TechSpot

Sirefef.Fc Trojan!!!

By aliano
Aug 13, 2012
  1. Nod32 has detected Win32/Sirefef.FcTrojan(related to:system32/srevices.exe) but isn't able to clean it!!Please help me to get rid of this trojan and Nod32 annoying warnings
     
  2. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Welcome aboard [​IMG]

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
    aliano likes this.
  3. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.11.01

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Clinic 123 :: CLINIC123-PC [administrator]

    Protection: Enabled

    8/11/2012 1:15:25 PM
    mbam-log-2012-08-11 (13-15-25).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 196266
    Time elapsed: 11 minute(s), 2 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 1
    HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 5
    C:\Users\Clinic 123\AppData\Local\Temp\29CF.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
    C:\Users\Clinic 123\AppData\Local\Temp\KMP_3.2.0.0.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
    C:\Users\Clinic 123\Local Settings\Temporary Internet Files\Content.IE5\0GKE56Z0\soft4[2].exe (Trojan.LameShield) -> Quarantined and deleted successfully.
    C:\Users\Clinic 123\Local Settings\Temporary Internet Files\Content.IE5\QRALINED\soft5[1].exe (RootKit.0Access) -> Quarantined and deleted successfully.
    C:\Users\Clinic 123\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

    (end)
     
  4. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Go on...
     
  5. aliano

    aliano TS Rookie Topic Starter Posts: 17

    No gmer log
    =============================================================================================
    .
    DDS (Ver_2011-08-26.01) - NTFSx86
    Internet Explorer: 8.0.7600.16385
    Run by Clinic 123 at 0:46:51 on 2012-08-15
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1190 [GMT 4.5:30]
    .
    AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\system32\atiesrxx.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\atieclxx.exe
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    C:\Windows\system32\svchost.exe -k hpdevmgmt
    C:\Windows\system32\lkcitdl.exe
    C:\Windows\system32\lkads.exe
    C:\Windows\system32\lktsrv.exe
    C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    C:\Windows\system32\nisvcloc.exe
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    C:\Windows\System32\svchost.exe -k secsvcs
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    C:\Program Files\ESET\ESET Smart Security\egui.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\GoldenDict\GoldenDict.exe
    C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\explorer.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
    uRun: [GoldenDict] "c:\program files\goldendict\GoldenDict.exe"
    mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
    mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
    mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
    mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cp1510 series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater
    mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n
    mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
    mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
    mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
    mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
    mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
    uPolicies-explorer: HideSCAHealth = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableLUA = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
    mPolicies-system: EnableLinkedConnections = 1 (0x1)
    IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7} : DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7}\3586164756C6F584 : DhcpNameServer = 192.168.1.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
    SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\clinic 123\appdata\roaming\mozilla\firefox\profiles\2yxm0cjs.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.ftp - localhost
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 1080
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 fmsg;fmsg;c:\windows\system32\drivers\fmsg.sys [2011-5-6 11264]
    R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
    R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-5-6 21992]
    R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
    R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
    R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
    R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-4-25 96056]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-11 655944]
    R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2011-5-5 27648]
    R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
    R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-21 2673064]
    R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032]
    R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696]
    R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-5-5 101904]
    R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-31 242240]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-11 22344]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-5 362600]
    R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
    R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2011-5-5 19968]
    S2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [2011-8-22 1327104]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [2011-4-26 145920]
    S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2011-5-5 43520]
    S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2011-5-5 19968]
    S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2011-5-5 43520]
    S3 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
    .
    =============== Created Last 30 ================
    .
    2012-08-11 08:18:03 -------- d-----w- c:\users\clinic 123\appdata\roaming\Malwarebytes
    2012-08-11 08:17:07 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-11 08:17:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-11 08:17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-10 08:04:42 -------- d-s---w- C:\ComboFix
    2012-08-09 09:25:13 -------- d-----w- c:\windows\system32\DBBK
    2012-08-03 14:05:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-27 15:03:51 -------- d-----w- c:\program files\Throttle
    2012-07-27 14:28:20 -------- d-----w- c:\program files\Your Freedom
    2012-07-21 15:31:28 -------- d-----w- c:\users\clinic 123\temp
    2012-07-21 15:31:13 -------- d-----w- c:\program files\TeamViewer
    2012-07-19 10:07:58 -------- d-----w- c:\users\clinic 123\appdata\local\Programs
    2012-07-18 09:29:08 -------- d-----w- c:\users\clinic 123\appdata\local\ArcSoft
    2012-07-18 09:29:07 -------- d-----w- c:\programdata\ArcSoft
    2012-07-18 09:28:33 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2012-07-18 09:27:22 245408 ----a-w- c:\windows\system32\unicows.dll
    2012-07-18 09:25:37 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
    2012-07-18 09:25:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
    2012-07-18 09:25:37 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
    2012-07-18 09:25:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
    2012-07-18 09:24:57 -------- d-----w- c:\program files\My Company Name
    .
    ==================== Find3M ====================
    .
    .
    ============= FINISH: 0:47:43.29 ===============
    ===========================================================================================
    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Ultimate
    Boot Device: \Device\HarddiskVolume1
    Install Date: 5/6/2011 7:48:19 AM
    System Uptime: 8/14/2012 11:53:19 PM (1 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | 945PL-S3
    Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3014/200mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 73 GiB total, 25.352 GiB free.
    D: is FIXED (NTFS) - 196 GiB total, 29.598 GiB free.
    E: is FIXED (NTFS) - 196 GiB total, 26.933 GiB free.
    F: is FIXED (NTFS) - 15 GiB total, 8.162 GiB free.
    G: is FIXED (NTFS) - 45 GiB total, 20.159 GiB free.
    H: is CDROM ()
    I: is FIXED (NTFS) - 45 GiB total, 26.623 GiB free.
    J: is FIXED (NTFS) - 45 GiB total, 7.651 GiB free.
    K: is CDROM ()
    L: is CDROM ()
    O: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID:
    Description: PCI Simple Communications Controller
    Device ID: PCI\VEN_14F1&DEV_1056&SUBSYS_105614F1&REV_08\4&BC67B8D&0&00F0
    Manufacturer:
    Name: PCI Simple Communications Controller
    PNP Device ID: PCI\VEN_14F1&DEV_1056&SUBSYS_105614F1&REV_08\4&BC67B8D&0&00F0
    Service:
    .
    ==== System Restore Points ===================
    .
    RP114: 7/26/2012 1:57:50 AM - Scheduled Checkpoint
    RP115: 8/2/2012 9:51:30 PM - Scheduled Checkpoint
    RP117: 8/9/2012 1:54:49 PM - Panda ZAcccess init
    RP119: 8/9/2012 2:02:54 PM - Panda ZAcccess Cleanup
    .
    ==== Installed Programs ======================
    .
    7-Zip 9.20
    Adobe Flash Player 11 Plugin
    Adobe Reader 8.1.2
    Adobe Shockwave Player 11.6
    AMD Drag and Drop Transcoding
    Angry Birds Space v1.0.0.2 Full
    ArcSoft TotalMedia 3.5
    ATI AVIVO Codecs
    ATI Catalyst Install Manager
    BufferChm
    Cadence License Manager
    Catalyst Control Center - Branding
    Catalyst Control Center Graphics Previews Common
    Catalyst Control Center Graphics Previews Vista
    Catalyst Control Center InstallProxy
    Catalyst Control Center Localization All
    ccc-core-static
    ccc-utility
    CCC Help Chinese Standard
    CCC Help Chinese Traditional
    CCC Help Czech
    CCC Help Danish
    CCC Help Dutch
    CCC Help English
    CCC Help Finnish
    CCC Help French
    CCC Help German
    CCC Help Greek
    CCC Help Hungarian
    CCC Help Italian
    CCC Help Japanese
    CCC Help Korean
    CCC Help Norwegian
    CCC Help Polish
    CCC Help Portuguese
    CCC Help Russian
    CCC Help Spanish
    CCC Help Swedish
    CCC Help Thai
    CCC Help Turkish
    CCleaner
    CoreAVC Professional Edition (remove only)
    COWON Media Center - jetAudio Plus VX
    CPUID CPU-Z 1.57.1
    Crystal XI
    CustomerResearchQFolder
    DAEMON Tools Pro
    DeviceDiscovery
    DeviceManagementQFolder
    Diagnostic Utility
    Driver Detective
    Electronics Workbench V5.12
    ESET Online Scanner v3
    ESET Smart Security
    eSupportQFolder
    GetDataBack for NTFS
    GoldenDict
    Google Chrome
    HI-TECH C51-lite V9.60PL0
    HI-TECH PICC lite V9.60PL0
    High-Definition Video Playback
    HP Color LaserJet CP1510 Series 2.0
    HP Customer Participation Program 9.0
    HP Imaging Device Functions 9.0
    HP LaserJet 1100
    HP Solution Center 9.0
    HP Update
    HPCarePackCore
    HPCarePackProducts
    hppCLJCP1510
    hppFonts
    hppManualsCP1510
    hppPQVideoCP1510
    HPProductAssistant
    hppTLBXFXCP1510
    hppusgCP1510
    HPSSupply
    hpzTLBXFX
    HydraVision
    ImTOO Video Editor 2
    Internet Download Manager
    ITE9135 Driver 32bit
    Java Auto Updater
    Java(TM) 7 Update 3
    K-Lite Codec Pack 7.7.0 (Full)
    Macromedia Flash Player 8
    Malwarebytes Anti-Malware version 1.62.0.1300
    MarketResearch
    MATLAB R2009a
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Office Access MUI (English) 2007
    Microsoft Office Access Setup Metadata MUI (English) 2007
    Microsoft Office Enterprise 2007
    Microsoft Office Excel MUI (English) 2007
    Microsoft Office Groove MUI (English) 2007
    Microsoft Office Groove Setup Metadata MUI (English) 2007
    Microsoft Office InfoPath MUI (English) 2007
    Microsoft Office OneNote MUI (English) 2007
    Microsoft Office Outlook MUI (English) 2007
    Microsoft Office PowerPoint MUI (English) 2007
    Microsoft Office Proof (English) 2007
    Microsoft Office Proof (French) 2007
    Microsoft Office Proof (Spanish) 2007
    Microsoft Office Proofing (English) 2007
    Microsoft Office Publisher MUI (English) 2007
    Microsoft Office Shared MUI (English) 2007
    Microsoft Office Shared Setup Metadata MUI (English) 2007
    Microsoft Office Word MUI (English) 2007
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Mozilla Firefox 8.0.1 (x86 en-US)
    National Instruments Software
    Nero 10 Menu TemplatePack Basic
    Nero 10 Movie ThemePack Basic
    Nero BackItUp 10
    Nero BackItUp 10 Help (CHM)
    Nero Burning ROM 10
    Nero BurningROM 10 Help (CHM)
    Nero BurnRights 10
    Nero BurnRights 10 Help (CHM)
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero CoverDesigner 10
    Nero CoverDesigner 10 Help (CHM)
    Nero DiscCopy Gadget 10
    Nero DiscCopyGadget 10 Help (CHM)
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Dolby Files 10
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero InfoTool 10
    Nero InfoTool 10 Help (CHM)
    Nero Kwik Media
    Nero Multimedia Suite 10
    Nero Recode 10
    Nero Recode 10 Help (CHM)
    Nero RescueAgent 10
    Nero RescueAgent 10 Help (CHM)
    Nero SoundTrax 10
    Nero SoundTrax 10 Help (CHM)
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    Nero Vision 10
    Nero Vision 10 Help (CHM)
    Nero WaveEditor 10
    Nero WaveEditor 10 Help (CHM)
    NeroKwikMedia Help (CHM)
    NI Circuit Design Suite 10 Core
    NI Circuit Design Suite 10 Pro
    NI Circuit Design Suite Support and Upgrade Utility
    NI EULA Depot
    NI LabVIEW Run-Time Engine 8.0.1
    NI LabVIEW Run-Time Engine 8.2
    NI LabWindows/CVI 8.0.1 Run-Time Engine
    NI License Manager
    NI Logos 4.7
    NI Math Kernel Libraries
    NI MDF Support
    NI Service Locator
    NI TDMS
    NI Uninstaller
    NI USI 1.3.0
    Nokia Connectivity Cable Driver
    Nokia Flashing Cable Driver
    Nokia Home Media Server
    Nokia Map Loader
    Nokia Music
    Nokia Ovi Application Installer
    Nokia Ovi Application Installer 6.85.3011
    Nokia Ovi Content Copier
    Nokia Ovi Content Copier 6.85.3011
    Nokia Ovi One Touch Access
    Nokia Ovi One Touch Access 6.85.3011
    Nokia Ovi Suite
    Nokia Ovi System Utilities
    Nokia Ovi System Utilities 6.85.3013
    Nokia Photos
    Nokia Software Updater
    Orcad Family Release 9.2 Standalone
    PC Connectivity Solution
    pes 2012
    Power System Toolbox
    PowerWorld Simulator Education/Evaluation Edition
    pro evolution soccer 2011 2011
    Product_SF_Full_QFolder
    Product_SF_Min_QFolder
    Rayman Origins
    Realtek Ethernet Controller Driver
    Realtek High Definition Audio Driver
    Release OrCAD 16.0
    SolutionCenter
    Super Smasher 1.0.1
    swMSM
    TeamViewer 7
    The KMPlayer (remove only)
    Total Video Converter 3.71 100812
    TrayApp
    TwonkyMedia
    UltraISO Premium V9.36
    Unknown Device Identifier 7.00
    VirtualCloneDrive
    VLC media player 1.1.10
    VobSub v2.23 (Remove Only)
    WebReg
    Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    WinRAR 4.00 (32-bit)
    Your Freedom 20120709-01
    .
    ==== Event Viewer Messages From Past Week ========
    .
    8/9/2012 2:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    8/9/2012 2:58:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    8/9/2012 2:58:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    8/9/2012 2:58:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    8/9/2012 2:58:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6
    8/9/2012 2:58:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
    8/9/2012 2:57:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
    8/9/2012 2:57:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
    8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
    8/14/2012 6:09:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
    8/14/2012 11:53:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
    8/14/2012 11:53:37 PM, Error: Service Control Manager [7000] - The Sentinel service failed to start due to the following error: The system cannot find the device specified.
    8/14/2012 11:53:37 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
    8/14/2012 11:53:37 PM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
    8/10/2012 11:28:46 AM, Error: Service Control Manager [7003] - The epfwwfp service depends the following service: BFE. This service might not be installed.
    8/10/2012 11:28:27 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
    8/10/2012 11:28:26 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
    .
    ==== End Of File ===========================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    • Download RogueKiller on the desktop
    • Close all the running programs
    • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    =================================

    Download aswMBR to your desktop.
    Double click the aswMBR.exe to run it.
    If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
    Click the "Scan" button to start scan.
    On completion of the scan click "Save log", save it to your desktop and post in your next reply.

    NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
     
    aliano likes this.
  7. aliano

    aliano TS Rookie Topic Starter Posts: 17

    RogueKiller V7.6.6 [08/10/2012] by Tigzy
    mail: tigzyRK<at>gmail<dot>com
    Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/
    Blog: http://tigzyrk.blogspot.com

    Operating System: Windows 7 (6.1.7600 ) 32 bits version
    Started in : Normal mode
    User: Clinic 123 [Admin rights]
    Mode: Scan -- Date: 08/15/2012 16:05:16

    ¤¤¤ Bad processes: 0 ¤¤¤

    ¤¤¤ Registry Entries: 4 ¤¤¤
    [HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
    [HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤
    [ZeroAccess][FOLDER] U : c:\windows\installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\windows\installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L --> FOUND
    [ZeroAccess][FILE] n : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n --> FOUND
    [ZeroAccess][FILE] @ : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@ --> FOUND
    [ZeroAccess][FOLDER] U : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U --> FOUND
    [ZeroAccess][FOLDER] L : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L --> FOUND

    ¤¤¤ Driver: [LOADED] ¤¤¤

    ¤¤¤ Infection : ZeroAccess ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤

    127.0.0.1 activation.nero.com
    127.0.0.1 tonec.com
    127.0.0.1 www.tonec.com
    127.0.0.1 registeridm.com
    127.0.0.1 3dns-5.adobe.com
    127.0.0.1 adobe-dns.adobe.com
    127.0.0.1 adobe-dns-2.adobe.com
    127.0.0.1 adobe-dns-3.adobe.com
    127.0.0.1 adobe.activate.com
    127.0.0.1 activate.adobe.com
    127.0.0.1 activate.wip3.adobe.com
    127.0.0.1 activate.wip4.adobe.com
    127.0.0.1 activate-sea.adobe.com
    127.0.0.1 activate-sjc0.adobe.com
    127.0.0.1 ereg.adobe.com
    127.0.0.1 ereg.wip3.adobe.com
    127.0.0.1 ereg.wip4.adobe.com


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: ST3500413AS ATA Device +++++
    --- User ---
    [MBR] 8ef4e726cdec43bf1f21ac3158589d81
    [BSP] e7a8c8b769c7acf0e64870223dd59ce4 : Windows 7 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
    1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo
    2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153600000 | Size: 201000 Mo
    3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 565248000 | Size: 200937 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    +++++ PhysicalDrive1: Maxtor 6V160E0 ATA Device +++++
    --- User ---
    [MBR] 37bb50b30839bcf0f5b245b78edbeb5d
    [BSP] d22d4f849956e5c34f8c1c414c18e51d : Windows XP MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15366 Mo
    1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 31471335 | Size: 137242 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1].txt >>
    RKreport[1].txt

    ===========================================================================================

    aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
    Run date: 2012-08-15 16:07:53
    -----------------------------
    16:07:53.298 OS Version: Windows 6.1.7600
    16:07:53.299 Number of processors: 2 586 0x409
    16:07:53.302 ComputerName: CLINIC123-PC UserName: Clinic 123
    16:07:54.191 Initialize success
    16:08:27.767 AVAST engine download error: 0
    16:08:55.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
    16:08:55.941 Disk 0 Vendor: ST3500413AS JC45 Size: 476938MB BusType: 3
    16:08:55.948 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
    16:08:55.953 Disk 1 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
    16:08:55.967 Disk 0 MBR read successfully
    16:08:55.974 Disk 0 MBR scan
    16:08:55.983 Disk 0 Windows 7 default MBR code
    16:08:55.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
    16:08:56.014 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 74899 MB offset 206848
    16:08:56.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 201000 MB offset 153600000
    16:08:56.044 Disk 0 Partition - 00 0F Extended LBA 200937 MB offset 565248000
    16:08:56.083 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 200936 MB offset 565250048
    16:08:56.117 Disk 0 scanning sectors +976766976
    16:08:56.186 Disk 0 scanning C:\Windows\system32\drivers
    16:09:03.353 Service scanning
    16:09:15.429 Modules scanning
    16:09:32.687 Disk 0 trace - called modules:
    16:09:32.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys USBPORT.SYS usbuhci.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys mouclass.sys??
    16:09:32.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e68a38]
    16:09:32.838 3 CLASSPNP.SYS[88faf59e] -> nt!IofCallDriver -> [0x85d8c4e8]
    16:09:32.839 5 ACPI.sys[83ab13b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850af610]
    16:09:32.841 7 mouhid.sys[99d7778b] -> nt!IofCallDriver -> \Device\00000076[0x86f5f030]
    16:09:32.842 9 hidusb.sys[99d50391] -> nt!IofCallDriver -> \Device\USBPDO-5[0x86eec030]
    16:09:32.843 11 usbhub.sys[96683c89] -> nt!IofCallDriver -> \Device\USBPDO-1[0x865ce028]
    16:09:32.862 Scan finished successfully
    16:10:24.357 Disk 0 MBR has been saved successfully to "C:\Users\Clinic 123\Desktop\MBR.dat"
    16:10:24.386 The log file has been saved successfully to "C:\Users\Clinic 123\Desktop\aswMBR.txt"
     
  8. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
    For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

    Plug the flashdrive into the infected PC.

    Enter System Recovery Options.

    To enter System Recovery Options from the Advanced Boot Options:
    • Restart the computer.
    • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
    • Use the arrow keys to select the Repair your computer menu item.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account an click Next.

    To enter System Recovery Options by using Windows installation disc:
    • Insert the installation disc.
    • Restart your computer.
    • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
    • Click Repair your computer.
    • Select US as the keyboard language settings, and then click Next.
    • Select the operating system you want to repair, and then click Next.
    • Select your user account and click Next.

    On the System Recovery Options menu you will get the following options:

      • Startup Repair
        System Restore
        Windows Complete PC Restore
        Windows Memory Diagnostic Tool
        Command Prompt
    • Select Command Prompt
    • In the command window type in notepad and press Enter.
    • The notepad opens. Under File menu select Open.
    • Select "Computer" and find your flash drive letter and close the notepad.
    • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
      Note: Replace letter e with the drive letter of your flash drive.
    • The tool will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

    Next...

    Re-run FRST again.
    Type the following in the edit box after "Search:".

    services.exe

    Click Search button and post the log (Search.txt) it makes in your reply.

    I'll expect two logs:
    - FRST.txt
    - Search.txt
     
    aliano likes this.
  9. aliano

    aliano TS Rookie Topic Starter Posts: 17

    FRST.txt :


    Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 15-08-2012 23:40:23
    Running from M:\
    Windows 7 Ultimate (X86) OS Language: English(US)
    The current controlset is ControlSet001

    ========================== Registry (Whitelisted) =============

    HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)
    HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
    HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2010-04-30] (Realtek Semiconductor)
    HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [52392 2009-01-29] (Elaborate Bytes AG)
    HKLM\...\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater [x]
    HKLM\...\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum:eek:n /alerts:eek:n /notifications:eek:n /fl:eek:n /fr:eek:n /appData:eek:n [53248 2007-08-27] (HP)
    HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
    HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
    HKLM\...\Run: [] [x]
    HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [36864 2007-05-08] ()
    HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2215064 2010-08-12] (ESET)
    HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
    HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
    HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-17] (ArcSoft Inc.)
    HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
    HKU\Clinic 123\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3487128 2012-04-23] (Tonec Inc.)
    HKU\Clinic 123\...\Run: [GoldenDict] "C:\Program Files\GoldenDict\GoldenDict.exe" [2411520 2010-12-04] (GoldenDict)
    HKU\Clinic 123\...\Run: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide [6738432 2012-07-20] (Microsoft)
    HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
    HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
    Startup: C:\Users\All Users\Start Menu\Programs\Startup\TMMonitor.lnk
    ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

    ================================ Services (Whitelisted) ==================

    2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
    2 Cadence License Manager; C:\OrCAD\license_manager\lmgrd.exe [1327104 2007-03-18] (Macrovision Corporation)
    3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [33584 2010-08-12] (ESET)
    2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [810144 2010-08-12] (ESET)
    2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
    2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [688190 2006-06-19] (National Instruments, Inc.)
    2 lkClassAds; C:\Windows\system32\lkads.exe [45056 2006-07-25] (National Instruments, Inc.)
    2 lkTimeSync; C:\Windows\system32\lktsrv.exe [57344 2006-07-25] (National Instruments, Inc.)
    2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
    2 NIDomainService; "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe" [200704 2006-07-25] (National Instruments, Inc.)
    3 NILM License Manager; "C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2006-06-27] (Macrovision Corporation)
    2 niSvcLoc; C:\Windows\system32\nisvcloc.exe -s [49152 2006-02-06] (National Instruments Corp.)
    3 ServiceLayer; "C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe" [620544 2008-11-10] (Nokia.)
    2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
    3 TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [102400 2009-01-29] (PacketVideo)

    ========================== Drivers (Whitelisted) =============

    3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
    3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
    2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2011-07-01] ()
    2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
    2 cvintdrv; C:\Windows\System32\Drivers\cvintdrv.sys [4096 2006-07-26] ()
    3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-03-31] (DT Soft Ltd)
    2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
    1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
    1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
    2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [134512 2010-07-29] (ESET)
    3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [32608 2010-07-29] (ESET)
    2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [41336 2010-07-29] (ESET)
    0 fmsg; C:\Windows\System32\DRIVERS\fmsg.sys [11264 2011-05-06] (Windows (R) Win 7 DDK provider)
    2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [96056 2012-04-23] (Tonec Inc.)
    1 ISODrive; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-28] (EZB Systems, Inc.)
    3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145920 2011-04-26] (ITE )
    2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-07-01] ()
    3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
    2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-19] (Realtek )
    3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [43520 2009-12-21] (Realtek Corporation)
    3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
    2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [64512 1998-07-22] ()
    3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [43520 2009-12-21] (Realtek Corporation)
    3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-09-14] (Windows (R) Codename Longhorn DDK provider)
    3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [9600 2007-04-08] (Waytech Development, Inc.)
    3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-09-14] (Windows (R) Codename Longhorn DDK provider)
    3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
    4 sptd; C:\Windows\System32\Drivers\sptd.sys [x]
    3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

    ========================== NetSvcs (Whitelisted) ===========


    ============ One Month Created Files and Folders ==============

    2012-08-15 07:52 - 2012-08-15 07:52 - 00001472 ____A C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
    2012-08-15 06:49 - 2012-08-15 06:49 - 00001725 ____A C:\Users\Clinic 123\Desktop\SysDir.lnk
    2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysDll
    2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysDir
    2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysApp
    2012-08-15 06:47 - 2012-07-24 15:09 - 00000000 ____D C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com
    2012-08-15 03:40 - 2012-08-15 03:40 - 00002564 ____A C:\Users\Clinic 123\Desktop\aswMBR.txt
    2012-08-15 03:40 - 2012-08-15 03:40 - 00000512 ____A C:\Users\Clinic 123\Desktop\MBR.dat
    2012-08-15 03:35 - 2012-08-15 03:35 - 00003130 ____A C:\Users\Clinic 123\Desktop\RKreport[1].txt
    2012-08-15 03:33 - 2012-08-15 03:35 - 00000000 ____D C:\Users\Clinic 123\Desktop\RK_Quarantine
    2012-08-15 03:33 - 2012-08-15 03:33 - 00000326 ____A C:\Windows\Tasks\HP WEP.job
    2012-08-15 03:32 - 2012-08-15 03:33 - 01558528 ____A C:\Users\Clinic 123\Desktop\RogueKiller.exe
    2012-08-14 12:40 - 2012-08-14 13:13 - 15728640 ____A C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
    2012-08-14 12:15 - 2012-08-14 12:16 - 00607260 ____R (Swearware) C:\Users\Clinic 123\Desktop\dds.com
    2012-08-14 12:10 - 2012-08-14 12:10 - 00389403 ____A C:\Users\Clinic 123\Downloads\Device-007-TMBC.jar
    2012-08-14 01:58 - 2012-08-14 01:58 - 00000000 ____A C:\Users\Clinic 123\Desktop\gmer.log
    2012-08-14 01:44 - 2012-08-14 01:44 - 00302592 ____A C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
    2012-08-11 01:10 - 2012-08-11 01:12 - 00421888 ____A C:\Users\Clinic 123\Downloads\adwcleaner.exe.part
    2012-08-11 01:08 - 2012-08-11 01:10 - 04731392 ____A (AVAST Software) C:\Users\Clinic 123\Desktop\aswMBR.exe
    2012-08-11 00:18 - 2012-08-11 00:18 - 00000000 ____D C:\Users\Clinic 123\AppData\Roaming\Malwarebytes
    2012-08-11 00:17 - 2012-08-11 00:17 - 00001072 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-11 00:17 - 2012-08-11 00:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
    2012-08-11 00:17 - 2012-08-11 00:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
    2012-08-11 00:17 - 2012-07-03 01:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-08-11 00:12 - 2012-08-11 00:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Clinic 123\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-10 00:04 - 2012-08-10 00:04 - 00000000 ___SD C:\ComboFix
    2012-08-10 00:04 - 2012-08-10 00:04 - 00000000 ____D C:\Qoobox
    2012-08-09 23:31 - 2012-08-09 23:33 - 04728003 ____R (Swearware) C:\Users\Clinic 123\Downloads\ComboFix.exe
    2012-08-09 23:07 - 2012-08-09 23:08 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Clinic 123\Desktop\tdsskiller.exe
    2012-08-09 23:05 - 2012-08-09 23:06 - 00881494 ____A C:\Users\Clinic 123\Downloads\SecurityCheck.exe
    2012-08-09 01:25 - 2012-08-09 01:29 - 00000000 ____D C:\Windows\System32\DBBK
    2012-08-06 13:50 - 2012-08-07 17:02 - 113307579 ____A C:\Users\Clinic 123\Downloads\OmidNoroozi_06_60KG_Amin-TopGoal.mkv
    2012-08-05 01:27 - 2012-08-05 01:27 - 00033372 ____A C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
    2012-08-04 07:39 - 2012-08-04 07:39 - 01174564 ____A C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
    2012-08-03 06:05 - 2012-08-03 06:05 - 00000000 __SHD C:\Windows\System32\%APPDATA%
    2012-08-03 04:30 - 2012-08-03 04:30 - 00741067 ____A C:\Users\Clinic 123\Downloads\Unconfirmed 39336 (1).crdownload
    2012-08-03 03:44 - 2012-08-03 03:44 - 00407872 ____A C:\Users\Clinic 123\Desktop\iexplore.exe
    2012-08-03 03:42 - 2012-08-03 03:43 - 00407872 ____A C:\Users\Clinic 123\Desktop\pkiller.exe
    2012-08-03 03:30 - 2010-03-23 22:39 - 00072268 ____A C:\Users\Clinic 123\Desktop\procexp.chm
    2012-08-03 03:30 - 2006-07-27 21:02 - 00007005 ____A C:\Users\Clinic 123\Desktop\Eula.txt
    2012-08-03 03:29 - 2012-08-03 03:29 - 01144963 ____A C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
    2012-08-02 03:25 - 2012-08-02 03:25 - 00455534 ____A C:\Users\Clinic 123\Downloads\PortBaz Server.zip
    2012-08-02 02:56 - 2012-08-02 02:57 - 00527972 ____A C:\Users\Clinic 123\Downloads\93ixvsmkce49rqbjamct.zip
    2012-07-31 04:30 - 2012-07-31 04:30 - 00019456 __ASH C:\Users\Clinic 123\Desktop\Thumbs.db
    2012-07-31 04:30 - 2012-07-31 04:30 - 00018432 __ASH C:\Users\Clinic 123\Downloads\Thumbs.db
    2012-07-31 04:27 - 2012-07-31 04:27 - 00000010 ____A C:\Users\Clinic 123\Desktop\New Text Document (3).txt
    2012-07-28 02:54 - 2012-07-28 09:30 - 08373593 ____A C:\Users\Clinic 123\Downloads\Opening_Ceremony_2012_03_HDrip_Amin-TopGoal.mkv
    2012-07-28 00:44 - 2012-07-28 00:45 - 02955776 ____A (Arya Rasaneh Tadbir/Shatel) C:\Users\Clinic 123\Downloads\CSAgent.exe
    2012-07-27 18:18 - 2012-07-28 17:12 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.002
    2012-07-27 12:44 - 2012-07-29 17:10 - 208951449 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.003
    2012-07-27 09:48 - 2012-07-27 18:18 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.001
    2012-07-27 07:03 - 2012-07-28 01:20 - 00000000 ____D C:\Program Files\Throttle
    2012-07-27 06:28 - 2012-07-27 06:28 - 00000000 ____D C:\Program Files\Your Freedom
    2012-07-27 04:18 - 2012-08-08 17:18 - 13548027 ____A C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
    2012-07-26 02:35 - 2012-07-26 02:35 - 00112405 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.htm
    2012-07-26 02:35 - 2012-07-26 02:35 - 00017835 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.txt
    2012-07-26 02:35 - 2012-07-26 02:35 - 00000000 ____D C:\Users\Clinic 123\Desktop\newstext.aspx_files
    2012-07-26 02:30 - 2012-07-26 02:30 - 00542963 ____A C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht
    2012-07-25 03:32 - 2012-07-27 05:07 - 00000142 ____A C:\Users\Clinic 123\Desktop\New Text Document (2).txt
    2012-07-23 02:14 - 2012-07-23 02:14 - 00063371 ____A C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm
    2012-07-23 02:14 - 2012-07-23 02:14 - 00000000 ____D C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files
    2012-07-23 00:17 - 2012-07-23 00:19 - 07184042 ____A C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
    2012-07-22 07:04 - 2012-07-22 07:18 - 13906796 ____A C:\Users\Clinic 123\Desktop\dump.log
    2012-07-22 01:05 - 2012-07-22 01:08 - 11626496 ____A C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
    2012-07-22 00:37 - 2012-07-22 00:40 - 13068288 ____A C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
    2012-07-21 11:35 - 2012-07-23 00:09 - 00000000 ____D C:\Users\Clinic 123\Downloads\Farman Fathalian
    2012-07-21 07:32 - 2012-07-21 07:32 - 00779887 ____A C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
    2012-07-21 07:31 - 2012-07-21 07:31 - 00001125 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-07-21 07:31 - 2012-07-21 07:31 - 00000000 ____D C:\Program Files\TeamViewer
    2012-07-21 07:29 - 2012-07-21 07:30 - 04660082 ____A C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
    2012-07-21 07:23 - 2011-05-09 20:21 - 00000000 ____D C:\Users\Clinic 123\Desktop\Remote Desktop Limitation
    2012-07-21 07:18 - 2012-07-21 07:18 - 00000000 ___AH C:\Users\Clinic 123\Documents\Default.rdp
    2012-07-21 06:01 - 2012-08-13 07:09 - 00000000 ____D C:\Users\Clinic 123\Downloads\Farshid AMin
    2012-07-21 06:00 - 2012-07-21 06:00 - 01130052 ____A C:\Users\Clinic 123\Desktop\TehranMusic.zip
    2012-07-21 01:40 - 2012-07-21 01:42 - 07629893 ____A C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
    2012-07-20 16:38 - 2012-07-20 16:38 - 00002304 ____A C:\Users\Clinic 123\Desktop\Google Chrome.lnk
    2012-07-20 16:09 - 2012-07-19 11:34 - 00003531 ____A C:\Users\Clinic 123\Desktop\sdoacg.txt
    2012-07-19 02:05 - 2012-07-19 02:06 - 00858655 ____A C:\Users\Clinic 123\Desktop\36498273492.rar
    2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\Clinic 123\Documents\ArcSoft ToGo
    2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\Clinic 123\AppData\Local\ArcSoft
    2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\All Users\ArcSoft
    2012-07-18 01:28 - 2012-07-20 01:30 - 00000000 ____D C:\Users\Clinic 123\AppData\Roaming\ArcSoft
    2012-07-18 01:28 - 2012-07-18 01:28 - 00001964 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
    2012-07-18 01:28 - 2006-11-10 02:35 - 00018688 ____A (Arcsoft, Inc.) C:\Windows\System32\Drivers\afc.sys
    2012-07-18 01:27 - 2012-07-18 01:28 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
    2012-07-18 01:27 - 2012-07-18 01:27 - 00000000 ____D C:\Program Files\ArcSoft
    2012-07-18 01:27 - 2005-04-27 04:06 - 00245408 ____A (Microsoft Corporation) C:\Windows\System32\unicows.dll
    2012-07-18 01:24 - 2012-07-18 01:24 - 00000000 ____D C:\Program Files\My Company Name
    2012-07-17 01:24 - 2012-07-17 01:24 - 00000000 ____D C:\Program Files\Gabest


    ============ 3 Months Modified Files ========================

    2012-08-15 11:03 - 2011-05-05 07:57 - 00793834 ____A C:\Windows\System32\PerfStringBackup.INI
    2012-08-15 07:52 - 2012-08-15 07:52 - 00001472 ____A C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
    2012-08-15 06:49 - 2012-08-15 06:49 - 00001725 ____A C:\Users\Clinic 123\Desktop\SysDir.lnk
    2012-08-15 03:40 - 2012-08-15 03:40 - 00002564 ____A C:\Users\Clinic 123\Desktop\aswMBR.txt
    2012-08-15 03:40 - 2012-08-15 03:40 - 00000512 ____A C:\Users\Clinic 123\Desktop\MBR.dat
    2012-08-15 03:35 - 2012-08-15 03:35 - 00003130 ____A C:\Users\Clinic 123\Desktop\RKreport[1].txt
    2012-08-15 03:33 - 2012-08-15 03:33 - 00000326 ____A C:\Windows\Tasks\HP WEP.job
    2012-08-15 03:33 - 2012-08-15 03:32 - 01558528 ____A C:\Users\Clinic 123\Desktop\RogueKiller.exe
    2012-08-15 03:27 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2012-08-15 03:27 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2012-08-15 03:25 - 2012-03-25 06:39 - 00001696 ____A C:\users\Clinic
    2012-08-15 03:22 - 2011-09-10 01:17 - 00054141 ____A C:\Windows\setupact.log
    2012-08-15 03:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
    2012-08-14 13:21 - 2011-05-05 07:51 - 01871041 ____A C:\Windows\WindowsUpdate.log
    2012-08-14 13:13 - 2012-08-14 12:40 - 15728640 ____A C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
    2012-08-14 12:16 - 2012-08-14 12:15 - 00607260 ____R (Swearware) C:\Users\Clinic 123\Desktop\dds.com
    2012-08-14 12:10 - 2012-08-14 12:10 - 00389403 ____A C:\Users\Clinic 123\Downloads\Device-007-TMBC.jar
    2012-08-14 01:58 - 2012-08-14 01:58 - 00000000 ____A C:\Users\Clinic 123\Desktop\gmer.log
    2012-08-14 01:44 - 2012-08-14 01:44 - 00302592 ____A C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
    2012-08-13 13:02 - 2011-05-06 03:51 - 00024805 ____A C:\Windows\deff1.dat
    2012-08-12 04:51 - 2011-06-06 23:04 - 00000116 ____A C:\Windows\NeroDigital.ini
    2012-08-11 01:12 - 2012-08-11 01:10 - 00421888 ____A C:\Users\Clinic 123\Downloads\adwcleaner.exe.part
    2012-08-11 01:10 - 2012-08-11 01:08 - 04731392 ____A (AVAST Software) C:\Users\Clinic 123\Desktop\aswMBR.exe
    2012-08-11 01:02 - 2011-09-18 03:51 - 00004278 ____A C:\Windows\PFRO.log
    2012-08-11 00:17 - 2012-08-11 00:17 - 00001072 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2012-08-11 00:15 - 2012-08-11 00:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Clinic 123\Downloads\mbam-setup-1.62.0.1300.exe
    2012-08-09 23:33 - 2012-08-09 23:31 - 04728003 ____R (Swearware) C:\Users\Clinic 123\Downloads\ComboFix.exe
    2012-08-09 23:08 - 2012-08-09 23:07 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Clinic 123\Desktop\tdsskiller.exe
    2012-08-09 23:06 - 2012-08-09 23:05 - 00881494 ____A C:\Users\Clinic 123\Downloads\SecurityCheck.exe
    2012-08-08 17:18 - 2012-07-27 04:18 - 13548027 ____A C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
    2012-08-07 17:02 - 2012-08-06 13:50 - 113307579 ____A C:\Users\Clinic 123\Downloads\OmidNoroozi_06_60KG_Amin-TopGoal.mkv
    2012-08-05 01:27 - 2012-08-05 01:27 - 00033372 ____A C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
    2012-08-04 07:39 - 2012-08-04 07:39 - 01174564 ____A C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
    2012-08-03 04:30 - 2012-08-03 04:30 - 00741067 ____A C:\Users\Clinic 123\Downloads\Unconfirmed 39336 (1).crdownload
    2012-08-03 03:44 - 2012-08-03 03:44 - 00407872 ____A C:\Users\Clinic 123\Desktop\iexplore.exe
    2012-08-03 03:43 - 2012-08-03 03:42 - 00407872 ____A C:\Users\Clinic 123\Desktop\pkiller.exe
    2012-08-03 03:29 - 2012-08-03 03:29 - 01144963 ____A C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
    2012-08-02 03:25 - 2012-08-02 03:25 - 00455534 ____A C:\Users\Clinic 123\Downloads\PortBaz Server.zip
    2012-08-02 02:57 - 2012-08-02 02:56 - 00527972 ____A C:\Users\Clinic 123\Downloads\93ixvsmkce49rqbjamct.zip
    2012-07-31 04:30 - 2012-07-31 04:30 - 00019456 __ASH C:\Users\Clinic 123\Desktop\Thumbs.db
    2012-07-31 04:30 - 2012-07-31 04:30 - 00018432 __ASH C:\Users\Clinic 123\Downloads\Thumbs.db
    2012-07-31 04:27 - 2012-07-31 04:27 - 00000010 ____A C:\Users\Clinic 123\Desktop\New Text Document (3).txt
    2012-07-29 17:10 - 2012-07-27 12:44 - 208951449 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.003
    2012-07-28 17:12 - 2012-07-27 18:18 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.002
    2012-07-28 09:30 - 2012-07-28 02:54 - 08373593 ____A C:\Users\Clinic 123\Downloads\Opening_Ceremony_2012_03_HDrip_Amin-TopGoal.mkv
    2012-07-28 00:45 - 2012-07-28 00:44 - 02955776 ____A (Arya Rasaneh Tadbir/Shatel) C:\Users\Clinic 123\Downloads\CSAgent.exe
    2012-07-27 18:18 - 2012-07-27 09:48 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.001
    2012-07-27 05:07 - 2012-07-25 03:32 - 00000142 ____A C:\Users\Clinic 123\Desktop\New Text Document (2).txt
    2012-07-26 02:35 - 2012-07-26 02:35 - 00112405 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.htm
    2012-07-26 02:35 - 2012-07-26 02:35 - 00017835 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.txt
    2012-07-26 02:30 - 2012-07-26 02:30 - 00542963 ____A C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht
    2012-07-23 02:14 - 2012-07-23 02:14 - 00063371 ____A C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm
    2012-07-23 00:19 - 2012-07-23 00:17 - 07184042 ____A C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
    2012-07-22 07:18 - 2012-07-22 07:04 - 13906796 ____A C:\Users\Clinic 123\Desktop\dump.log
    2012-07-22 01:08 - 2012-07-22 01:05 - 11626496 ____A C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
    2012-07-22 00:40 - 2012-07-22 00:37 - 13068288 ____A C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
    2012-07-21 07:32 - 2012-07-21 07:32 - 00779887 ____A C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
    2012-07-21 07:31 - 2012-07-21 07:31 - 00001125 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
    2012-07-21 07:30 - 2012-07-21 07:29 - 04660082 ____A C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
    2012-07-21 07:18 - 2012-07-21 07:18 - 00000000 ___AH C:\Users\Clinic 123\Documents\Default.rdp
    2012-07-21 06:00 - 2012-07-21 06:00 - 01130052 ____A C:\Users\Clinic 123\Desktop\TehranMusic.zip
    2012-07-21 01:42 - 2012-07-21 01:40 - 07629893 ____A C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
    2012-07-20 16:38 - 2012-07-20 16:38 - 00002304 ____A C:\Users\Clinic 123\Desktop\Google Chrome.lnk
    2012-07-19 11:34 - 2012-07-20 16:09 - 00003531 ____A C:\Users\Clinic 123\Desktop\sdoacg.txt
    2012-07-19 02:06 - 2012-07-19 02:05 - 00858655 ____A C:\Users\Clinic 123\Desktop\36498273492.rar
    2012-07-18 01:28 - 2012-07-18 01:28 - 00001964 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
    2012-07-14 08:14 - 2009-07-13 20:53 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
    2012-07-03 01:16 - 2012-08-11 00:17 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
    2012-06-25 06:14 - 2012-06-25 06:14 - 01255711 ____A C:\Users\Clinic 123\Desktop\Ali Hosseini pour(88000096).zip
    2012-06-25 06:14 - 2012-06-25 06:14 - 01096501 ____A C:\Users\Clinic 123\Desktop\Rasoul Shojaee 88000133.zip
    2012-06-05 11:07 - 2012-06-05 11:07 - 00004096 ___AH C:\Users\Clinic 123\AppData\Local\keyfile3.drm
    2012-06-05 10:46 - 2012-06-01 07:39 - 01839312 ____A C:\Users\Clinic 123\Desktop\Superconducting Machines.pptx
    2012-06-04 08:35 - 2012-06-04 08:35 - 00003833 ____A C:\Users\Clinic 123\Desktop\NewOne1.pwd
    2012-06-04 08:35 - 2012-06-04 08:35 - 00003833 ____A C:\Users\Clinic 123\Desktop\newcase.pwd
    2012-06-01 07:23 - 2012-06-01 07:23 - 00002645 ____A C:\Users\Clinic 123\Desktop\Microsoft Office PowerPoint 2007.lnk
    2012-06-01 05:46 - 2012-06-01 05:46 - 03463264 ____A C:\Users\Clinic 123\Desktop\Unfiled Notes.mht
    2012-05-30 07:02 - 2012-05-30 07:02 - 00002015 ____A C:\Users\Clinic 123\Desktop\Simulator 15 Edu-Eval.lnk


    ZeroAccess:
    C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}
    C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L
    C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U

    ZeroAccess:
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U

    ========================= Known DLLs (Whitelisted) ============


    ========================= Bamital & volsnap Check ============

    C:\Windows\explorer.exe => MD5 is legit
    C:\Windows\System32\winlogon.exe => MD5 is legit
    C:\Windows\System32\wininit.exe => MD5 is legit
    C:\Windows\System32\svchost.exe => MD5 is legit
    C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
    C:\Windows\System32\User32.dll => MD5 is legit
    C:\Windows\System32\userinit.exe => MD5 is legit
    C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

    ==================== EXE ASSOCIATION =====================

    HKLM\...\.exe: exefile => OK
    HKLM\...\exefile\DefaultIcon: %1 => OK
    HKLM\...\exefile\open\command: "%1" %* => OK

    ========================= Memory info ======================

    Percentage of memory in use: 21%
    Total physical RAM: 2047.55 MB
    Available physical RAM: 1615.18 MB
    Total Pagefile: 2047.55 MB
    Available Pagefile: 1622.36 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1968.7 MB

    ======================= Partitions =========================

    2 Drive c: (Win 7) (Fixed) (Total:73.14 GB) (Free:26.3 GB) NTFS
    3 Drive d: (Family) (Fixed) (Total:15.01 GB) (Free:8.16 GB) NTFS
    4 Drive e: (Aliano) (Fixed) (Total:196.23 GB) (Free:26.93 GB) NTFS
    5 Drive f: (Aliano) (Fixed) (Total:44.68 GB) (Free:20.16 GB) NTFS
    6 Drive g: (Aliano) (Fixed) (Total:44.68 GB) (Free:26.62 GB) NTFS
    7 Drive h: (Aliano) (Fixed) (Total:44.66 GB) (Free:7.65 GB) NTFS
    8 Drive j: (Aliano) (Fixed) (Total:196.29 GB) (Free:29.6 GB) NTFS
    11 Drive m: (ALIANO) (Removable) (Total:1.88 GB) (Free:1.35 GB) FAT32
    12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
    13 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

    Disk ### Status Size Free Dyn Gpt
    -------- ------------- ------- ------- --- ---
    Disk 0 Online 465 GB 1024 KB
    Disk 1 Online 149 GB 15 MB
    Disk 2 Online 1926 MB 0 B

    Partitions of Disk 0:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 100 MB 1024 KB
    Partition 2 Primary 73 GB 101 MB
    Partition 3 Primary 196 GB 73 GB
    Partition 0 Extended 196 GB 269 GB
    Partition 4 Logical 196 GB 269 GB

    ==================================================================================

    Disk: 0
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 2 Y System Rese NTFS Partition 100 MB Healthy

    ==================================================================================

    Disk: 0
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 3 C Win 7 NTFS Partition 73 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 4 J Aliano NTFS Partition 196 GB Healthy

    ==================================================================================

    Disk: 0
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 5 E Aliano NTFS Partition 196 GB Healthy

    ==================================================================================

    Partitions of Disk 1:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 15 GB 31 KB
    Partition 0 Extended 134 GB 15 GB
    Partition 2 Logical 44 GB 15 GB
    Partition 3 Logical 44 GB 59 GB
    Partition 4 Logical 44 GB 104 GB

