asking for the Win Pro Service Pack 3 disc
That means that a file is missing or corrupted. Can you borrow a disk? It must be a Win Pro Service Pack 3 disc.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 19th March 2013, 8:24 pm

I will see. Does that sound right? This pc is running Media Center Edition. Will that Win Pro work?
I did run Kellys taskbar repair tool and it seemed to fix the explorer issues. I have been using the pc all day and so far it seems fine. Am I virus free?
If you think we are done I will start another post with the other system.
Thanks for all your help. You guys are great.


cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 19th March 2013, 10:17 pm

Code:
I will see. Does that sound right? This pc is running Media Center Edition. Will that Win Pro work?
The only way to be sure is to try running SFC with that disk in the drive but if you repaired the explorer issue, there's no need to do SFC.
I did run Kellys taskbar repair tool and it seemed to fix the explorer issues. I have been using the pc all day and so far it seems fine. Am I virus free?
Yes, I'm quite sure it's clean. We were only dealing with those other issues you had.
Let's do some cleanup and keep our fingers crossed.


To uninstall ComboFix


  • Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
  • In the field, type in ComboFix /uninstall




(Note: Make sure there's a space between the word ComboFix and the forward-slash.)


  • Then, press Enter, or click OK.
  • This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

**************************************************
To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

  • Click the CleanUp button.
  • Select Yes when the "Begin cleanup Process?" prompt appears.
  • If you are prompted to Reboot during the cleanup, select Yes.
  • The tool will delete itself once it finishes.

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.
************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
**************************************************
Go to [You must be registered and logged in to see this link.] and get all critical updates.

----------

I suggest using [You must be registered and logged in to see this link.]. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

[You must be registered and logged in to see this link.]- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* [You must be registered and logged in to see this link.] from Spyware and Malware
* If you don't know what ActiveX controls are, see [You must be registered and logged in to see this link.]

Protect yourself against spyware using the Immunize feature in [You must be registered and logged in to see this link.] Guide: [You must be registered and logged in to see this link.] to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. [You must be registered and logged in to see this link.]

Check out [You must be registered and logged in to see this link.] for tips and free tools to help keep you safe in the future.

Also see [You must be registered and logged in to see this link.] for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by cybor462 on 20th March 2013, 12:28 am

Thanks you really have made a difference. I will be posting the other system shortly after I run scans.

cybor462
Novice
Novice

Posts Posts : 42
Joined Joined : 2013-03-16
OS OS : XP
Points Points : 14266
# Likes # Likes : 0

View user profile

Back to top Go down

Re: iambigbrother(A) beast (A) noadware (A) android exploit and others part 1

Post by Superdave on 20th March 2013, 1:48 am

[You must be registered and logged in to see this link.] wrote:Thanks you really have made a difference. I will be posting the other system shortly after I run scans.
You're welcome. I will lock this thread. If you need it re-opened, please send me a pm.

Superdave
Captain
Captain

Posts Posts : 4202
Joined Joined : 2010-02-01
Gender Gender : Male
OS OS : Windows 8.1 and a dual-boot with XP Home SP3
Protection Protection : MSE, Windows Defender, Windows firewall
Points Points : 83231
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum