Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Money Pak Scam Hijack


  • This topic is locked This topic is locked
6 replies to this topic

#1 smithmd4

smithmd4

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 29 June 2012 - 12:16 PM

I had a hijack come up mid session. I was unable to get out of it or access anything. When restarting, it starts immediately upon logging in. Hijack tells me I've been flagged by FBI and need to pay a fine of $100 via Money Pak to restore my system. Scan below comes from starting in safe mode. I searched for anything about it to no avail before conducting scan and posting here.

Thanks for the help!

Hijack Hunter 1.8.4.1
http://www.novirusthanks.org
Log created on 6/29/2012 at 12:47:07 PM

[+] Generic system info

Operating System: Microsoft Windows XP Service Pack 3 32-bit
Build Version: 2600.xpsp_sp3_gdr.111025-1629
Internet Explorer: 8.0.6001.18702
System Folder: C:\WINDOWS\system32

[+] Running processes

[System Process] (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
System (0 bytes) (Unknown) () (HSAR) (d41d8cd98f00b204e9800998ecf8427e)
C:\WINDOWS\System32\smss.exe (50688 bytes) (Microsoft Corporation) (4/14/2008 5:42:38 AM) (--A-) (5f816c1f539266d2d4c78694239da0b5)
C:\WINDOWS\system32\csrss.exe (6144 bytes) (Microsoft Corporation) (4/14/2008 5:42:16 AM) (--A-) (44f275c64738ea2056e3d9580c23b60f)
C:\WINDOWS\system32\winlogon.exe (507904 bytes) (Microsoft Corporation) (4/14/2008 5:42:40 AM) (--A-) (ed0ef0a136dec83df69f04118870003e)
C:\WINDOWS\system32\services.exe (110592 bytes) (Microsoft Corporation) (4/14/2008 5:42:36 AM) (--A-) (65df52f5b8b6e9bbd183505225c37315)
C:\WINDOWS\system32\lsass.exe (13312 bytes) (Microsoft Corporation) (4/14/2008 5:42:26 AM) (--A-) (bf2466b3e18e970d8a976fb95fc1ca85)
C:\WINDOWS\system32\svchost.exe (14336 bytes) (Microsoft Corporation) (4/14/2008 5:42:38 AM) (--A-) (27c6d03bcdb8cfeb96b716f3d8be3e18)
C:\WINDOWS\Explorer.EXE (1033728 bytes) (Microsoft Corporation) (4/14/2008 5:42:20 AM) (--A-) (12896823fb95bfb3dc9b46bcaedc9923)
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (6/29/2012 12:46:50 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c)

[+] Loaded Modules

C:\WINDOWS\system32\ntdll.dll (718336 bytes) (Microsoft Corporation) (4/14/2008 5:41:26 AM) (--A-) (f8f0d25ca553e39dde485d8fc7fcce89)
C:\WINDOWS\system32\CSRSRV.dll (33280 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (dd40363abad230a84c5e2178b11efa88)
C:\WINDOWS\system32\basesrv.dll (52736 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (42f1f4c0afb08410e5f02d4b13ebb623)
C:\WINDOWS\system32\winsrv.dll (293376 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (95cf3446911a6e25ee4086df8a45b2aa)
C:\WINDOWS\system32\GDI32.dll (286720 bytes) (Microsoft Corporation) (4/14/2008 5:41:56 AM) (--A-) (8b1f3320aebb536e021a5014409862de)
C:\WINDOWS\system32\KERNEL32.dll (989696 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (b921fb870c9ac0d509b2ccabbbbe95f3)
C:\WINDOWS\system32\USER32.dll (578560 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (b26b135ff1b9f60c9388b4a7d16f600b)
C:\WINDOWS\system32\sxs.dll (713216 bytes) (Microsoft Corporation) (4/14/2008 5:42:08 AM) (--A-) (694503348b586e99d56c0e30ab5b3ef8)
C:\WINDOWS\system32\ADVAPI32.dll (617472 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (e76f8807070ed04e7408a86d6d3a6137)
C:\WINDOWS\system32\RPCRT4.dll (590848 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (d4502f124289a31976130cccb014c9aa)
C:\WINDOWS\system32\Secur32.dll (56832 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (5357826c8a8dd6a07f17c48bb45be46e)
C:\WINDOWS\system32\AUTHZ.dll (62464 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (714705f29a917993536a6ab2dedb0b7f)
C:\WINDOWS\system32\msvcrt.dll (343040 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (355edbb4d412b01f1740c17e3f50fa00)
C:\WINDOWS\system32\CRYPT32.dll (599040 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (a90e118f12d355f9946dfb30a8f94609)
C:\WINDOWS\system32\MSASN1.dll (58880 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (04d898830df96a17a20fd35d7590f87e)
C:\WINDOWS\system32\NDdeApi.dll (17920 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (013c1148c1ec025596896e093f60f608)
C:\WINDOWS\system32\PROFMAP.dll (27648 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (fcfa1c55971cc229d353b3a15accd995)
C:\WINDOWS\system32\NETAPI32.dll (337408 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (318230e845919255ef3c5d5e1e863631)
C:\WINDOWS\system32\USERENV.dll (727040 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (43d13c80ebec0135a3611e0f616f179b)
C:\WINDOWS\system32\PSAPI.DLL (23040 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (9cfcb3ca3d83b4eaa133f0644a2c6f31)
C:\WINDOWS\system32\REGAPI.dll (49664 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (af11c591f2f4aff4a6cf699d376f618b)
C:\WINDOWS\system32\SETUPAPI.dll (985088 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (24192246760e0e64435522e246b1d6c2)
C:\WINDOWS\system32\VERSION.dll (18944 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (c7ce131408739b0b3a318be2d0032719)
C:\WINDOWS\system32\WINSTA.dll (53760 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (430ceb794f6e6ef8ac86958c242366d6)
C:\WINDOWS\system32\WINTRUST.dll (177664 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (aeadc4fe32d6d60f36d9b9ace5c642a2)
C:\WINDOWS\system32\IMAGEHLP.dll (144384 bytes) (Microsoft Corporation) (4/14/2008 5:41:56 AM) (--A-) (ca648bd638245eb83f971ff71b031bec)
C:\WINDOWS\system32\WS2_32.dll (82432 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (2ccc474eb85ceaa3e1fa1726580a3e5a)
C:\WINDOWS\system32\WS2HELP.dll (19968 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (9789e95e1d88eeb4b922bf3ea7779c28)
C:\WINDOWS\system32\MSGINA.dll (997376 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (d7b7a57c0e57c836f18cf12a4c62a1ca)
C:\WINDOWS\system32\COMCTL32.dll (617472 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (93afb83fbc1f9443cac722fca63d73bf)
C:\WINDOWS\system32\ODBC32.dll (249856 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (40b0f98bad16ad5def894e88c3ef8014)
C:\WINDOWS\system32\comdlg32.dll (276992 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (86987a5000dfa3ebe2275c0456bcf2fe)
C:\WINDOWS\system32\SHELL32.dll (8462336 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (e86423aa9aa8c382af02b94a058dc2aa)
C:\WINDOWS\system32\SHLWAPI.dll (474112 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (c448a248b743f5fb935c787a5d97268b)
C:\WINDOWS\system32\odbcint.dll (94208 bytes) (Microsoft Corporation) (4/13/2008 10:56:06 PM) (--A-) (6b7c6b32f8e84d56c6260d684019fea2)
C:\WINDOWS\system32\SHSVCS.dll (135168 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (99bc0b50f511924348be19c7c7313bbf)
C:\WINDOWS\system32\sfc.dll (5120 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (96e1c926f22ee1bfbae82901a35f6bf3)
C:\WINDOWS\system32\sfc_os.dll (140288 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (6b5db6789177a4fd0debc248041d0739)
C:\WINDOWS\system32\ole32.dll (1288704 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (6bad1bed9872e62049e487fb91ae2f3a)
C:\WINDOWS\system32\Apphelp.dll (125952 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (cf492d7e9af1c628b3536d20ef6f5cc7)
C:\WINDOWS\system32\WINSCARD.DLL (99328 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (02988b904c386b500cd08639c4c20eea)
C:\WINDOWS\system32\WTSAPI32.dll (18432 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (0e2735281fbb9a764d5584c2a5dcba59)
C:\WINDOWS\system32\WINMM.dll (176128 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (4a953f13942867ba8fb41f141ec1b80c)
C:\WINDOWS\system32\cscdll.dll (101888 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (515a7fae2070c2b0242b2353443e2f11)
C:\WINDOWS\System32\dimsntfy.dll (19456 bytes) (Microsoft Corporation) (4/14/2008 5:41:54 AM) (--A-) (e2092f0a1d7abc243f9c2362483d150d)
C:\WINDOWS\system32\WlNotify.dll (92672 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (2cc34e8bb667eef78899546e12649196)
C:\WINDOWS\system32\MPR.dll (59904 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (dd7bd97fb8bd800963789158a5e4b41d)
C:\WINDOWS\system32\WINSPOOL.DRV (146432 bytes) (Microsoft Corporation) (4/14/2008 5:42:46 AM) (--A-) (bd83aba61e8accc8d9ffb869f29418ce)
C:\WINDOWS\system32\rsaenh.dll (208384 bytes) (Microsoft Corporation) (4/13/2008 11:07:58 PM) (--A-) (54dae3ea34802b4ed9ae1c6b1209fa56)
C:\WINDOWS\system32\UxTheme.dll (218624 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (7a2cc3719b255e6b5d74396183b7715b)
C:\WINDOWS\system32\SAMLIB.dll (64000 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (8329a39d5a402a75a74301d6a62ecda1)
C:\WINDOWS\system32\msv1_0.dll (136192 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (517561a1113b04e51d936cd018de1c1f)
C:\WINDOWS\system32\cryptdll.dll (33280 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (17a1d675c12bbf80caac54a4855c41d0)
C:\WINDOWS\system32\iphlpapi.dll (94720 bytes) (Microsoft Corporation) (4/14/2008 5:41:56 AM) (--A-) (af07dc9b7cc455629e732340c7b15f3a)
C:\WINDOWS\system32\MPRAPI.dll (87040 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (ea5b8beca3f279c757578cd7f1e95855)
C:\WINDOWS\system32\ACTIVEDS.dll (193536 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (2cdae321b8e878a278ba2d2fa013060b)
C:\WINDOWS\system32\adsldpc.dll (143360 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (0d84657dbf93db98673defdf2b29e25a)
C:\WINDOWS\system32\WLDAP32.dll (172032 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (0492cf5870f0e616b0c71695a433d162)
C:\WINDOWS\system32\ATL.DLL (58880 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (224fb925c641da16ceb6d60f40ca4c75)
C:\WINDOWS\system32\OLEAUT32.dll (551936 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (1b2be5777f69a71778f52ffee1c798d6)
C:\WINDOWS\system32\rtutils.dll (44032 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (876ccf164e08d6b903cd14398e056dd2)
C:\WINDOWS\system32\xpsp2res.dll (2897920 bytes) (Microsoft Corporation) (4/13/2008 11:09:26 PM) (--A-) (16403217ab6fc5c30c14c6b12098ad4b)
C:\WINDOWS\system32\NTMARTA.DLL (118784 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (549290dbc280c887681d7652978dbbe0)
C:\WINDOWS\system32\COMRes.dll (792064 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (1280a158c722fa95a80fb7aebe78fa7d)
C:\WINDOWS\system32\CLBCATQ.DLL (498688 bytes) (Microsoft Corporation) (9/27/2011 1:04:56 PM) (--A-) (f137a0ca70003db20448d540651fa003)
C:\WINDOWS\system32\cryptnet.dll (64512 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (c14350fc0d47d806699c4f907fc6785b)
C:\WINDOWS\system32\SensApi.dll (7168 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (3cba2210fa39c6ed7895634842e930dd)
C:\WINDOWS\system32\WINHTTP.dll (354816 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (684559a03cbc1d05ba120a18b0d8ba5d)
C:\WINDOWS\system32\sclgntfy.dll (20480 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (63ff9068e5bda0bc9ecd38fbbb216e24)
C:\WINDOWS\System32\drprov.dll (14336 bytes) (Microsoft Corporation) (4/14/2008 5:41:54 AM) (--A-) (2de1190196ee9555db548a57622022eb)
C:\WINDOWS\System32\ntlanman.dll (44032 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (36468087e22c57a83df758b3f90df73f)
C:\WINDOWS\System32\NETUI0.dll (80896 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (ac5df42fe314c1446b1dad237bfcffe0)
C:\WINDOWS\System32\NETUI1.dll (245760 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (ed5a816d8e11e03f1937ac3c56826ee4)
C:\WINDOWS\System32\NETRAP.dll (11776 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (b41d53899e37cc43da85da19998bee81)
C:\WINDOWS\System32\davclnt.dll (25088 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (fb8f8eec8d9c2157789472dd61cdc78b)
C:\WINDOWS\system32\RASAPI32.dll (237056 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (92c4f48b62b0b876194584c3ff09ccb6)
C:\WINDOWS\system32\rasman.dll (61440 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (4def926f6a0545ae486a03c84f2ee482)
C:\WINDOWS\system32\TAPI32.dll (181760 bytes) (Microsoft Corporation) (4/14/2008 5:42:08 AM) (--A-) (00aabf131b4823785818db99a075a313)
C:\WINDOWS\system32\cscui.dll (326656 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (085ed2e391a871c7bae87e0228b546ba)
C:\WINDOWS\system32\NCObjAPI.DLL (36352 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (ec29a79f1e76dc509e24d401f29d0678)
C:\WINDOWS\system32\MSVCP60.dll (413696 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (f404830f3cd9bf8f2515e489c0cda297)
C:\WINDOWS\system32\SCESRV.dll (314880 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (b24a42a413e694ad73fdfb7fbd492c31)
C:\WINDOWS\system32\umpnpmgr.dll (123392 bytes) (Microsoft Corporation) (4/14/2008 5:42:08 AM) (--A-) (2edfc2a8893435723ad80481803c6d5c)
C:\WINDOWS\system32\ShimEng.dll (65024 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (1f03103598bd817b1078dab1326dde11)
C:\WINDOWS\AppPatch\AcAdProc.dll (39424 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (ea9ee60b408878e5f2012f9c783836db)
C:\WINDOWS\system32\eventlog.dll (56320 bytes) (Microsoft Corporation) (4/14/2008 5:41:54 AM) (--A-) (6d4feb43ee538fc5428cc7f0565aa656)
C:\WINDOWS\system32\LSASRV.dll (730112 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (bd31dc6dbe9333c4fbd4bdf0899f2160)
C:\WINDOWS\system32\NTDSAPI.dll (67072 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (ec4c0d9bfd9f7e33f8b395ad54e13063)
C:\WINDOWS\system32\DNSAPI.dll (149504 bytes) (Microsoft Corporation) (4/14/2008 5:41:54 AM) (--A-) (389496118b3b03c2328024af320132ac)
C:\WINDOWS\system32\SAMSRV.dll (415744 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (f05b8cdb7fe0e55dccfb1d946ce80064)
C:\WINDOWS\AppPatch\AcGenral.DLL (1852928 bytes) (Microsoft Corporation) (4/14/2008 5:41:50 AM) (--A-) (310c15fd8358b2c4cd7a5b98a112883f)
C:\WINDOWS\system32\MSACM32.dll (71680 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (2098ab52bd5316e59aa36f3437b13be6)
C:\WINDOWS\system32\msprivs.dll (48128 bytes) (Microsoft Corporation) (4/13/2008 9:53:32 PM) (--A-) (c6bb1d1500db4a0e224cb65e6c7e8a80)
C:\WINDOWS\system32\kerberos.dll (301568 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (a525c96c51d55111fdf3bea9ffffc7ae)
C:\WINDOWS\system32\netlogon.dll (407040 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (1b7f071c51b77c272875c3a23e1e4550)
C:\WINDOWS\system32\w32time.dll (175104 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (54af4b1d5459500ef0937f6d33b1914f)
C:\WINDOWS\system32\schannel.dll (152064 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (a645a78fcdabad67067324d7e6cd9f79)
C:\WINDOWS\system32\wdigest.dll (54272 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (3aaf9b35939ff9e58ccd18d41655c2fc)
C:\WINDOWS\system32\scecli.dll (181248 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (a86bb5e61bf3e39b62ab4c7e7085a084)
C:\WINDOWS\system32\mswsock.dll (245248 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (943337d786a56729263071623bbb9de5)
C:\WINDOWS\system32\hnetcfg.dll (344064 bytes) (Microsoft Corporation) (4/14/2008 5:41:56 AM) (--A-) (3cb32d3b8cbe79899d63280bb7a83cd9)
C:\WINDOWS\System32\wshtcpip.dll (19456 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (4e3d06d6e68eedb52565080f55b460d3)
C:\WINDOWS\System32\winrnr.dll (16896 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (d72b9ec3337b247a666f098f3d6b43de)
C:\WINDOWS\system32\rasadhlp.dll (7680 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (6f9bef24c578d5d6740e080bedd6a448)
C:\WINDOWS\System32\WZCSAPI.DLL (52736 bytes) (Microsoft Corporation) (4/14/2008 1:42:12 AM) (--A-) (767ff54a552732ce772c2302025fa82f)
C:\WINDOWS\System32\rastls.dll (149504 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (a39be37c9237db5f1990d61b268ea555)
C:\WINDOWS\system32\CRYPTUI.dll (512512 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (6e4be11d50f8a8de2bad644c9c9de8d3)
C:\WINDOWS\system32\WININET.dll (916992 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (552263502ea8c24d301a0c43ff90b3ed)
C:\WINDOWS\system32\Normaliz.dll (23552 bytes) (Microsoft Corporation) (1/7/2009 6:20:36 PM) (--A-) (10753a3adc3e39a3b10cc3f08e98e6b4)
C:\WINDOWS\system32\urlmon.dll (1212416 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (496ce99bbbb7680323921df30b405c36)
C:\WINDOWS\system32\iertutil.dll (2000384 bytes) (Microsoft Corporation) (3/8/2009 4:32:22 AM) (--A-) (1ab894fa897e26b23ca53beed72f61f4)
C:\WINDOWS\System32\raschap.dll (79872 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (56ce97ff94b7662a300d359cd6f4d601)
C:\WINDOWS\system32\VSSAPI.DLL (430592 bytes) (Microsoft Corporation) (4/14/2008 5:42:10 AM) (--A-) (acacb8b14e66109b8acd6644b5574b9a)
C:\WINDOWS\system32\wbem\wbemcomn.dll (214528 bytes) (Microsoft Corporation) (9/27/2011 1:04:52 PM) (--A-) (d95c71052e5ef63b55997fb31483d02f)
C:\WINDOWS\System32\Wbem\wbemcore.dll (531456 bytes) (Microsoft Corporation) (9/27/2011 1:04:53 PM) (--A-) (f0bf811622f2dd6c8e26ee4600d83731)
C:\WINDOWS\System32\Wbem\esscli.dll (247808 bytes) (Microsoft Corporation) (9/27/2011 1:04:51 PM) (--A-) (e4616430709f440cf1809d88dc2366ea)
C:\WINDOWS\System32\Wbem\FastProx.dll (473600 bytes) (Microsoft Corporation) (9/27/2011 1:04:51 PM) (--A-) (378a0aefb11d8b0dc8c27b9f7604b88d)
C:\WINDOWS\system32\wbem\wmiutils.dll (95232 bytes) (Microsoft Corporation) (9/27/2011 1:04:54 PM) (--A-) (3273d1565bf30225c115b480a3bb2c9d)
C:\WINDOWS\system32\wbem\repdrvfs.dll (178176 bytes) (Microsoft Corporation) (9/27/2011 1:04:52 PM) (--A-) (942a17d2901a31ea68627cbffcd268cc)
C:\WINDOWS\system32\wbem\wmiprvsd.dll (453120 bytes) (Microsoft Corporation) (9/27/2011 1:04:54 PM) (--A-) (071143f687b4f887e21461ca6cc7eb29)
C:\WINDOWS\system32\wbem\wbemess.dll (273920 bytes) (Microsoft Corporation) (9/27/2011 1:04:53 PM) (--A-) (26d881d27cbe51d3614e68d7313ea026)
C:\WINDOWS\system32\wbem\ncprov.dll (47104 bytes) (Microsoft Corporation) (9/27/2011 1:04:51 PM) (--A-) (d26451b540720a7313a9bcbe794daf62)
C:\WINDOWS\system32\wbem\wbemsvc.dll (43520 bytes) (Microsoft Corporation) (9/27/2011 1:04:53 PM) (--A-) (010472d0ae758227c6f6e6933549c219)
C:\WINDOWS\system32\mlang.dll (586240 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (b714735c12a70171de28657948fd91f1)
C:\WINDOWS\System32\xmlprovi.dll (50176 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (566382ca5f2c41feaeeefac908f1eb92)
C:\WINDOWS\system32\BROWSEUI.dll (1025024 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (b218af9e706d47ff01403d62796840fc)
C:\WINDOWS\system32\SHDOCVW.dll (1510400 bytes) (Microsoft Corporation) (4/14/2008 5:42:06 AM) (--A-) (653cc3873858fc4473f800228053364b)
C:\WINDOWS\system32\dbghelp.dll (640000 bytes) (Microsoft Corporation) (4/14/2008 5:41:52 AM) (--A-) (b6e6f3f5b63053d5dc1f4ee32992492f)
C:\WINDOWS\system32\MSImg32.dll (4608 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (affc87e2501fce8f09d4c10ba6421ccf)
C:\WINDOWS\system32\themeui.dll (385536 bytes) (Microsoft Corporation) (4/14/2008 5:42:08 AM) (--A-) (a314eea2a503a8e04085201e436384a5)
C:\WINDOWS\system32\LINKINFO.dll (19968 bytes) (Microsoft Corporation) (4/14/2008 5:41:58 AM) (--A-) (2dc5a8019e2387987905f77c664e4be2)
C:\WINDOWS\system32\ntshrui.dll (143360 bytes) (Microsoft Corporation) (4/14/2008 5:42:04 AM) (--A-) (a70a2d85ad143d6bb823c246ceb699a5)
C:\WINDOWS\system32\msxml3.dll (1172480 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (0ad792a78419867bf5d750853d80fa11)
C:\WINDOWS\system32\msi.dll (2843136 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (d3f72d50de53f9f1f55240115af4d42e)
C:\WINDOWS\system32\ieframe.dll (11081728 bytes) (Microsoft Corporation) (3/8/2009 4:39:48 AM) (--A-) (0b8fb29cda02015448c9f5260a013f19)
C:\WINDOWS\system32\browselc.dll (63488 bytes) (Microsoft Corporation) (4/13/2008 10:33:26 PM) (--A-) (f3370c98f4981eda6036689d298e67b9)
C:\WINDOWS\system32\MSISIP.DLL (15360 bytes) (Microsoft Corporation) (4/14/2008 5:42:00 AM) (--A-) (88beef09c654252f3e46b6167b7f4ecb)
C:\WINDOWS\system32\wshext.dll (90112 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (3a6d465f379e5c815f4ad565391e654c)
C:\WINDOWS\system32\SrClient.dll (67584 bytes) (Microsoft Corporation) (9/27/2011 1:07:30 PM) (--A-) (77a54bdfbad4604e6131ae68e3cf76d6)
C:\WINDOWS\System32\Wbem\framedyn.dll (185344 bytes) (Microsoft Corporation) (9/27/2011 1:04:51 PM) (--A-) (4306fa2f1099d7c606139255fdb62b19)
C:\WINDOWS\system32\wsock32.dll (22528 bytes) (Microsoft Corporation) (4/14/2008 5:42:12 AM) (--A-) (67156d5a9ac356dc99d7bccb388e3316)

[+] Registry startups

Value: RTHDCPL
Data: RTHDCPL.EXE
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SynTPEnh
Data: %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: SynAsusAcpi
Data: %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: GrooveMonitor
Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: AVG_TRAY
Data: "C:\Program Files\AVG\AVG2012\avgtray.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: vspdfprsrv.exe
Data: C:\Program Files\PDF Pro Software\PDF Pro 10\vspdfprsrv.exe --background
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: IgfxTray
Data: C:\WINDOWS\system32\igfxtray.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: HotKeysCmds
Data: C:\WINDOWS\system32\hkcmd.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Persistence
Data: C:\WINDOWS\system32\igfxpers.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Adobe ARM
Data: "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: DWQueuedReporting
Data: "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: googletalk
Data: C:\Documents and Settings\User\Application Data\Google Talk\googletalk.exe /autostart
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: uTorrent
Data: "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: Skype
Data: "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
Key: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Value: StubPath
Data: C:\WINDOWS\system32\ieudinit.exe
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}

Value: {000123B4-9B42-4900-B3F7-F4B073EFC214}
Data: C:\Program Files\Orbitdownloader\orbitcth.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}

Value: {00C6482D-C502-44C8-8409-FCE54AD9C208}
Data: C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}

Value: {18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Data: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}

Value: {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}
Data: C:\Program Files\AVG\AVG2012\avgdtiex.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31332EEF-CB9F-458F-AFEB-D30E9A66B6BA}

Value: {326E768D-4182-46FD-9C16-1449A49795F4}
Data: C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}

Value: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Data: C:\Program Files\AVG\AVG2012\avgssie.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}

Value: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
Data: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}

Value: {9030D464-4C02-4ABF-8ECC-5164760863C6}
Data: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}

Value: {DBC80044-A445-435b-BC74-9C25C1C588A9}
Data: C:\Program Files\Java\jre6\bin\jp2ssv.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}

Value: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
Data: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}


[+] Other Startups Methods

Value: PostBootReminder
Data: %SystemRoot%\system32\SHELL32.dll
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: CDBurn
Data: %SystemRoot%\system32\SHELL32.dll
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: WebCheck
Data: C:\WINDOWS\system32\webcheck.dll
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: SysTray
Data: C:\WINDOWS\system32\stobject.dll
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: WPDShServiceObj
Data: C:\WINDOWS\system32\WPDShServiceObj.dll
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

Value: DllName
Data: crypt32.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\crypt32chain

Value: DllName
Data: cryptnet.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cryptnet

Value: DLLName
Data: cscdll.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\cscdll

Value: DllName
Data: %SystemRoot%\System32\dimsntfy.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\dimsntfy

Value: DLLName
Data: igfxdev.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui

Value: DLLName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ScCertProp

Value: DllName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Schedule

Value: DllName
Data: sclgntfy.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy

Value: DLLName
Data: WlNotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SensLogn

Value: DllName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\termsrv

Value: DLLName
Data: wlnotify.dll
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\wlballoon

Value:
Data: shell32.dll
CLSID: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Value: Groove GFS Stub Execution Hook
Data: C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
CLSID: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks

Value: Browseui preloader
Data: %SystemRoot%\system32\browseui.dll
CLSID: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler

Value: Component Categories cache daemon
Data: %SystemRoot%\system32\browseui.dll
CLSID: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler


[+] Startup folders

C:\Documents and Settings\User\Start Menu\Programs\Startup\ctfmon.lnk (1604 bytes) (Unknown) (6/29/2012 10:41:33 AM) (--A-) (55a5a32382ef522f6197b0b923d76ca9)
C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk (1021 bytes) (Unknown) (2/20/2012 2:49:49 PM) (--A-) (da0ba899e9cc94995493c609a7352a79)
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ SuperHybridEngine.lnk (787 bytes) (Unknown) (9/27/2011 3:22:29 PM) (--A-) (8bafde9992f3df87a93debaa5c61c6d6)

[+] TCPIP nameservers


[+] Internet Explorer settings


[+] Internet Explorer Trusted Sites


[+] Windows Firewall allowed programs

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
Data: C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Microsoft Office\Office12\GROOVE.EXE
Data: C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE
Data: C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\uTorrent\uTorrent.exe
Data: C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Documents and Settings\User\Application Data\Spotify\spotify.exe
Data: C:\Documents and Settings\User\Application Data\Spotify\spotify.exe:*:Enabled:Spotify
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Veetle\Player\VeetleNet.exe
Data: C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Bonjour\mDNSResponder.exe
Data: C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\iTunes\iTunes.exe
Data: C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Orbitdownloader\orbitdm.exe
Data: C:\Program Files\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Orbitdownloader\orbitnet.exe
Data: C:\Program Files\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Internet Explorer\iexplore.exe
Data: C:\Program Files\Internet Explorer\iexplore.exe:*:Disabled:Internet Explorer
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe
Data: C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\Skype\Phone\Skype.exe
Data: C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
Data: C:\Program Files\PANDORA.TV\PanService\PandoraService.exe:*:Enabled:PandoraService
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\AVG\AVG2012\avgmfapx.exe
Data: C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:AVG Installer
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\AVG\AVG2012\avgnsx.exe
Data: C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Online Shield
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\AVG\AVG2012\avgdiagex.exe
Data: C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostics 2012
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: C:\Program Files\AVG\AVG2012\avgemcx.exe
Data: C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Personal E-mail Scanner
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List

Value: %windir%\Network Diagnostic\xpnetdiag.exe
Data: %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\Veetle\Player\VeetleNet.exe
Data: C:\Program Files\Veetle\Player\VeetleNet.exe:*:Enabled:VeetleNet
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List

Value: C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
Data: C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List


[+] Windows Firewall allowed ports


[+] System Hijack

Value: DisableSR
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\SystemRestore

Value: Hidden
Data: 2
Key: HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced

Value: FirstRunDisabled
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: AntiVirusDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: FirewallDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: UpdatesDisableNotify
Data: 1
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Security Center

Value: EnableDCOM
Data: Y
Key: HKEY_LOCAL_MACHINE\Software\Microsoft\Ole


[+] Executables in Temp folders


[+] Executables in suspicious folders

C:\Program Files\BeerSmith2.exe (6236160 bytes) (Unknown) (5/7/2012 2:38:38 AM) (--A-) (02adcc03d500f6bceaba0d975ad07f82)
C:\Program Files\msvcp90.dll (568832 bytes) (Microsoft Corporation) (11/7/2007 1:19:34 AM) (--A-) (6de5c66e434a9c1729575763d891c6c2)
C:\Program Files\msvcr90.dll (655872 bytes) (Microsoft Corporation) (11/7/2007 1:19:34 AM) (--A-) (e7d91d008fe76423962b91c43c88e4eb)
C:\Program Files\Uninstall.exe (149889 bytes) (Unknown) (6/16/2012 10:32:32 AM) (--A-) (95bc70a2de22e0a65eea4ef45b75de8d)
C:\WINDOWS\system\GSW16.EXE (445632 bytes) (Bits Per Second Ltd) (1/28/2012 2:53:51 AM) (--A-) (c25728b8d60dcb7f5d3d4f8931a75ab0)
C:\WINDOWS\system32\watchdog.sys (17664 bytes) (Microsoft Corporation) (4/14/2008 12:15:00 AM) (--A-) (9a10aacbfdc4922715375fb4065ec930)
C:\WINDOWS\system32\win32k.sys (1859584 bytes) (Microsoft Corporation) (4/14/2008 1:00:12 AM) (--A-) (a3952692fe63986981a54aeb7bcc39c8)
C:\Program Files\windows nt\dialer.exe (539136 bytes) (Microsoft Corporation) (9/27/2011 1:05:07 PM) (--A-) (8d9c34f9d67dadd376ea7df1ddd3c6c5)
C:\Program Files\windows nt\htrn_jis.dll (13312 bytes) (Hilgraeve, Inc.) (9/27/2011 1:05:42 PM) (--A-) (f3fecf12727ee3b43f9b5951a128b197)
C:\Program Files\windows nt\hypertrm.exe (28160 bytes) (Hilgraeve, Inc.) (9/27/2011 1:05:42 PM) (--A-) (9dbb82fb602aa42b131c55c5d136dc9c)
C:\Program Files\Common Files\system\directdb.dll (86528 bytes) (Microsoft Corporation) (9/27/2011 1:07:24 PM) (--A-) (a0c2cb21f4b521429f033fdeb18d63d7)
C:\Program Files\Common Files\system\wab32.dll (510976 bytes) (Microsoft Corporation) (9/27/2011 1:07:25 PM) (--A-) (165a968caa9734216ff0eb192f5fbd7f)
C:\Program Files\Common Files\system\wab32res.dll (249856 bytes) (Microsoft Corporation) (9/27/2011 1:07:25 PM) (--A-) (9179353100db37ae37b4d703e3ff3387)
C:\Documents and Settings\User\Application Data\Google Talk\googletalk.exe


[+] Autorun.ini


[+] Unknown .SYS files

C:\WINDOWS\system32\drivers\acpi.sys (187776 bytes) (Microsoft Corporation) (4/14/2008 12:06:36 AM) (--A-) (8fd99680a539792a30e97944fdaecf17)
C:\WINDOWS\system32\drivers\acpiec.sys (11648 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (9859c0f6936e723e4892d7141b1327d5)
C:\WINDOWS\system32\drivers\aec.sys (142592 bytes) (Microsoft Corporation) (9/27/2011 3:06:41 PM) (--A-) (8bed39e3c35d6a489438b8141717a557)
C:\WINDOWS\system32\drivers\afd.sys (138496 bytes) (Microsoft Corporation) (4/14/2008 12:49:24 AM) (--A-) (1e44bc1e83d8fd2305f8d452db109cf9)
C:\WINDOWS\system32\drivers\Ambfilt.sys (1684736 bytes) (Creative) (9/27/2011 3:06:10 PM) (--A-) (f6af59d6eee5e1c304f7f73706ad11d8)
C:\WINDOWS\system32\drivers\amdk6.sys (37376 bytes) (Microsoft Corporation) (4/13/2008 8:01:34 PM) (--A-) (d7701d7e72243286cc88c9973d891057)
C:\WINDOWS\system32\drivers\amdk7.sys (37760 bytes) (Microsoft Corporation) (4/13/2008 8:01:34 PM) (--A-) (8fce268cdbdd83b23419d1f35f42c7b1)
C:\WINDOWS\system32\drivers\arp1394.sys (60800 bytes) (Microsoft Corporation) (4/13/2008 8:21:26 PM) (--A-) (b5b8a80875c1dededa8b02765642c32f)
C:\WINDOWS\system32\drivers\AsUpIO.sys (11832 bytes) (Unknown) (2/14/2012 6:00:46 PM) (--A-) (a9a565c669786c402752f609afdd0dd5)
C:\WINDOWS\system32\drivers\ASUSACPI.SYS (10752 bytes) (ASUSTeK Computer Inc.) (9/27/2011 3:23:18 PM) (--A-) (12415a4b61ded200fe9932b47a35fa42)
C:\WINDOWS\system32\drivers\asyncmac.sys (14336 bytes) (Microsoft Corporation) (4/14/2008 12:27:28 AM) (--A-) (b153affac761e7f5fcfa822b9c4e97bc)
C:\WINDOWS\system32\drivers\atapi.sys (96512 bytes) (Microsoft Corporation) (4/14/2008 12:10:32 AM) (--A-) (9f3a2f5aa6875c72bf062c712cfa2674)
C:\WINDOWS\system32\drivers\athw.sys (1528928 bytes) (Atheros Communications, Inc.) (9/27/2011 1:46:30 PM) (--A-) (e0ee769d14128014965e03b433f5f46e)
C:\WINDOWS\system32\drivers\atmarpc.sys (59904 bytes) (Microsoft Corporation) (4/14/2008 12:21:26 AM) (--A-) (9916c1225104ba14794209cfa8012159)
C:\WINDOWS\system32\drivers\atmepvc.sys (31360 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (39a0a59180f19946374275745b21aeba)
C:\WINDOWS\system32\drivers\atmlane.sys (55808 bytes) (Microsoft Corporation) (4/14/2008 12:21:32 AM) (--A-) (ae76348a2605fb197fa8ff1d6f547836)
C:\WINDOWS\system32\drivers\atmuni.sys (352256 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (e7ef69b38d17ba01f914ae8f66216a38)
C:\WINDOWS\system32\drivers\audstub.sys (3072 bytes) (Microsoft Corporation) (9/27/2011 8:57:18 AM) (--A-) (d9f724aa26c010a217c97606b160ed68)
C:\WINDOWS\system32\drivers\avgidsdriverx.sys (139856 bytes) (AVG Technologies CZ, s.r.o.) (12/23/2011 1:32:00 PM) (--A-) (1074f787080068c71303b61fae7e7ca4)
C:\WINDOWS\system32\drivers\avgidsfilterx.sys (24144 bytes) (AVG Technologies CZ, s.r.o.) (12/23/2011 1:32:06 PM) (--A-) (61a7e0b02f82cff3db2445bbe50b3589)
C:\WINDOWS\system32\drivers\avgidshx.sys (24896 bytes) (AVG Technologies CZ, s.r.o.) (4/19/2012 4:50:26 AM) (--A-) (d63d83659eedf60b3a3e620281a888e5)
C:\WINDOWS\system32\drivers\avgidsshimx.sys (17232 bytes) (AVG Technologies CZ, s.r.o.) (12/23/2011 1:32:08 PM) (--A-) (baf975b72062f53d327788e99d64197e)
C:\WINDOWS\system32\drivers\avgldx86.sys (235216 bytes) (AVG Technologies CZ, s.r.o.) (7/11/2011 1:13:46 AM) (--A-) (dda6a2a18841e4c9172bb85958b8d948)
C:\WINDOWS\system32\drivers\avgmfx86.sys (41040 bytes) (AVG Technologies CZ, s.r.o.) (8/8/2011 6:08:58 AM) (--A-) (ccdd61545aaea265977e4b1efdc74e8c)
C:\WINDOWS\system32\drivers\avgrkx86.sys (31952 bytes) (AVG Technologies CZ, s.r.o.) (7/11/2011 1:13:42 AM) (--A-) (1fd90b28d2c3100bf4500199c8ad6358)
C:\WINDOWS\system32\drivers\avgtdix.sys (301248 bytes) (AVG Technologies CZ, s.r.o.) (7/11/2011 1:14:38 AM) (--A-) (1263f2554ace925c237a40b4c568d815)
C:\WINDOWS\system32\drivers\battc.sys (14208 bytes) (Microsoft Corporation) (9/27/2011 8:56:00 AM) (--A-) (0d93976f7801b7fcd8135cc77257bbd0)
C:\WINDOWS\system32\drivers\beep.sys (4224 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (da1f27d85e0d1525f6621372e7b685e9)
C:\WINDOWS\system32\drivers\bridge.sys (71552 bytes) (Microsoft Corporation) (4/14/2008 12:23:24 AM) (--A-) (f934d1b230f84e1d19dd00ac5a7a83ed)
C:\WINDOWS\system32\drivers\bthport.sys (272128 bytes) (Microsoft Corporation) (9/27/2011 4:00:37 PM) (----) (662bfd909447dd9cc15b1a1c366583b4)
C:\WINDOWS\system32\drivers\cbidf2k.sys (13952 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (90a673fc8e12a79afbed2576f6a7aaf9)
C:\WINDOWS\system32\drivers\CCDECODE.sys (17024 bytes) (Microsoft Corporation) (9/27/2011 8:57:32 AM) (--A-) (0be5aef125be881c4f854c554f2b025c)
C:\WINDOWS\system32\drivers\cdaudio.sys (18688 bytes) (Microsoft Corporation) (8/17/2001 9:52:30 AM) (--A-) (c1b486a7658353d33a10cc15211a873b)
C:\WINDOWS\system32\drivers\cdfs.sys (63744 bytes) (Microsoft Corporation) (4/14/2008 12:44:22 AM) (--A-) (c885b02847f5d2fd45a24e219ed93b32)
C:\WINDOWS\system32\drivers\cdr4_xp.sys (9072 bytes) (Sonic Solutions) (11/11/2011 12:35:30 PM) (----) (c3e76b0c05ebf7261abfb08d9e75822e)
C:\WINDOWS\system32\drivers\cdralw2k.sys (9200 bytes) (Sonic Solutions) (11/11/2011 12:35:30 PM) (----) (17590dfe29e02842a6e3a463e443d1b9)
C:\WINDOWS\system32\drivers\cdrom.sys (62976 bytes) (Microsoft Corporation) (4/14/2008 12:10:48 AM) (--A-) (1f4260cc5b42272d71f79e570a27a4fe)
C:\WINDOWS\system32\drivers\cinemst2.sys (262528 bytes) (RAVISENT Technologies Inc.) (8/17/2001 10:02:26 AM) (--A-) (b562592b7f5759c99e179ca467ecfb4c)
C:\WINDOWS\system32\drivers\classpnp.sys (49536 bytes) (Microsoft Corporation) (4/14/2008 12:46:24 AM) (--A-) (fe47dd8fe6d7768ff94ebec6c74b2719)
C:\WINDOWS\system32\drivers\CmBatt.sys (13952 bytes) (Microsoft Corporation) (9/27/2011 8:56:00 AM) (--A-) (0f6c187d38d98f8df904589a5f94d411)
C:\WINDOWS\system32\drivers\compbatt.sys (10240 bytes) (Microsoft Corporation) (9/27/2011 8:56:01 AM) (--A-) (6e4c9f21f0fae8940661144f41b13203)
C:\WINDOWS\system32\drivers\cpqdap01.sys (11776 bytes) (Compaq Computer Corporation) (8/17/2001 9:24:38 AM) (--A-) (9624293e55ad405415862b504ca95b73)
C:\WINDOWS\system32\drivers\crusoe.sys (36736 bytes) (Microsoft Corporation) (4/13/2008 8:01:34 PM) (--A-) (f50d9bdbb25cce075e514dc07472a22f)
C:\WINDOWS\system32\drivers\disk.sys (36352 bytes) (Microsoft Corporation) (4/14/2008 12:10:48 AM) (--A-) (044452051f3e02e7963599fc8f4f3e25)
C:\WINDOWS\system32\drivers\diskdump.sys (14208 bytes) (Microsoft Corporation) (4/14/2008 12:10:46 AM) (--A-) (e65e2353a5d74ea89971cb918eeeb2f6)
C:\WINDOWS\system32\drivers\dmboot.sys (799744 bytes) (Microsoft Corp., Veritas Software) (4/14/2008 12:14:50 AM) (--A-) (d992fe1274bde0f84ad826acae022a41)
C:\WINDOWS\system32\drivers\dmio.sys (153344 bytes) (Microsoft Corp., Veritas Software) (4/14/2008 12:14:48 AM) (--A-) (7c824cf7bbde77d95c08005717a95f6f)
C:\WINDOWS\system32\drivers\dmload.sys (5888 bytes) (Microsoft Corp., Veritas Software.) (8/4/2004 6:00:00 AM) (--A-) (e9317282a63ca4d188c0df5e09c6ac5f)
C:\WINDOWS\system32\drivers\DMusic.sys (52864 bytes) (Microsoft Corporation) (9/27/2011 3:06:45 PM) (--A-) (8a208dfcf89792a484e76c40e5f50b45)
C:\WINDOWS\system32\drivers\drmk.sys (60160 bytes) (Microsoft Corporation) (9/27/2011 3:06:22 PM) (--A-) (6cb08593487f5701d2d2254e693eafce)
C:\WINDOWS\system32\drivers\drmkaud.sys (2944 bytes) (Microsoft Corporation) (9/27/2011 3:06:37 PM) (--A-) (8f5fcff8e8848afac920905fbd9d33c8)
C:\WINDOWS\system32\drivers\dxapi.sys (10496 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (fe97d0343acfdebdd578fc67cc91fa87)
C:\WINDOWS\system32\drivers\dxg.sys (71168 bytes) (Microsoft Corporation) (4/14/2008 12:08:30 AM) (--A-) (ac7280566a7bb85cb3291f04ddc1198e)
C:\WINDOWS\system32\drivers\dxgthk.sys (3328 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (a73f5d6705b1d820c19b18782e176efd)
C:\WINDOWS\system32\drivers\fastfat.sys (143744 bytes) (Microsoft Corporation) (4/14/2008 12:44:30 AM) (--A-) (38d332a6d56af32635675f132548343e)
C:\WINDOWS\system32\drivers\fdc.sys (27392 bytes) (Microsoft Corporation) (4/14/2008 12:10:26 AM) (--A-) (92cdd60b6730b9f50f6a1a0c1f8cdc81)
C:\WINDOWS\system32\drivers\fips.sys (44544 bytes) (Microsoft Corporation) (4/14/2008 12:03:30 AM) (--A-) (d45926117eb9fa946a6af572fbe1caa3)
C:\WINDOWS\system32\drivers\flpydisk.sys (20480 bytes) (Microsoft Corporation) (4/14/2008 12:10:26 AM) (--A-) (9d27e7b80bfcdf1cdd9b555862d5e7f0)
C:\WINDOWS\system32\drivers\fltMgr.sys (129792 bytes) (Microsoft Corporation) (9/27/2011 1:07:31 PM) (--A-) (b2cf4b0786f8212cb92ed2b50c6db6b0)
C:\WINDOWS\system32\drivers\fsvga.sys (12160 bytes) (Microsoft Corporation) (8/17/2001 9:57:26 AM) (--A-) (455f778ee14368468560bd7cb8c854d0)
C:\WINDOWS\system32\drivers\fs_rec.sys (7936 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a)
C:\WINDOWS\system32\drivers\ftdisk.sys (125056 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (6ac26732762483366c3969c9e4d2259d)
C:\WINDOWS\system32\drivers\GEARAspiWDM.sys (26600 bytes) (GEAR Software Inc.) (10/3/2011 6:27:49 PM) (--A-) (8182ff89c65e4d38b2de4bb0fb18564e)
C:\WINDOWS\system32\drivers\hdaudbus.sys (144384 bytes) (Windows ® Server 2003 DDK provider) (4/13/2008 10:06:06 PM) (--A-) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\hidclass.sys (36864 bytes) (Microsoft Corporation) (4/14/2008 12:15:28 AM) (--A-) (1af592532532a402ed7c060f6954004f)
C:\WINDOWS\system32\drivers\hidparse.sys (24960 bytes) (Microsoft Corporation) (4/14/2008 12:15:24 AM) (--A-) (96eccf28fdbf1b2cc12725818a63628d)
C:\WINDOWS\system32\drivers\hidusb.sys (10368 bytes) (Microsoft Corporation) (12/22/2011 2:35:00 PM) (--A-) (ccf82c5ec8a7326c3066de870c06daf1)
C:\WINDOWS\system32\drivers\HPZid412.sys (49920 bytes) (HP) (10/27/2011 7:35:42 PM) (--A-) (d03d10f7ded688fecf50f8fbf1ea9b8a)
C:\WINDOWS\system32\drivers\HPZipr12.sys (16496 bytes) (HP) (10/27/2011 7:35:43 PM) (--A-) (89f41658929393487b6b7d13c8528ce3)
C:\WINDOWS\system32\drivers\HPZius12.sys (21568 bytes) (HP) (10/27/2011 7:35:44 PM) (--A-) (abcb05ccdbf03000354b9553820e39f8)
C:\WINDOWS\system32\drivers\http.sys (265728 bytes) (Microsoft Corporation) (4/14/2008 12:23:54 AM) (--A-) (f80a415ef82cd06ffaf0d971528ead38)
C:\WINDOWS\system32\drivers\i8042prt.sys (52480 bytes) (Microsoft Corporation) (4/14/2008 12:48:02 AM) (--A-) (4a0b06aa8943c1e332520f7440c0aa30)
C:\WINDOWS\system32\drivers\iaStor.sys (327192 bytes) (Intel Corporation) (2/14/2012 6:26:28 PM) (--A-) (8ef427c54497c5f8a7a645990e4278c7)
C:\WINDOWS\system32\drivers\igxpmp32.sys (5854752 bytes) (Intel Corporation) (9/27/2011 2:51:43 PM) (--A-) (48846b31be5a4fa662ccfde7a1ba86b9)
C:\WINDOWS\system32\drivers\imapi.sys (42112 bytes) (Microsoft Corporation) (4/14/2008 12:11:00 AM) (--A-) (083a052659f5310dd8b6a6cb05edcf8e)
C:\WINDOWS\system32\drivers\intelppm.sys (36352 bytes) (Microsoft Corporation) (4/14/2008 12:01:34 AM) (--A-) (8c953733d8f36eb2133f5bb58808b66b)
C:\WINDOWS\system32\drivers\ip6fw.sys (36608 bytes) (Microsoft Corporation) (4/14/2008 12:23:36 AM) (--A-) (3bb22519a194418d5fec05d800a19ad0)
C:\WINDOWS\system32\drivers\ipfltdrv.sys (32896 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (731f22ba402ee4b62748adaf6363c182)
C:\WINDOWS\system32\drivers\ipinip.sys (20864 bytes) (Microsoft Corporation) (4/14/2008 12:27:08 AM) (--A-) (b87ab476dcf76e72010632b5550955f5)
C:\WINDOWS\system32\drivers\ipnat.sys (152832 bytes) (Microsoft Corporation) (4/14/2008 12:27:16 AM) (--A-) (cc748ea12c6effde940ee98098bf96bb)
C:\WINDOWS\system32\drivers\ipsec.sys (75264 bytes) (Microsoft Corporation) (4/14/2008 12:49:44 AM) (--A-) (23c74d75e36e7158768dd63d92789a91)
C:\WINDOWS\system32\drivers\irenum.sys (11264 bytes) (Microsoft Corporation) (9/27/2011 8:53:23 AM) (--A-) (c93c9ff7b04d772627a3646d89f7bf89)
C:\WINDOWS\system32\drivers\isapnp.sys (37248 bytes) (Microsoft Corporation) (4/14/2008 12:06:42 AM) (--A-) (05a299ec56e52649b1cf2fc52d20f2d7)
C:\WINDOWS\system32\drivers\kbdclass.sys (24576 bytes) (Microsoft Corporation) (4/14/2008 12:09:48 AM) (--A-) (463c1ec80cd17420a542b7f36a36f128)
C:\WINDOWS\system32\drivers\kbdhid.sys (14592 bytes) (Microsoft Corporation) (12/22/2011 2:35:14 PM) (--A-) (9ef487a186dea361aa06913a75b3fa99)
C:\WINDOWS\system32\drivers\kmixer.sys (172416 bytes) (Microsoft Corporation) (9/27/2011 3:06:38 PM) (--A-) (692bcf44383d056aed41b045a323d378)
C:\WINDOWS\system32\drivers\ks.sys (141056 bytes) (Microsoft Corporation) (4/13/2008 8:46:38 PM) (--A-) (0753515f78df7f271a5e61c20bcd36a1)
C:\WINDOWS\system32\drivers\ksecdd.sys (92928 bytes) (Microsoft Corporation) (4/14/2008 12:01:44 AM) (--A-) (b467646c54cc746128904e1654c750c1)
C:\WINDOWS\system32\drivers\l1c51x86.sys (38912 bytes) (Atheros Communications, Inc.) (9/27/2011 1:45:28 PM) (--A-) (6c8658587e91ea25b0fd2e71781ad228)
C:\WINDOWS\system32\drivers\mcd.sys (7680 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (d1f8be91ed4ddb671d42e473e3fe71ab)
C:\WINDOWS\system32\drivers\mf.sys (63744 bytes) (Microsoft Corporation) (4/13/2008 8:06:42 PM) (--A-) (a7da20ab18a1bdae28b0f349e57da0d1)
C:\WINDOWS\system32\drivers\mnmdd.sys (4224 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (4ae068242760a1fb6e1a44bf4e16afa6)
C:\WINDOWS\system32\drivers\modem.sys (30080 bytes) (Microsoft Corporation) (4/13/2008 8:30:20 PM) (--A-) (dfcbad3cec1c5f964962ae10e0bcc8e1)
C:\WINDOWS\system32\drivers\Monfilt.sys (1389056 bytes) (Creative Technology Ltd.) (9/27/2011 3:06:11 PM) (--A-) (9fa7207d1b1adead88ae8eed9cdbbaa5)
C:\WINDOWS\system32\drivers\mouclass.sys (23040 bytes) (Microsoft Corporation) (4/13/2008 8:09:48 PM) (--A-) (35c9e97194c8cfb8430125f8dbc34d04)
C:\WINDOWS\system32\drivers\mouhid.sys (12160 bytes) (Microsoft Corporation) (12/22/2011 2:35:18 PM) (--A-) (b1c303e17fb9d46e87a98e4ba6769685)
C:\WINDOWS\system32\drivers\mountmgr.sys (42368 bytes) (Microsoft Corporation) (4/14/2008 12:09:48 AM) (--A-) (a80b9a0bad1b73637dbcbba7df72d3fd)
C:\WINDOWS\system32\drivers\mrxdav.sys (180608 bytes) (Microsoft Corporation) (4/14/2008 12:02:46 AM) (--A-) (11d42bb6206f33fbb3ba0288d3ef81bd)
C:\WINDOWS\system32\drivers\mrxsmb.sys (456320 bytes) (Microsoft Corporation) (4/14/2008 12:47:02 AM) (--A-) (7d304a5eb4344ebeeab53a2fe3ffb9f0)
C:\WINDOWS\system32\drivers\msfs.sys (19072 bytes) (Microsoft Corporation) (4/14/2008 12:02:40 AM) (--A-) (c941ea2454ba8350021d774daf0f1027)
C:\WINDOWS\system32\drivers\msgpc.sys (35072 bytes) (Microsoft Corporation) (4/14/2008 12:26:34 AM) (--A-) (0a02c63c8b144bd8c86b103dee7c86a2)
C:\WINDOWS\system32\drivers\MSKSSRV.sys (7552 bytes) (Microsoft Corporation) (9/27/2011 8:57:28 AM) (--A-) (d1575e71568f4d9e14ca56b7b0453bf1)
C:\WINDOWS\system32\drivers\MSPCLOCK.sys (5376 bytes) (Microsoft Corporation) (9/27/2011 8:57:25 AM) (--A-) (325bb26842fc7ccc1fcce2c457317f3e)
C:\WINDOWS\system32\drivers\MSPQM.sys (4992 bytes) (Microsoft Corporation) (9/27/2011 8:57:22 AM) (--A-) (bad59648ba099da4a17680b39730cb3d)
C:\WINDOWS\system32\drivers\mssmbios.sys (15488 bytes) (Microsoft Corporation) (4/13/2008 8:06:48 PM) (--A-) (af5f4f3f14a8ea2c26de30f7a1e17136)
C:\WINDOWS\system32\drivers\MSTEE.sys (5504 bytes) (Microsoft Corporation) (9/27/2011 8:57:41 AM) (--A-) (e53736a9e30c45fa9e7b5eac55056d1d)
C:\WINDOWS\system32\drivers\mup.sys (105472 bytes) (Microsoft Corporation) (4/14/2008 12:47:06 AM) (--A-) (de6a75f5c270e756c5508d94b6cf68f5)
C:\WINDOWS\system32\drivers\NABTSFEC.sys (85248 bytes) (Microsoft Corporation) (9/27/2011 8:57:35 AM) (--A-) (5b50f1b2a2ed47d560577b221da734db)
C:\WINDOWS\system32\drivers\ndis.sys (182656 bytes) (Microsoft Corporation) (4/14/2008 12:50:38 AM) (--A-) (1df7f42665c94b825322fae71721130d)
C:\WINDOWS\system32\drivers\NdisIP.sys (10880 bytes) (Microsoft Corporation) (9/27/2011 8:57:33 AM) (--A-) (7ff1f1fd8609c149aa432f95a8163d97)
C:\WINDOWS\system32\drivers\ndistapi.sys (10496 bytes) (Microsoft Corporation) (4/14/2008 12:27:28 AM) (--A-) (0109c4f3850dfbab279542515386ae22)
C:\WINDOWS\system32\drivers\ndisuio.sys (14592 bytes) (Microsoft Corporation) (4/13/2008 8:26:00 PM) (--A-) (f927a4434c5028758a842943ef1a3849)
C:\WINDOWS\system32\drivers\ndiswan.sys (91520 bytes) (Microsoft Corporation) (4/14/2008 12:50:44 AM) (--A-) (edc1531a49c80614b2cfda43ca8659ab)
C:\WINDOWS\system32\drivers\ndproxy.sys (40960 bytes) (Microsoft Corporation) (4/14/2008 12:27:30 AM) (--A-) (9282bd12dfb069d3889eb3fcc1000a9b)
C:\WINDOWS\system32\drivers\netbios.sys (34688 bytes) (Microsoft Corporation) (4/14/2008 12:26:04 AM) (--A-) (5d81cf9a2f1a3a756b66cf684911cdf0)
C:\WINDOWS\system32\drivers\netbt.sys (162816 bytes) (Microsoft Corporation) (4/14/2008 12:51:02 AM) (--A-) (74b2b2f5bea5e9a3dc021d685551bd3d)
C:\WINDOWS\system32\drivers\nic1394.sys (61824 bytes) (Microsoft Corporation) (4/13/2008 8:21:26 PM) (--A-) (e9e47cfb2d461fa0fc75b7a74c6383ea)
C:\WINDOWS\system32\drivers\nikedrv.sys (12032 bytes) (S3/Diamond Multimedia Systems) (8/17/2001 9:24:44 AM) (--A-) (be984d604d91c217355cdd3737aad25d)
C:\WINDOWS\system32\drivers\nmnt.sys (40320 bytes) (Microsoft Corporation) (4/14/2008 12:23:10 AM) (--A-) (1e421a6bcf2203cc61b821ada9de878b)
C:\WINDOWS\system32\drivers\npfs.sys (30848 bytes) (Microsoft Corporation) (4/14/2008 12:02:40 AM) (--A-) (3182d64ae053d6fb034f44b6def8034a)
C:\WINDOWS\system32\drivers\ntfs.sys (574976 bytes) (Microsoft Corporation) (4/14/2008 12:45:54 AM) (--A-) (78a08dd6a8d65e697c18e1db01c5cdca)
C:\WINDOWS\system32\drivers\null.sys (2944 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (73c1e1f395918bc2c6dd67af7591a3ad)
C:\WINDOWS\system32\drivers\nwlnkflt.sys (12416 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (b305f3fad35083837ef46a0bbce2fc57)
C:\WINDOWS\system32\drivers\nwlnkfwd.sys (32512 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (c99b3415198d1aab7227f2c88fd664b9)
C:\WINDOWS\system32\drivers\nwlnkipx.sys (88320 bytes) (Microsoft Corporation) (4/14/2008 12:26:08 AM) (--A-) (8b8b1be2dba4025da6786c645f77f123)
C:\WINDOWS\system32\drivers\nwlnknb.sys (63232 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (56d34a67c05e94e16377c60609741ff8)
C:\WINDOWS\system32\drivers\nwlnkspx.sys (55936 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (c0bb7d1615e1acbdc99757f6ceaf8cf0)
C:\WINDOWS\system32\drivers\oprghdlr.sys (3456 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (4bb30ddc53ebc76895e38694580cdfe9)
C:\WINDOWS\system32\drivers\p3.sys (42752 bytes) (Microsoft Corporation) (4/13/2008 8:01:32 PM) (--A-) (c90018bafdc7098619a4a95b046b30f3)
C:\WINDOWS\system32\drivers\parport.sys (80128 bytes) (Microsoft Corporation) (4/13/2008 8:10:12 PM) (--A-) (5575faf8f97ce5e713d108c2a58d7c7c)
C:\WINDOWS\system32\drivers\partmgr.sys (19712 bytes) (Microsoft Corporation) (4/14/2008 12:10:50 AM) (--A-) (beb3ba25197665d82ec7065b724171c6)
C:\WINDOWS\system32\drivers\parvdm.sys (6784 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (70e98b3fd8e963a6a46a2e6247e0bea1)
C:\WINDOWS\system32\drivers\pci.sys (68224 bytes) (Microsoft Corporation) (4/14/2008 12:06:46 AM) (--A-) (a219903ccf74233761d92bef471a07b1)
C:\WINDOWS\system32\drivers\pciide.sys (3328 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (ccf5f451bb1a5a2a522a76e670000ff0)
C:\WINDOWS\system32\drivers\pciidex.sys (24960 bytes) (Microsoft Corporation) (4/14/2008 12:10:30 AM) (--A-) (52e60f29221d0d1ac16737e8dbf7c3e9)
C:\WINDOWS\system32\drivers\pcmcia.sys (120192 bytes) (Microsoft Corporation) (4/14/2008 12:06:44 AM) (--A-) (9e89ef60e9ee05e3f2eef2da7397f1c1)
C:\WINDOWS\system32\drivers\portcls.sys (146048 bytes) (Microsoft Corporation) (9/27/2011 3:06:23 PM) (--A-) (e82a496c3961efc6828b508c310ce98f)
C:\WINDOWS\system32\drivers\processr.sys (35840 bytes) (Microsoft Corporation) (4/13/2008 8:01:32 PM) (--A-) (a32bebaf723557681bfc6bd93e98bd26)
C:\WINDOWS\system32\drivers\psched.sys (69120 bytes) (Microsoft Corporation) (4/14/2008 12:26:40 AM) (--A-) (09298ec810b07e5d582cb3a3f9255424)
C:\WINDOWS\system32\drivers\ptilink.sys (17792 bytes) (Parallel Technologies, Inc.) (8/4/2004 6:00:00 AM) (--A-) (80d317bd1c3dbc5d4fe7b1678c60cadd)
C:\WINDOWS\system32\drivers\PxHelp20.sys (45648 bytes) (Sonic Solutions) (11/11/2011 12:35:30 PM) (----) (e42e3433dbb4cffe8fdd91eab29aea8e)
C:\WINDOWS\system32\drivers\rasacd.sys (8832 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (fe0d99d6f31e4fad8159f690d68ded9c)
C:\WINDOWS\system32\drivers\rasl2tp.sys (51328 bytes) (Microsoft Corporation) (4/14/2008 12:49:44 AM) (--A-) (11b4a627bc9614b885c4969bfa5ff8a6)
C:\WINDOWS\system32\drivers\raspppoe.sys (41472 bytes) (Microsoft Corporation) (4/14/2008 12:27:34 AM) (--A-) (5bc962f2654137c9909c3d4603587dee)
C:\WINDOWS\system32\drivers\raspptp.sys (48384 bytes) (Microsoft Corporation) (4/14/2008 12:49:50 AM) (--A-) (efeec01b1d3cf84f16ddd24d9d9d8f99)
C:\WINDOWS\system32\drivers\raspti.sys (16512 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (fdbb1d60066fcfbb7452fd8f9829b242)
C:\WINDOWS\system32\drivers\rawwan.sys (34432 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (01524cd237223b18adbb48f70083f101)
C:\WINDOWS\system32\drivers\rdbss.sys (175744 bytes) (Microsoft Corporation) (4/14/2008 12:58:40 AM) (--A-) (7ad224ad1a1437fe28d89cf22b17780a)
C:\WINDOWS\system32\drivers\rdpcdd.sys (4224 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (4912d5b403614ce99c28420f75353332)
C:\WINDOWS\system32\drivers\rdpdr.sys (196224 bytes) (Microsoft Corporation) (9/27/2011 1:04:45 PM) (--A-) (15cabd0f7c00c47c70124907916af3f1)
C:\WINDOWS\system32\drivers\rdpwd.sys (139656 bytes) (Microsoft Corporation) (9/27/2011 1:05:05 PM) (--A-) (fc105dd312ed64eb66bff111e8ec6eac)
C:\WINDOWS\system32\drivers\redbook.sys (57600 bytes) (Microsoft Corporation) (9/27/2011 8:56:48 AM) (--A-) (f828dd7e1419b6653894a8f97a0094c5)
C:\WINDOWS\system32\drivers\rio8drv.sys (12032 bytes) (S3/Diamond Multimedia Systems) (8/17/2001 9:24:46 AM) (--A-) (a56fe08ec7473e8580a390bb1081cdd7)
C:\WINDOWS\system32\drivers\riodrv.sys (12032 bytes) (S3/Diamond Multimedia Systems) (8/17/2001 9:24:46 AM) (--A-) (0a854df84c77a0be205bfeab2ae4f0ec)
C:\WINDOWS\system32\drivers\rmcast.sys (203136 bytes) (Microsoft Corporation) (4/14/2008 12:25:10 AM) (--A-) (96f7a9a7bf0c9c0440a967440065d33c)
C:\WINDOWS\system32\drivers\rndismp.sys (30592 bytes) (Microsoft Corporation) (4/14/2008 12:26:50 AM) (--A-) (601844cbcf617ff8c868130ca5b2039d)
C:\WINDOWS\system32\drivers\rootmdm.sys (5888 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (d8b0b4ade32574b2d9c5cc34dc0dbbe7)
C:\WINDOWS\system32\drivers\RtkHDAud.sys (5920256 bytes) (Realtek Semiconductor Corp.) (9/27/2011 3:06:14 PM) (--A-) (4260acf0890a99b67e3f3f4956fc4b05)
C:\WINDOWS\system32\drivers\scsiport.sys (96384 bytes) (Microsoft Corporation) (4/14/2008 12:10:32 AM) (--A-) (76c465f570e90c28942d52ccb2580a10)
C:\WINDOWS\system32\drivers\sdbus.sys (79232 bytes) (Microsoft Corporation) (4/14/2008 12:06:46 AM) (--A-) (8d04819a3ce51b9eb47e5689b44d43c4)
C:\WINDOWS\system32\drivers\secdrv.sys (20480 bytes) (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) (4/13/2008 10:09:16 PM) (--A-) (90a3935d05b494a5a39d37e71f09a677)
C:\WINDOWS\system32\drivers\serenum.sys (15744 bytes) (Microsoft Corporation) (4/14/2008 12:10:14 AM) (--A-) (0f29512ccd6bead730039fb4bd2c85ce)
C:\WINDOWS\system32\drivers\serial.sys (64512 bytes) (Microsoft Corporation) (4/14/2008 12:45:46 AM) (--A-) (cca207a8896d4c6a0c9ce29a4ae411a7)
C:\WINDOWS\system32\drivers\sffdisk.sys (11904 bytes) (Microsoft Corporation) (4/14/2008 12:10:48 AM) (--A-) (0fa803c64df0914b41f807ea276bf2a6)
C:\WINDOWS\system32\drivers\sffp_mmc.sys (10240 bytes) (Microsoft Corporation) (4/14/2008 12:10:50 AM) (--A-) (d66d22d76878bf3483a6be30183fb648)
C:\WINDOWS\system32\drivers\sffp_sd.sys (11008 bytes) (Microsoft Corporation) (4/14/2008 12:10:48 AM) (--A-) (c17c331e435ed8737525c86a7557b3ac)
C:\WINDOWS\system32\drivers\sfloppy.sys (11392 bytes) (Microsoft Corporation) (4/14/2008 12:10:50 AM) (--A-) (8e6b8c671615d126fdc553d1e2de5562)
C:\WINDOWS\system32\drivers\si3112.sys (69168 bytes) (Silicon Image, Inc.) (8/20/2010 6:58:35 PM) (--A-) (2525f35d0a0e94bb0ca7b4b68117b453)
C:\WINDOWS\system32\drivers\SLIP.sys (11136 bytes) (Microsoft Corporation) (9/27/2011 8:57:37 AM) (--A-) (866d538ebe33709a5c9f5c62b73b7d14)
C:\WINDOWS\system32\drivers\smclib.sys (14592 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (017daecf0ed3aa731313433601ec40fa)
C:\WINDOWS\system32\drivers\sonydcam.sys (25344 bytes) (Microsoft Corporation) (4/13/2008 8:16:08 PM) (--A-) (489703624dac94ed943c2abda022a1cd)
C:\WINDOWS\system32\drivers\splitter.sys (6272 bytes) (Microsoft Corporation) (9/27/2011 3:06:50 PM) (--A-) (ab8b92451ecb048a4d1de7c3ffcb4a9f)
C:\WINDOWS\system32\drivers\sr.sys (73472 bytes) (Microsoft Corporation) (9/27/2011 1:07:30 PM) (--A-) (76bb022c2fb6902fd5bdd4f78fc13a5d)
C:\WINDOWS\system32\drivers\srv.sys (357888 bytes) (Microsoft Corporation) (4/14/2008 12:45:12 AM) (--A-) (47ddfc2f003f7f9f0592c6874962a2e7)
C:\WINDOWS\system32\drivers\stream.sys (49408 bytes) (Microsoft Corporation) (4/13/2008 8:15:16 PM) (--A-) (3e5d89099ded9e86e5639f411693218f)
C:\WINDOWS\system32\drivers\StreamIP.sys (15232 bytes) (Microsoft Corporation) (9/27/2011 8:57:24 AM) (--A-) (77813007ba6265c4b6098187e6ed79d2)
C:\WINDOWS\system32\drivers\swenum.sys (4352 bytes) (Microsoft Corporation) (4/13/2008 8:09:54 PM) (--A-) (3941d127aef12e93addf6fe6ee027e0f)
C:\WINDOWS\system32\drivers\swmidi.sys (56576 bytes) (Microsoft Corporation) (9/27/2011 3:06:43 PM) (--A-) (8ce882bcc6cf8a62f2b2323d95cb3d01)
C:\WINDOWS\system32\drivers\SynTP.sys (230448 bytes) (Synaptics Incorporated) (9/27/2011 3:49:52 PM) (--AR) (bd8e7f87de409a745a132a8812de5a96)
C:\WINDOWS\system32\drivers\sysaudio.sys (60800 bytes) (Microsoft Corporation) (9/27/2011 3:06:34 PM) (--A-) (8b83f3ed0f1688b4958f77cd6d2bf290)
C:\WINDOWS\system32\drivers\tape.sys (14976 bytes) (Microsoft Corporation) (4/14/2008 12:10:52 AM) (--A-) (fd6093e3decd925f1cffc8a0dd539d72)
C:\WINDOWS\system32\drivers\tcpip.sys (361600 bytes) (Microsoft Corporation) (4/14/2008 12:50:18 AM) (--A-) (9aefa14bd6b182d61e3119fa5f436d3d)
C:\WINDOWS\system32\drivers\tcpip6.sys (226880 bytes) (Microsoft Corporation) (4/14/2008 12:30:04 AM) (--A-) (4e53bbcc4be37d7a4bd6ef1098c89ff7)
C:\WINDOWS\system32\drivers\tdi.sys (19072 bytes) (Microsoft Corporation) (4/14/2008 12:30:06 AM) (--A-) (0539d5e53587f82d1b4fd74c5be205cf)
C:\WINDOWS\system32\drivers\tdpipe.sys (12040 bytes) (Microsoft Corporation) (9/27/2011 1:05:05 PM) (--A-) (6471a66807f5e104e4885f5b67349397)
C:\WINDOWS\system32\drivers\tdtcp.sys (21896 bytes) (Microsoft Corporation) (9/27/2011 1:05:05 PM) (--A-) (c56b6d0402371cf3700eb322ef3aaf61)
C:\WINDOWS\system32\drivers\termdd.sys (40840 bytes) (Microsoft Corporation) (9/27/2011 1:04:44 PM) (--A-) (88155247177638048422893737429d9e)
C:\WINDOWS\system32\drivers\tosdvd.sys (51712 bytes) (Microsoft Corporation) (8/17/2001 10:01:34 AM) (--A-) (699450901c5ccfd82357cbc531cedd23)
C:\WINDOWS\system32\drivers\tsbvcap.sys (21376 bytes) (Toshiba Corporation) (8/17/2001 10:06:22 AM) (--A-) (d74a8ec75305f1d3cfde7c7fc1bd62a9)
C:\WINDOWS\system32\drivers\tunmp.sys (12288 bytes) (Microsoft Corporation) (4/13/2008 8:26:02 PM) (--A-) (8f861eda21c05857eb8197300a92501c)
C:\WINDOWS\system32\drivers\udfs.sys (66048 bytes) (Microsoft Corporation) (4/14/2008 12:02:38 AM) (--A-) (5787b80c2e3c5e2f56c2a233d91fa2c9)
C:\WINDOWS\system32\drivers\update.sys (384768 bytes) (Microsoft Corporation) (4/14/2008 12:09:48 AM) (--A-) (402ddc88356b1bac0ee3dd1580c76a31)
C:\WINDOWS\system32\drivers\usb8023.sys (12800 bytes) (Microsoft Corporation) (4/14/2008 12:26:50 AM) (--A-) (bee793d4a059caea55d6ac20e19b3a8f)
C:\WINDOWS\system32\drivers\usbaapl.sys (42496 bytes) (Apple, Inc.) (10/3/2011 6:23:58 PM) (--A-) (83cafcb53201bbac04d822f32438e244)
C:\WINDOWS\system32\drivers\usbcamd.sys (25600 bytes) (Microsoft Corporation) (4/13/2008 8:15:42 PM) (--A-) (1c1a47b40c23358245aa8d0443b6935e)
C:\WINDOWS\system32\drivers\usbcamd2.sys (25728 bytes) (Microsoft Corporation) (4/13/2008 8:15:42 PM) (--A-) (ce97845d2e3f0d274b8bac1ed07c6149)
C:\WINDOWS\system32\drivers\usbccgp.sys (32128 bytes) (Microsoft Corporation) (4/14/2008 12:15:40 AM) (--A-) (173f317ce0db8e21322e71b7e60a27e8)
C:\WINDOWS\system32\drivers\usbd.sys (4736 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (596eb39b50d6ebd9b734dc4ae0544693)
C:\WINDOWS\system32\drivers\usbehci.sys (30208 bytes) (Microsoft Corporation) (4/14/2008 12:15:36 AM) (--A-) (65dcf09d0e37d4c6b11b5b0b76d470a7)
C:\WINDOWS\system32\drivers\usbhub.sys (59520 bytes) (Microsoft Corporation) (4/14/2008 12:15:38 AM) (--A-) (1ab3cdde553b6e064d2e754efe20285c)
C:\WINDOWS\system32\drivers\usbintel.sys (15872 bytes) (Microsoft Corporation) (4/13/2008 8:15:44 PM) (--A-) (290913dc4f1125e5a82de52579a44c43)
C:\WINDOWS\system32\drivers\usbport.sys (143872 bytes) (Microsoft Corporation) (4/14/2008 12:15:38 AM) (--A-) (791912e524cc2cc6f50b5f2b52d1eb71)
C:\WINDOWS\system32\drivers\usbprint.sys (25856 bytes) (Microsoft Corporation) (10/27/2011 6:25:02 PM) (--A-) (a717c8721046828520c9edf31288fc00)
C:\WINDOWS\system32\drivers\usbscan.sys (15104 bytes) (Microsoft Corporation) (10/27/2011 7:38:25 PM) (--A-) (a0b8cf9deb1184fbdd20784a58fa75d4)
C:\WINDOWS\system32\drivers\usbstor.sys (26368 bytes) (Microsoft Corporation) (4/14/2008 12:15:40 AM) (--A-) (a32426d9b14a089eaa1d922e0c5801a9)
C:\WINDOWS\system32\drivers\usbuhci.sys (20608 bytes) (Microsoft Corporation) (4/14/2008 12:15:36 AM) (--A-) (26496f9dee2d787fc3e61ad54821ffe6)
C:\WINDOWS\system32\drivers\usbvideo.sys (121984 bytes) (Microsoft Corporation) (9/27/2011 8:57:02 AM) (--A-) (63bbfca7f390f4c49ed4b96bfb1633e0)
C:\WINDOWS\system32\drivers\uvclf.sys (39040 bytes) (GenesysLogic Technologies, Inc.) (9/27/2011 1:44:38 PM) (--A-) (c019889035cdc1a06f2febc93cbb6897)
C:\WINDOWS\system32\drivers\vdmindvd.sys (58112 bytes) (RAVISENT Technologies Inc.) (8/17/2001 10:02:14 AM) (--A-) (55e01061c74a8cefff58dc36114a8d3f)
C:\WINDOWS\system32\drivers\vga.sys (20992 bytes) (Microsoft Corporation) (4/14/2008 12:14:42 AM) (--A-) (0d3a8fafceacd8b7625cd549757a7df1)
C:\WINDOWS\system32\drivers\videoprt.sys (81664 bytes) (Microsoft Corporation) (4/14/2008 12:14:42 AM) (--A-) (e28726b72c46821a28830e077d39a55b)
C:\WINDOWS\system32\drivers\volsnap.sys (52352 bytes) (Microsoft Corporation) (4/14/2008 12:11:02 AM) (--A-) (4c8fcb5cc53aab716d810740fe59d025)
C:\WINDOWS\system32\drivers\wanarp.sys (34560 bytes) (Microsoft Corporation) (4/14/2008 12:27:22 AM) (--A-) (e20b95baedb550f32dd489265c1da1f6)
C:\WINDOWS\system32\drivers\wdf01000.sys (444136 bytes) (Microsoft Corporation) (7/14/2009 10:35:16 AM) (----) (d918617b46457b9ac28027722e30f647)
C:\WINDOWS\system32\drivers\wdfldr.sys (37608 bytes) (Microsoft Corporation) (7/14/2009 10:35:16 AM) (----) (399c974dda25fd3e59f22bab787f662b)
C:\WINDOWS\system32\drivers\wdmaud.sys (83072 bytes) (Microsoft Corporation) (9/27/2011 3:06:47 PM) (--A-) (6768acf64b18196494413695f0c3a00f)
C:\WINDOWS\system32\drivers\wmilib.sys (4352 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (2f31b7f954bed437f2c75026c65caf7b)
C:\WINDOWS\system32\drivers\wpdusb.sys (38528 bytes) (Microsoft Corporation) (10/18/2006 8:00:00 PM) (----) (cf4def1bf66f06964dc0d91844239104)
C:\WINDOWS\system32\drivers\ws2ifsl.sys (12032 bytes) (Microsoft Corporation) (8/4/2004 6:00:00 AM) (--A-) (6abe6e225adb5a751622a9cc3bc19ce8)
C:\WINDOWS\system32\drivers\WSTCODEC.SYS (19200 bytes) (Microsoft Corporation) (9/27/2011 8:57:30 AM) (--A-) (c98b39829c2bbd34e454150633c62c78)
C:\WINDOWS\system32\drivers\WudfPf.sys (77568 bytes) (Microsoft Corporation) (9/28/2006 6:55:50 PM) (----) (f15feafffbb3644ccc80c5da584e6311)
C:\WINDOWS\system32\drivers\WudfRd.sys (82944 bytes) (Microsoft Corporation) (9/28/2006 7:00:34 PM) (----) (28b524262bce6de1f7ef9f510ba3985b)

[+] Non accessible files


[+] Executables in Internet Explorer Folder

C:\Program Files\Internet Explorer\ExtExport.exe (144384 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (44d37a87f00d8684ad907dae295f67fb)
C:\Program Files\Internet Explorer\hmmapi.dll (68608 bytes) (Microsoft Corporation) (9/27/2011 1:07:12 PM) (--A-) (c44e7a5bea311bd8f3dd973f107f24ec)
C:\Program Files\Internet Explorer\iecompat.dll (7680 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (745c31924636589cfa92ade6b9fc6414)
C:\Program Files\Internet Explorer\iedvtool.dll (743424 bytes) (Microsoft Corporation) (3/8/2009 4:35:32 AM) (----) (b09f3845dd7b27658c49ed1db08b37c0)
C:\Program Files\Internet Explorer\iedw.exe (18432 bytes) (Microsoft Corporation) (9/27/2011 1:07:12 PM) (--A-) (04ce8d325e42f7011f937448dbb77971)
C:\Program Files\Internet Explorer\ieproxy.dll (247808 bytes) (Microsoft Corporation) (3/8/2009 4:33:50 AM) (----) (69a3f07fad1fed82fb70b561593bbf54)
C:\Program Files\Internet Explorer\iexplore.exe (638816 bytes) (Microsoft Corporation) (9/27/2011 1:07:12 PM) (--A-) (b60dddd2d63ce41cb8c487fcfbb6419e)
C:\Program Files\Internet Explorer\iexplore.exe.mui (12288 bytes) (Microsoft Corporation) (3/8/2009 2:21:44 PM) (----) (943030b55fdb56fb8b8fcc086071e119)
C:\Program Files\Internet Explorer\jsdbgui.dll (521216 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (33db6e706fd3a2271033c5d29b3d6f76)
C:\Program Files\Internet Explorer\jsdebuggeride.dll (121344 bytes) (Microsoft Corporation) (3/8/2009 4:35:02 AM) (----) (3494af094cfb1d1b9a3c1ce255492b6c)
C:\Program Files\Internet Explorer\JSProfilerCore.dll (118272 bytes) (Microsoft Corporation) (3/8/2009 4:35:04 AM) (----) (d68cc4e775420716b6abc4d188d5d316)
C:\Program Files\Internet Explorer\jsprofilerui.dll (233984 bytes) (Microsoft Corporation) (3/8/2009 4:35:12 AM) (----) (0f6a0675181d3ae76755986f3bf9e598)
C:\Program Files\Internet Explorer\pdm.dll (355832 bytes) (Microsoft Corporation) (1/7/2009 6:20:18 PM) (----) (3ca2dfd1ee857cde7dccf4235f52d142)
C:\Program Files\Internet Explorer\sqmapi.dll (134144 bytes) (Microsoft Corporation) (1/7/2009 6:20:54 PM) (----) (5eb87ba0b93ca7e894fc8002e3ce4c2a)
C:\Program Files\Internet Explorer\xpshims.dll (12800 bytes) (Microsoft Corporation) (3/8/2009 4:33:18 AM) (----) (89b42ab664ddd9d69f1a7cb94f0d5985)

[+] Files created/modified 15 days ago

C:\Program Files\Uninstall.exe (149889 bytes) (Unknown) (6/16/2012 10:32:32 AM) (--A-) (95bc70a2de22e0a65eea4ef45b75de8d) (Created)
C:\Program Files\Mozilla Firefox\AccessibleMarshal.dll (18912 bytes) (Mozilla Foundation) (6/21/2012 8:58:11 PM) (--A-) (e36d4619a2e210b0d75f126c31208a39) (Modified)
C:\Program Files\Mozilla Firefox\crashreporter.exe (117728 bytes) (Mozilla Foundation) (6/21/2012 8:58:10 PM) (--A-) (5a59b26b219b97cf9bcf3c776ba647fc) (Modified)
C:\Program Files\Mozilla Firefox\D3DCompiler_43.dll (2106216 bytes) (Microsoft Corporation) (6/21/2012 8:58:11 PM) (--A-) (1c9b45e87528b8bb8cfa884ea0099a85) (Modified)
C:\Program Files\Mozilla Firefox\d3dx9_43.dll (1998168 bytes) (Microsoft Corporation) (6/21/2012 8:58:10 PM) (--A-) (86e39e9161c3d930d93822f1563c280d) (Modified)
C:\Program Files\Mozilla Firefox\firefox.exe (913888 bytes) (Mozilla Corporation) (6/21/2012 8:58:10 PM) (--A-) (d3c0837346c49095b8af9ef54ad7e90a) (Modified)
C:\Program Files\Mozilla Firefox\freebl3.dll (258528 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (ae383d208b896d17c5201d1f156353cb) (Modified)
C:\Program Files\Mozilla Firefox\gkmedias.dll (624608 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (3551fb8621274bc451356eff70ecc2dc) (Modified)
C:\Program Files\Mozilla Firefox\libEGL.dll (79840 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (9aabe4f07d5f78ad4c9fd4670c0e9060) (Modified)
C:\Program Files\Mozilla Firefox\libGLESv2.dll (418784 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (1ab7c84f14c8d2077c9015e094e4a191) (Modified)
C:\Program Files\Mozilla Firefox\maintenanceservice.exe (113120 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (15d5398eed42c2504bb3d4fc875c15d1) (Modified)
C:\Program Files\Mozilla Firefox\maintenanceservice_installer.exe (157608 bytes) (Mozilla Corporation) (6/21/2012 8:58:09 PM) (--A-) (18e83e2c7ea345bd798c47c14cf74e4c) (Modified)
C:\Program Files\Mozilla Firefox\mozalloc.dll (16352 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (16c1297d836ad87a53dd6ab69bc7b570) (Modified)
C:\Program Files\Mozilla Firefox\mozglue.dll (43488 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (3de755a30d131be8671a638d5c0e898d) (Modified)
C:\Program Files\Mozilla Firefox\mozjs.dll (2042848 bytes) (Unknown) (6/21/2012 8:58:09 PM) (--A-) (a013b3ad1626c27fdccbe27f9eac3d7a) (Modified)
C:\Program Files\Mozilla Firefox\mozsqlite3.dll (829920 bytes) (sqlite.org) (6/21/2012 8:58:08 PM) (--A-) (c09ac580bf42e84b0cb3f2fa73382fef) (Modified)
C:\Program Files\Mozilla Firefox\msvcp100.dll (421200 bytes) (Microsoft Corporation) (6/21/2012 8:58:08 PM) (--A-) (03e9314004f504a14a61c3d364b62f66) (Created)
C:\Program Files\Mozilla Firefox\msvcr100.dll (770384 bytes) (Microsoft Corporation) (6/21/2012 8:58:08 PM) (--A-) (67ec459e42d3081dd8fd34356f7cafc1) (Created)
C:\Program Files\Mozilla Firefox\nspr4.dll (170464 bytes) (Mozilla Foundation) (6/21/2012 8:58:08 PM) (--A-) (a0f448a3aedad420b13866355f538b61) (Modified)
C:\Program Files\Mozilla Firefox\nss3.dll (637920 bytes) (Mozilla Foundation) (6/21/2012 8:58:08 PM) (--A-) (9f58b16676ff68ab0ffc618078f83725) (Modified)
C:\Program Files\Mozilla Firefox\nssckbi.dll (358368 bytes) (Mozilla Foundation) (6/21/2012 8:58:08 PM) (--A-) (2cc8aa20e1132b362daac938098a7d2e) (Modified)
C:\Program Files\Mozilla Firefox\nssdbm3.dll (95712 bytes) (Mozilla Foundation) (6/21/2012 8:58:08 PM) (--A-) (3e4fc76314f0dd59946552d0b19bcc2b) (Modified)
C:\Program Files\Mozilla Firefox\nssutil3.dll (92640 bytes) (Mozilla Foundation) (6/21/2012 8:58:08 PM) (--A-) (06d12d2cc88f7c6228f28bac0aa9b716) (Modified)
C:\Program Files\Mozilla Firefox\plc4.dll (21472 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (a4c78c8ba7afc2b5c7b4581e8796c63d) (Modified)
C:\Program Files\Mozilla Firefox\plds4.dll (20960 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (346644d82e19dada9934504025bfa5cb) (Modified)
C:\Program Files\Mozilla Firefox\plugin-container.exe (16864 bytes) (Mozilla Corporation) (6/21/2012 8:58:04 PM) (--A-) (41623176fef9df3c113eaadadbb5fb42) (Modified)
C:\Program Files\Mozilla Firefox\smime3.dll (91104 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (62593d2afec7c88a61c0858c9c4e6c6e) (Modified)
C:\Program Files\Mozilla Firefox\softokn3.dll (155104 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (8ea5e15de69c2acb292b1d48f00de031) (Modified)
C:\Program Files\Mozilla Firefox\ssl3.dll (145376 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (11e885d7336bd50f3abbf0e3a5fde894) (Modified)
C:\Program Files\Mozilla Firefox\updater.exe (265184 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (9e7debddfb07e9d8963d2278b5c6bee1) (Modified)
C:\Program Files\Mozilla Firefox\xpcom.dll (19424 bytes) (Mozilla Foundation) (6/21/2012 8:58:04 PM) (--A-) (6d1a6c5a5d05d230c9d90c77f1a48ac2) (Modified)
C:\Program Files\Mozilla Firefox\components\browsercomps.dll (85472 bytes) (Mozilla Foundation) (6/21/2012 8:58:10 PM) (--A-) (76e47408f544b70a0de4590f7bf8ac77) (Modified)
C:\Program Files\Mozilla Firefox\uninstall\helper.exe (867072 bytes) (Mozilla Corporation) (6/21/2012 8:58:04 PM) (--A-) (ad415cb1c06c6639bad5e0c7df72eb51) (Modified)
C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (113120 bytes) (Mozilla Foundation) (6/21/2012 8:58:09 PM) (--A-) (15d5398eed42c2504bb3d4fc875c15d1) (Modified)
C:\Program Files\Mozilla Maintenance Service\Uninstall.exe (89800 bytes) (Mozilla Corporation) (6/21/2012 8:58:14 PM) (--A-) (578c68bc526763cfb7a54853a7c6ba78) (Modified)
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe (628736 bytes) (NoVirusThanks Company Srl) (6/29/2012 12:46:50 PM) (--A-) (b6ffa83b91d78a0369fe0e15e4dba69c) (Created)
C:\Program Files\NoVirusThanks\Hijack Hunter\nhdrv.sys (4608 bytes) (NoVirusThanks Company Srl) (6/29/2012 12:46:51 PM) (--A-) (8f40312ac7b0f3d0246fe52105e4f1d7) (Created)
C:\Program Files\NoVirusThanks\Hijack Hunter\unins000.exe (707354 bytes) (Unknown) (6/29/2012 12:46:50 PM) (--A-) (eecf7fe501b410aa3733bb0b23ab678a) (Created)
C:\Program Files\uTorrent\uTorrent.exe (1020816 bytes) (BitTorrent, Inc.) (6/17/2012 10:54:17 AM) (--A-) (914cc6e2f6bb309ae363b26fd4b7e883) (Modified)

[+] Hidden files in suspicious folders


[+] Suspicious Registry Keys

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\googletalk -> C:\Documents and Settings\User\Application Data\Google Talk\googletalk.exe


[+] Suspicious folders


[+] Drivers

C:\WINDOWS\system32\drivers\acpi.sys (ACPI) (Microsoft ACPI Driver) (Microsoft Corporation) (8fd99680a539792a30e97944fdaecf17)
C:\WINDOWS\system32\drivers\acpiec.sys (ACPIEC) (Microsoft Embedded Controller Driver) (Microsoft Corporation) (9859c0f6936e723e4892d7141b1327d5)
C:\WINDOWS\system32\drivers\afd.sys (AFD) (AFD) (Microsoft Corporation) (1e44bc1e83d8fd2305f8d452db109cf9)
C:\WINDOWS\system32\drivers\athw.sys (AR5416) (Atheros AR5008 Wireless Network Adapter Service) (Atheros Communications, Inc.) (e0ee769d14128014965e03b433f5f46e)
C:\WINDOWS\system32\drivers\asusacpi.sys (AsusACPI) (ASUS ACPI Driver) (ASUSTeK Computer Inc.) (12415a4b61ded200fe9932b47a35fa42)
C:\WINDOWS\system32\drivers\atapi.sys (atapi) (Standard IDE/ESDI Hard Disk Controller) (Microsoft Corporation) (9f3a2f5aa6875c72bf062c712cfa2674)
C:\WINDOWS\system32\drivers\avgidshx.sys (AVGIDSHX) (AVGIDSHX) (AVG Technologies CZ, s.r.o.) (d63d83659eedf60b3a3e620281a888e5)
C:\WINDOWS\system32\drivers\avgrkx86.sys (Avgrkx86) (AVG Anti-Rootkit Driver) (AVG Technologies CZ, s.r.o.) (1fd90b28d2c3100bf4500199c8ad6358)
C:\WINDOWS\system32\drivers\avgtdix.sys (Avgtdix) (AVG TDI Driver) (AVG Technologies CZ, s.r.o.) (1263f2554ace925c237a40b4c568d815)
C:\WINDOWS\system32\drivers\compbatt.sys (Compbatt) (Microsoft Composite Battery Driver) (Microsoft Corporation) (6e4c9f21f0fae8940661144f41b13203)
C:\WINDOWS\system32\drivers\disk.sys (Disk) (Disk Driver) (Microsoft Corporation) (044452051f3e02e7963599fc8f4f3e25)
C:\WINDOWS\system32\drivers\fltmgr.sys (FltMgr) (FltMgr) (Microsoft Corporation) (b2cf4b0786f8212cb92ed2b50c6db6b0)
C:\WINDOWS\system32\drivers\ftdisk.sys (Ftdisk) (Volume Manager Driver) (Microsoft Corporation) (6ac26732762483366c3969c9e4d2259d)
C:\WINDOWS\system32\drivers\msgpc.sys (Gpc) (Generic Packet Classifier) (Microsoft Corporation) (0a02c63c8b144bd8c86b103dee7c86a2)
C:\WINDOWS\system32\drivers\hdaudbus.sys (HDAudBus) (Microsoft UAA Bus Driver for High Definition Audio) (Windows ® Server 2003 DDK provider) (573c7d0a32852b48f3058cfd8026f511)
C:\WINDOWS\system32\drivers\hidusb.sys (HidUsb) (Microsoft HID Class Driver) (Microsoft Corporation) (ccf82c5ec8a7326c3066de870c06daf1)
C:\WINDOWS\system32\drivers\i8042prt.sys (i8042prt) (i8042 Keyboard and PS/2 Mouse Port Driver) (Microsoft Corporation) (4a0b06aa8943c1e332520f7440c0aa30)
C:\WINDOWS\system32\drivers\iastor.sys (iaStor) (Intel AHCI Controller) (Intel Corporation) (8ef427c54497c5f8a7a645990e4278c7)
C:\WINDOWS\system32\drivers\ipnat.sys (IpNat) (IP Network Address Translator) (Microsoft Corporation) (cc748ea12c6effde940ee98098bf96bb)
C:\WINDOWS\system32\drivers\ipsec.sys (IPSec) (IPSEC driver) (Microsoft Corporation) (23c74d75e36e7158768dd63d92789a91)
C:\WINDOWS\system32\drivers\isapnp.sys (isapnp) (PnP ISA/EISA Bus Driver) (Microsoft Corporation) (05a299ec56e52649b1cf2fc52d20f2d7)
C:\WINDOWS\system32\drivers\kbdclass.sys (Kbdclass) (Keyboard Class Driver) (Microsoft Corporation) (463c1ec80cd17420a542b7f36a36f128)
C:\WINDOWS\system32\drivers\kbdhid.sys (kbdhid) (Keyboard HID Driver) (Microsoft Corporation) (9ef487a186dea361aa06913a75b3fa99)
C:\WINDOWS\system32\drivers\l1c51x86.sys (L1c) (NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller) (Atheros Communications, Inc.) (6c8658587e91ea25b0fd2e71781ad228)
C:\WINDOWS\system32\drivers\mouclass.sys (Mouclass) (Mouse Class Driver) (Microsoft Corporation) (35c9e97194c8cfb8430125f8dbc34d04)
C:\WINDOWS\system32\drivers\mouhid.sys (mouhid) (Mouse HID Driver) (Microsoft Corporation) (b1c303e17fb9d46e87a98e4ba6769685)
C:\WINDOWS\system32\drivers\mrxsmb.sys (MRxSmb) (MRxSmb) (Microsoft Corporation) (7d304a5eb4344ebeeab53a2fe3ffb9f0)
C:\WINDOWS\system32\drivers\mssmbios.sys (mssmbios) (Microsoft System Management BIOS Driver) (Microsoft Corporation) (af5f4f3f14a8ea2c26de30f7a1e17136)
C:\WINDOWS\system32\drivers\ndistapi.sys (NdisTapi) (Remote Access NDIS TAPI Driver) (Microsoft Corporation) (0109c4f3850dfbab279542515386ae22)
C:\WINDOWS\system32\drivers\ndisuio.sys (Ndisuio) (NDIS Usermode I/O Protocol) (Microsoft Corporation) (f927a4434c5028758a842943ef1a3849)
C:\WINDOWS\system32\drivers\ndiswan.sys (NdisWan) (Remote Access NDIS WAN Driver) (Microsoft Corporation) (edc1531a49c80614b2cfda43ca8659ab)
C:\WINDOWS\system32\drivers\netbios.sys (NetBIOS) (NetBIOS Interface) (Microsoft Corporation) (5d81cf9a2f1a3a756b66cf684911cdf0)
C:\WINDOWS\system32\drivers\netbt.sys (NetBT) (NetBios over Tcpip) (Microsoft Corporation) (74b2b2f5bea5e9a3dc021d685551bd3d)
C:\WINDOWS\system32\drivers\pci.sys (PCI) (PCI Bus Driver) (Microsoft Corporation) (a219903ccf74233761d92bef471a07b1)
C:\WINDOWS\system32\drivers\pciide.sys (PCIIde) (PCIIde) (Microsoft Corporation) (ccf5f451bb1a5a2a522a76e670000ff0)
C:\WINDOWS\system32\drivers\raspptp.sys (PptpMiniport) (WAN Miniport (PPTP)) (Microsoft Corporation) (efeec01b1d3cf84f16ddd24d9d9d8f99)
C:\WINDOWS\system32\drivers\psched.sys (PSched) (QoS Packet Scheduler) (Microsoft Corporation) (09298ec810b07e5d582cb3a3f9255424)
C:\WINDOWS\system32\drivers\ptilink.sys (Ptilink) (Direct Parallel Link Driver) (Parallel Technologies, Inc.) (80d317bd1c3dbc5d4fe7b1678c60cadd)
C:\WINDOWS\system32\drivers\pxhelp20.sys (PxHelp20) (PxHelp20) (Sonic Solutions) (e42e3433dbb4cffe8fdd91eab29aea8e)
C:\WINDOWS\system32\drivers\rasacd.sys (RasAcd) (Remote Access Auto Connection Driver) (Microsoft Corporation) (fe0d99d6f31e4fad8159f690d68ded9c)
C:\WINDOWS\system32\drivers\rasl2tp.sys (Rasl2tp) (WAN Miniport (L2TP)) (Microsoft Corporation) (11b4a627bc9614b885c4969bfa5ff8a6)
C:\WINDOWS\system32\drivers\raspppoe.sys (RasPppoe) (Remote Access PPPOE Driver) (Microsoft Corporation) (5bc962f2654137c9909c3d4603587dee)
C:\WINDOWS\system32\drivers\raspti.sys (Raspti) (Direct Parallel) (Microsoft Corporation) (fdbb1d60066fcfbb7452fd8f9829b242)
C:\WINDOWS\system32\drivers\rdbss.sys (Rdbss) (Rdbss) (Microsoft Corporation) (7ad224ad1a1437fe28d89cf22b17780a)
C:\WINDOWS\system32\drivers\rdpcdd.sys (RDPCDD) (RDPCDD) (Microsoft Corporation) (4912d5b403614ce99c28420f75353332)
C:\WINDOWS\system32\drivers\srv.sys (Srv) (Srv) (Microsoft Corporation) (47ddfc2f003f7f9f0592c6874962a2e7)
C:\WINDOWS\system32\drivers\swenum.sys (swenum) (Software Bus Driver) (Microsoft Corporation) (3941d127aef12e93addf6fe6ee027e0f)
C:\WINDOWS\system32\drivers\syntp.sys (SynTP) (Synaptics TouchPad Driver) (Synaptics Incorporated) (bd8e7f87de409a745a132a8812de5a96)
C:\WINDOWS\system32\drivers\tcpip.sys (Tcpip) (TCP/IP Protocol Driver) (Microsoft Corporation) (9aefa14bd6b182d61e3119fa5f436d3d)
C:\WINDOWS\system32\drivers\termdd.sys (TermDD) (Terminal Device Driver) (Microsoft Corporation) (88155247177638048422893737429d9e)
C:\WINDOWS\system32\drivers\update.sys (Update) (Microcode Update Driver) (Microsoft Corporation) (402ddc88356b1bac0ee3dd1580c76a31)
C:\WINDOWS\system32\drivers\usbccgp.sys (usbccgp) (Microsoft USB Generic Parent Driver) (Microsoft Corporation) (173f317ce0db8e21322e71b7e60a27e8)
C:\WINDOWS\system32\drivers\usbehci.sys (usbehci) (Microsoft USB 2.0 Enhanced Host Controller Miniport Driver) (Microsoft Corporation) (65dcf09d0e37d4c6b11b5b0b76d470a7)
C:\WINDOWS\system32\drivers\usbhub.sys (usbhub) (USB2 Enabled Hub) (Microsoft Corporation) (1ab3cdde553b6e064d2e754efe20285c)
C:\WINDOWS\system32\drivers\usbstor.sys (usbstor) (USB Mass Storage Driver) (Microsoft Corporation) (a32426d9b14a089eaa1d922e0c5801a9)
C:\WINDOWS\system32\drivers\usbuhci.sys (usbuhci) (Microsoft USB Universal Host Controller Miniport Driver) (Microsoft Corporation) (26496f9dee2d787fc3e61ad54821ffe6)
C:\WINDOWS\system32\drivers\vga.sys (VgaSave) (VgaSave) (Microsoft Corporation) (0d3a8fafceacd8b7625cd549757a7df1)
C:\WINDOWS\system32\drivers\wdf01000.sys (Wdf01000) (Kernel Mode Driver Frameworks service) (Microsoft Corporation) (d918617b46457b9ac28027722e30f647)

[+] Drivers -> FSFilter Anti-Virus


[+] Services

c:\windows\system32\svchost.exe (CryptSvc) (Cryptographic Services) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (DcomLaunch) (DCOM Server Process Launcher) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (Dhcp) (DHCP Client) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (Dnscache) (DNS Client) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\services.exe (Eventlog) (Event Log) (Microsoft Corporation) (65df52f5b8b6e9bbd183505225c37315)
c:\windows\system32\svchost.exe (helpsvc) (Help and Support) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (LanmanServer) (Server) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (lanmanworkstation) (Workstation) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (LmHosts) (TCP/IP NetBIOS Helper) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (Netman) (Network Connections) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\services.exe (PlugPlay) (Plug and Play) (Microsoft Corporation) (65df52f5b8b6e9bbd183505225c37315)
c:\windows\system32\svchost.exe (RpcSs) (Remote Procedure Call (RPC)) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (SharedAccess) (Windows Firewall/Internet Connection Sharing (ICS)) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (TermService) (Terminal Services) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (winmgmt) (Windows Management Instrumentation) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)
c:\windows\system32\svchost.exe (WZCSVC) (Wireless Zero Configuration) (Microsoft Corporation) (27c6d03bcdb8cfeb96b716f3d8be3e18)

[+] ServiceDll

C:\WINDOWS\system32\qmgr.dll (409088 bytes) (Microsoft Corporation) (9/27/2011 1:08:02 PM) (--A-) (574738f61fca2935f5265dc4e5691314)
C:\WINDOWS\system32\es.dll (253952 bytes) (Microsoft Corporation) (4/14/2008 5:41:54 AM) (--A-) (d4991d98f2db73c60d042f1aef79efae)
C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL (701288 bytes) (Hewlett-Packard Co.) (5/28/2010 1:50:44 AM) (--A-) (56fc98f1014ea8dc51b92839c32759ec)
C:\WINDOWS\system32\HPZinw12.dll (44032 bytes) (Hewlett-Packard) (5/14/2009 4:48:06 PM) (--A-) (69c503c004f49aee8b8e3067cc047ba7)
C:\WINDOWS\system32\HPZipm12.dll (53760 bytes) (Hewlett-Packard) (5/14/2009 4:48:08 PM) (--A-) (12b4549d515cb26bb8d375038017ca65)
C:\WINDOWS\system32\srsvc.dll (171008 bytes) (Microsoft Corporation) (9/27/2011 1:07:30 PM) (--A-) (3805df0ac4296a34ba4bf93b346cc378)
C:\WINDOWS\system32\MsPMSNSv.dll (27136 bytes) (Microsoft Corporation) (4/14/2008 5:42:02 AM) (--A-) (c51b4a5c05a5475708e3c81c7765b71d)
C:\WINDOWS\system32\wuauserv.dll (6656 bytes) (Microsoft Corporation) (9/27/2011 1:08:04 PM) (--A-) (35321fb577cdc98ce3eb3a3eb9e4610a)

[+] Unknown files in Winsock LSP

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001

Value: LibraryPath
Data: %SystemRoot%\System32\winrnr.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003

Value: LibraryPath
Data: C:\Program Files\Bonjour\mdnsNSP.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001

Value: LibraryPath
Data: %SystemRoot%\System32\winrnr.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003

Value: LibraryPath
Data: C:\Program Files\Bonjour\mdnsNSP.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001

Value: LibraryPath
Data: %SystemRoot%\System32\winrnr.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002

Value: LibraryPath
Data: %SystemRoot%\System32\mswsock.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003

Value: LibraryPath
Data: C:\Program Files\Bonjour\mdnsNSP.dll
Key: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004


[+] Unknown files in CLSID

C:\WINDOWS\system32\xvid.ax (153088 bytes) (Unknown) (10/2/2011 2:03:55 PM) (--A-) (5e8cd1804c1a035311f5da9c1048f024)
C:\WINDOWS\system32\compatui.dll (252928 bytes) (Unknown) (4/14/2008 5:41:52 AM) (--A-) (809cfe39672e833e806e00560ddd7568)
C:\WINDOWS\system32\msdxm.ocx (844314 bytes) (Unknown) (4/14/2008 5:40:10 AM) (--A-) (498e898ca1c33b739e6eb89df04fc391)
C:\WINDOWS\system32\qedit.dll (562176 bytes) (Unknown) (4/14/2008 5:42:04 AM) (--A-) (0e07f36810f52b580b8a27e67d34d860)
C:\WINDOWS\system32\UniBox10.ocx (880640 bytes) (Woodbury Associates Limited) (9/30/2011 2:34:54 PM) (--A-) (ecc0b4dc8d1b15da901eba5f09ca5037)
C:\WINDOWS\system32\quartz.dll (1292288 bytes) (Unknown) (4/14/2008 5:42:04 AM) (--A-) (34ffb6aba2da398bb33422e1e9275ba9)
C:\WINDOWS\system32\UniBox210.ocx (1101824 bytes) (Woodbury Associates Limited) (9/30/2011 2:34:54 PM) (--A-) (ad0eac85abc25b2e3c81c3ad41c10c42)
C:\WINDOWS\system32\CDDBUI.dll (765952 bytes) (Gracenote) (3/19/2007 2:57:44 PM) (--A-) (7c74142a4be354bd08ff81d5b19894c7)
C:\WINDOWS\system32\devenum.dll (59904 bytes) (Unknown) (4/14/2008 5:41:52 AM) (--A-) (aa5e22854f56c68148eb3345dbd62970)
C:\WINDOWS\system32\qcap.dll (192512 bytes) (Unknown) (4/14/2008 5:42:04 AM) (--A-) (54b0324241bbf3642159918f9a4f16fb)
C:\WINDOWS\system32\qdvd.dll (386048 bytes) (Unknown) (4/14/2008 5:42:04 AM) (--A-) (33d2057b1b253aa95e3c0de8f0df2199)
C:\WINDOWS\system32\igfxsrvc.exe (249856 bytes) (Intel Corporation) (9/27/2011 2:51:42 PM) (--A-) (1d4f13dbb57c5152fc9a5dabbcfc78b4)
C:\WINDOWS\system32\qdv.dll (279040 bytes) (Unknown) (4/14/2008 5:42:04 AM) (--A-) (652efa19ca7ef9abd4fd68e89a6906c7)
C:\WINDOWS\system32\sbe.dll (270848 bytes) (Unknown) (4/14/2008 5:42:06 AM) (--A-) (74ce85c608fb5908a4aa1da1a6051608)
C:\WINDOWS\system32\hypertrm.dll (347136 bytes) (Hilgraeve, Inc.) (9/27/2011 1:05:07 PM) (--A-) (277bdf16a94be0d063988d692541650b)
C:\WINDOWS\system32\ir50_32.dll (755200 bytes) (Intel Corporation) (4/14/2008 5:41:56 AM) (--A-) (5f10dc19d92ccf6b719b494572f4f74b)
C:\WINDOWS\system32\dfrgui.dll (124416 bytes) (Microsoft Corp. and Executive Software International, Inc.) (4/14/2008 5:41:52 AM) (--A-) (a8ea0cf06ba8054834f40bbf759ac380)
C:\WINDOWS\help\sniffpol.dll (34816 bytes) (Unknown) (4/14/2008 5:42:08 AM) (--A-) (1a7bfb9cf25d4b1f946d202a76e212a7)
C:\WINDOWS\system32\SynCOM.dll (173352 bytes) (Synaptics Incorporated) (9/27/2011 3:49:52 PM) (--AR) (b884ee32466e232565b798656a2a7908)
C:\WINDOWS\system32\dnssdX.dll (178536 bytes) (Apple Inc.) (7/12/2011 11:20:54 AM) (--A-) (abe8e1541b1241bf3c7f552da144f731)
C:\WINDOWS\help\sstub.dll (33280 bytes) (Unknown) (4/14/2008 5:42:08 AM) (--A-) (7df90d8e3a29ea2fcc0fe090233e3d29)
C:\WINDOWS\system32\IGFXEXPS.DLL (24576 bytes) (Intel Corporation) (9/27/2011 2:51:43 PM) (--A-) (86459b513e33109a678ac452c7c695c6)
C:\WINDOWS\system32\mpg2splt.ax (148992 bytes) (Unknown) (4/14/2008 5:42:44 AM) (--A-) (3302b1cb44223d03d1d5bd59fb8c3114)
C:\WINDOWS\system32\ir41_32.ax (848384 bytes) (Intel Corporation) (4/14/2008 5:42:44 AM) (--A-) (948e1498c6438625247f94534aaa82fe)
C:\WINDOWS\system32\CDDBControl.dll (655360 bytes) (Gracenote, Inc.) (3/19/2007 2:57:44 PM) (--A-) (502f15a9cd5672d9f1965fec015285e8)
C:\WINDOWS\system32\l3codecx.ax (143422 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (8/4/2004 6:00:00 AM) (--A-) (de2fb32a9ec98b8f1b9a2b869af5d269)
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\HPCDMC32.dll (490496 bytes) (HP) (10/27/2011 7:38:45 PM) (--A-) (b2bcd4b0352b069f160c4db82334768b)
C:\WINDOWS\system32\igfxpph.dll (204800 bytes) (Intel Corporation) (9/27/2011 2:51:41 PM) (--A-) (94bc8ef4808bcdc0d3ad8f0f4fb92fd9)
C:\WINDOWS\system32\acelpdec.ax (61952 bytes) (Sipro Lab Telecom Inc.) (8/4/2004 6:00:00 AM) (--A-) (d0a33c77354a6f12ccd8034e4429a30d)
C:\WINDOWS\system32\dfrgsnap.dll (39424 bytes) (Microsoft Corp. and Executive Software International, Inc.) (4/14/2008 5:41:52 AM) (--A-) (ccc5b7e12d6002d308e8d11ff9d1fc57)
C:\WINDOWS\system32\igfxdo.dll (135168 bytes) (Intel Corporation) (9/27/2011 2:51:40 PM) (--A-) (6d07ebc2dadad53232398c9b609989ad)
C:\WINDOWS\system32\amstream.dll (70656 bytes) (Unknown) (4/14/2008 5:41:50 AM) (--A-) (f8e4901cb3027eb0a0384001f11877c2)
C:\WINDOWS\PCHealth\HelpCtr\Binaries\msinfo.dll (376832 bytes) (Unknown) (9/27/2011 1:07:33 PM) (--A-) (2278e5238f7f58c4205cbae2c4beba77)
C:\WINDOWS\system32\hpbpro.dll (40448 bytes) (Hewlett-Packard Company) (7/17/2009 12:07:48 PM) (--A-) (2e89a2785588e0f383485d33d0657a52)
C:\WINDOWS\system32\dxmasf.dll (498742 bytes) (Unknown) (4/14/2008 5:41:54 AM) (--A-) (8b4c502de1aaaf6af41ae3c14e40ba0a)
C:\WINDOWS\system32\l3codeca.acm (307260 bytes) (Fraunhofer Institut Integrierte Schaltungen IIS) (4/14/2008 5:39:58 AM) (--A-) (f3946b534cc197cbffd9a2ecfd1f556f)
C:\WINDOWS\system32\hpbprops.dll (7680 bytes) (Hewlett-Packard Company) (7/17/2009 12:07:46 PM) (--A-) (907b886a209c42155240466ff259b4d7)
C:\WINDOWS\system32\hpbmiapi.dll (24576 bytes) (Hewlett-Packard Company) (7/17/2009 12:07:46 PM) (--A-) (085accc6d5ceb6d38a12ae445cec5ad7)
C:\WINDOWS\system32\hticons.dll (44544 bytes) (Hilgraeve, Inc.) (9/27/2011 1:05:42 PM) (--A-) (f759a6e14403bc3d7a55ccad1b8f7b4a)
C:\WINDOWS\system32\hpboidps.dll (7680 bytes) (Hewlett-Packard Company) (7/17/2009 12:07:48 PM) (--A-) (b7fe505ed739bde9e0255e2f02b34e3b)
C:\WINDOWS\system32\dgnet.dll (111104 bytes) (Microsoft) (4/14/2008 5:41:52 AM) (--A-) (2b90b311b85b7ad7cbc1df8640cdae26)
C:\WINDOWS\system32\popup.ocx (29184 bytes) (Blue Sky Software) (3/19/2007 2:58:04 PM) (--A-) (dee51cbd0811300ce099e8a242f6ed40)
C:\WINDOWS\system32\igfxdev.dll (208896 bytes) (Intel Corporation) (9/27/2011 2:51:41 PM) (--A-) (1180852dbfadafc375dbba1f6b23eee7)
C:\WINDOWS\system32\RTCOM\RTCOMDLL.dll (270336 bytes) (Realtek Semiconductor Corp.) (9/27/2011 3:06:12 PM) (--A-) (5f7ed6562f24feefa152504239e443b8)
C:\WINDOWS\system32\iac25_32.ax (199680 bytes) (Intel Corporation) (4/14/2008 5:42:44 AM) (--A-) (877c90686858d899b042bba45e9b7f2c)
C:\WINDOWS\system32\wiasf.ax (40448 bytes) (Unknown) (8/4/2004 6:00:00 AM) (--A-) (bef31ef51a02f4e18a06eb1806f51403)
C:\WINDOWS\system32\encdec.dll (186880 bytes) (Unknown) (4/14/2008 5:41:54 AM) (--A-) (56fc6bcafc247f9867c3884410090614)
C:\WINDOWS\system32\UniBoxVB12.ocx (212992 bytes) (Woodbury Associates Limited) (9/30/2011 2:34:54 PM) (--A-) (5d2a12a554889b7378977b229b11130e)
C:\WINDOWS\system32\deployJava1.dll (472808 bytes) (Sun Microsystems, Inc.) (2/14/2012 5:13:46 PM) (--A-) (3107d5460a32130eafe9beaa12ee2251)
C:\WINDOWS\system32\hpboid.dll (25600 bytes) (Hewlett-Packard Company) (7/17/2009 12:07:48 PM) (--A-) (f49227eb2fba67ce02c0fdc6f97d79d0)
C:\WINDOWS\system32\igfxsrvc.dll (48128 bytes) (Intel Corporation) (9/27/2011 2:51:43 PM) (--A-) (30db789a2d61dbe9bfcc07e3e9f3cda8)
C:\WINDOWS\system32\msjetoledb40.dll (355112 bytes) (Unknown) (4/2/2007 6:19:22 PM) (--A-) (077f067c69073d1ebc84984e7fe5ba44)
C:\WINDOWS\system32\RTCOM\RTLCPAPI.dll (131072 bytes) (Unknown) (9/27/2011 3:06:15 PM) (--A-) (4beb7673680679b9fbdd0a97e3b2c4c9)

[+] TCP Connections

svchost.exe -> 0.0.0.0:135 -> 0.0.0.0:55320 -> LISTENING
N/A -> 0.0.0.0:445 -> 0.0.0.0:40964 -> LISTENING
N/A -> 192.168.1.18:139 -> 0.0.0.0:51330 -> LISTENING

[+] UDP Connections

N/A -> 0.0.0.0:445 -> *.*
N/A -> 192.168.1.18:137 -> *.*
N/A -> 192.168.1.18:138 -> *.*

[+] Hosts file


[+] Ring3 API Hooks

C:\WINDOWS\Explorer.EXE -> KERNEL32.DLL->GetProcAddress -> ShimEng.dll -> IAT

[+] Kernel Mode Info


---
Finish [ 0:13:11 ]

BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,739 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 04 July 2012 - 12:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

Posted Image In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/458763 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

Posted Image If you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS and GMER log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows, you should not bother creating a GMER log.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice


Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 smithmd4

smithmd4
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:04:36 PM

Posted 07 July 2012 - 11:43 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_29
Run by User at 21:52:01 on 2012-07-07
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2039.1440 [GMT -4:00]
.
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NoVirusThanks\Hijack Hunter\HijackHunter.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BeerSmith2.exe
C:\Documents and Settings\User\My Documents\Downloads\hwp2mner.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
BHO: Octh Class: {000123b4-9b42-4900-b3f7-f4b073efc214} - c:\program files\orbitdownloader\orbitcth.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Do Not Track: {31332eef-cb9f-458f-afeb-d30e9a66b6ba} - c:\program files\avg\avg2012\avgdtiex.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg2012\avgssie.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Grab Pro: {c55bbcd6-41ad-48ad-9953-3609c48eacc7} - c:\program files\orbitdownloader\GrabPro.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
uRun: [googletalk] c:\documents and settings\user\application data\google talk\googletalk.exe /autostart
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
mRun: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [AVG_TRAY] "c:\program files\avg\avg2012\avgtray.exe"
mRun: [vspdfprsrv.exe] c:\program files\pdf pro software\pdf pro 10\vspdfprsrv.exe --background
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\user\startm~1\programs\startup\ctfmon.lnk - c:\windows\system32\rundll32.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\user\application data\dropbox\bin\Dropbox.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\superh~1.lnk - c:\program files\asus\eeepc\super hybrid engine\SuperHybridEngine.exe
IE: &Download by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\orbitdownloader\orbitmxt.dll/202
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - c:\program files\avg\avg2012\avgdtiex.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{CCC2616F-1EDE-4249-A133-476E0BE9795A} : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GR99D3~1.DLL
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg2012\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GRA8E1~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\yu8qy769.default\
FF - prefs.js: browser.startup.homepage - hxxp://my.yahoo.com/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.60831.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\veetle\player\npvlc.dll
FF - plugin: c:\program files\veetle\plugins\npVeetle.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_262.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [2012-4-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2011-7-11 31952]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2011-7-11 301248]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [2011-9-27 38912]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2012-2-14 11832]
S1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2011-7-11 235216]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2011-8-8 41040]
S2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg2012\avgidsagent.exe [2012-4-30 5106744]
S2 avgwd;AVG WatchDog;c:\program files\avg\avg2012\avgwdsvc.exe [2012-2-14 193288]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2011-11-19 136176]
S2 PanService;PandoraService;c:\program files\pandora.tv\panservice\PandoraService.exe [2011-12-12 624856]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2011-9-30 583640]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-2-29 158856]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-6-22 257696]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-9-27 1684736]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [2011-12-23 17232]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2011-6-2 11336]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2011-11-19 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-5-3 113120]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [2011-9-27 39040]
.
=============== Created Last 30 ================
.
2012-06-29 16:46:50 -------- d-----w- c:\program files\NoVirusThanks
2012-06-29 16:38:44 -------- d-----w- c:\program files\CleanUp!
2012-06-29 16:37:53 -------- dc----w- c:\documents and settings\all users\application data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2012-06-29 15:56:40 -------- d-----w- C:\temp
2012-06-22 04:09:30 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-22 00:58:08 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2012-06-22 00:58:08 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2012-06-16 14:32:32 149889 ----a-w- c:\program files\Uninstall.exe
2012-06-16 14:32:32 -------- d-----w- c:\program files\Updates
2012-06-16 14:32:26 -------- d-----w- c:\program files\Reports
2012-06-16 14:32:26 -------- d-----w- c:\program files\icons
2012-06-16 14:32:25 -------- d-----w- c:\program files\help
.
==================== Find3M ====================
.
2012-06-22 04:42:28 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-07 06:38:38 6236160 ----a-w- c:\program files\BeerSmith2.exe
2012-04-19 08:50:26 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys
2007-11-07 05:19:34 655872 ----a-w- c:\program files\msvcr90.dll
2007-11-07 05:19:34 568832 ----a-w- c:\program files\msvcp90.dll
.
============= FINISH: 21:52:32.14 ===============

Attached Files



#4 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:36 PM

Posted 08 July 2012 - 04:37 PM

Hi smithmd4,

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

  • If you have since resolved the original problem you were having, I would appreciate it if you let me know.
  • If you are unsure about any of the steps just post what you can and I will guide you!
  • Please tell me if you have your original Windows CD/DVD available.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below I will review your topic an do my best to resolve your issues.

==========

I will be checking your logs, so please allow me some time for this. When I have completed that, I will post a response to my instructor first, then here if approved (I am still a trainee here at BC and an instructor must approve my posts).

==========

In the meantime, please answer these questions as completely as you can:

Please let me know of what problems you are having with your computer.

I had a hijack come up mid session. I was unable to get out of it or access anything. When restarting, it starts immediately upon logging in.

What came up mid session? What hijack do you mention?
What starts immediately upon logging in?

bloopie

#5 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:36 PM

Posted 09 July 2012 - 08:03 AM

Hi again,

:step1: Warning

Going over your logs I noticed that you have µTorrent installed.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a wide variety of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
It is pretty much certain that if you continue to use P2P programs, you will get infected again.
I would recommend that you uninstall µTorrent, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

===========

:step2: Run Combofix

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links.
Link 1
Link 2
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you recieve an error "Illegal operation attempted on a registery key that has been marked for deletion." Please restart the computer

==========

In your next reply, please include the Combofix.txt and let me know how your computer is running!

bloopie

#6 bloopie

bloopie

    Bleepin' Sith Turner


  • Malware Response Team
  • 7,927 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:New York
  • Local time:04:36 PM

Posted 12 July 2012 - 08:31 AM

Hello again,

This is a 3-Day Bump! If you still wish to receive help please follow the instructions in my last post.

If you do not respond in another 48 hours, we will be forced to close this topic!

bloopie

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:36 PM

Posted 14 July 2012 - 08:31 AM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users