    ==================================================================================

    Disk: 1
    Partition 1
    Type : 07
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 6 D Family NTFS Partition 15 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 2
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 7 F Aliano NTFS Partition 44 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 3
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 8 G Aliano NTFS Partition 44 GB Healthy

    ==================================================================================

    Disk: 1
    Partition 4
    Type : 07
    Hidden: No
    Active: No

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 9 H Aliano NTFS Partition 44 GB Healthy

    ==================================================================================

    Partitions of Disk 2:
    ===============

    Partition ### Type Size Offset
    ------------- ---------------- ------- -------
    Partition 1 Primary 1926 MB 31 KB

    ==================================================================================

    Disk: 2
    Partition 1
    Type : 0B
    Hidden: No
    Active: Yes

    Volume ### Ltr Label Fs Type Size Status Info
    ---------- --- ----------- ----- ---------- ------- --------- --------
    * Volume 10 M ALIANO FAT32 Removable 1926 MB Healthy

    ==================================================================================

    Last Boot: 2012-08-06 12:55

    ======================= End Of Log ==========================

    ===========================================================================================
    Serach.txt :

    Farbar Recovery Scan Tool Version: 15-08-2012
    Ran by SYSTEM at 2012-08-15 23:43:22
    Running from M:\

    ================== Search: "services.exe" ===================

    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

    C:\Windows\System32\services.exe
    [2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

    === End Of Search ===
     
  10. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    On Vista or Windows 7: Now please enter System Recovery Options.
    On Windows XP: Now please boot into the UBCD.
    Run FRST/FRST64 and press the Fix button just once and wait.
    The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

    Next...

    Restart normally.

    Please download ComboFix from Here, Here or Here to your Desktop.

    **Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
    • Never rename Combofix unless instructed.
    • Close any open browsers.
    • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
    • Double click on combofix.exe & follow the prompts.

    • NOTE1. If Combofix asks you to install Recovery Console, please allow it.
      NOTE 2. If Combofix asks you to update the program, always do so.
    • When finished, it will produce a report for you.
    • Please post the "C:\ComboFix.txt"
    **Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
    **Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
    Use AppRemover to uninstall it: http://www.appremover.com/
    We can reinstall it when we're done with CF.
    **Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
    **Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.


    Make sure, you re-enable your security programs, when you're done with Combofix.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    NOTE.
    If, for some reason, Combofix refuses to run, try the following...

    Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
    Do NOT run it yet.
    Download Rkill (courtesy of BleepingComputer.com) to your desktop.
    There are 2 different versions. If one of them won't run then download and try to run the other one.
    You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

    http://download.bleepingcomputer.com/grinler/beta/rkill.exe
    http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

    Restart computer in safe mode

    • Double-click on the Rkill desktop icon to run the tool.
    • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
    • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
    • If not, delete the file, then download and use the one provided in Link 2.
    • Do not reboot until instructed.
    • If the tool does not run from any of the links provided, please let me know.

    When the scan is done Notepad will open with rKill.txt log.
    NOTE. rKill.txt log will also be present on your desktop.

    Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

    IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.
     

    Attached Files:

    aliano likes this.
  11. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
    Ran by SYSTEM at 2012-08-16 13:32:54 Run:1
    Running from M:\

    ==============================================

    HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
    C:\Windows\System32\consrv.dll not found.
    HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
    C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818} moved successfully.
    C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818} moved successfully.
    C:\Windows\System32\services.exe moved successfully.
    C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

    ==== End of Fixlog ====

    =============================================================================================

    ComboFix 12-08-16.01 - Clinic 123 08/16/2012 13:51:18.1.2 - x86
    Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1299 [GMT 4.5:30]
    Running from: c:\users\Clinic 123\Desktop\ComboFix.exe
    AV: ESET Smart Security 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
    FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
    SP: ESET Smart Security 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
    SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\sysapp
    c:\programdata\sysapp\icon1_48_ico_rgba.ico
    c:\programdata\sysapp\Ionic.Zip.Reduced.dll
    c:\programdata\sysapp\Janus.Data.v3.dll
    c:\programdata\sysapp\Janus.Windows.Common.v3.dll
    c:\programdata\sysapp\Janus.Windows.GridEX.v3.dll
    c:\programdata\sysapp\NDde.dll
    c:\programdata\sysapp\SysAppInstaller.exe
    c:\programdata\sysapp\SysAppInstaller.exe.config
    c:\programdata\sysapp\SysDir.exe
    c:\programdata\sysapp\SysDir.exe.config
    c:\programdata\sysapp\SysDir.InstallState
    c:\programdata\sysapp\TheBestLicence.rtf
    c:\windows\Help\hp1100.hlp
    c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@
    c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n
    c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\00000001.@
    c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\80000000.@
    c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\800000cb.@
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
    .
    .
    2012-08-16 09:35 . 2012-08-16 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-08-16 07:40 . 2012-08-16 07:40 -------- d-----w- C:\FRST
    2012-08-15 14:49 . 2012-08-15 14:49 -------- d-----w- c:\programdata\SysDll
    2012-08-15 14:49 . 2012-08-15 14:49 -------- d-----w- c:\programdata\SysDir
    2012-08-11 08:18 . 2012-08-11 08:18 -------- d-----w- c:\users\Clinic 123\AppData\Roaming\Malwarebytes
    2012-08-11 08:17 . 2012-08-11 08:17 -------- d-----w- c:\programdata\Malwarebytes
    2012-08-11 08:17 . 2012-08-11 08:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-08-11 08:17 . 2012-07-03 09:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-08-09 09:25 . 2012-08-09 09:29 -------- d-----w- c:\windows\system32\DBBK
    2012-08-03 14:05 . 2012-08-03 14:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2012-07-27 15:03 . 2012-07-28 09:20 -------- d-----w- c:\program files\Throttle
    2012-07-27 14:28 . 2012-07-27 14:28 -------- d-----w- c:\program files\Your Freedom
    2012-07-21 15:31 . 2012-07-21 15:31 -------- d-----w- c:\users\Clinic 123\temp
    2012-07-21 15:31 . 2012-07-21 15:31 -------- d-----w- c:\program files\TeamViewer
    2012-07-19 10:07 . 2012-07-19 10:07 -------- d-----w- c:\users\Clinic 123\AppData\Local\Programs
    2012-07-18 09:29 . 2012-07-18 09:29 -------- d-----w- c:\users\Clinic 123\AppData\Local\ArcSoft
    2012-07-18 09:29 . 2012-07-18 09:29 -------- d-----w- c:\programdata\ArcSoft
    2012-07-18 09:28 . 2012-07-20 09:30 -------- d-----w- c:\users\Clinic 123\AppData\Roaming\ArcSoft
    2012-07-18 09:28 . 2006-11-10 10:35 18688 ----a-w- c:\windows\system32\drivers\afc.sys
    2012-07-18 09:27 . 2012-07-18 09:27 -------- d-----w- c:\program files\ArcSoft
    2012-07-18 09:27 . 2012-07-18 09:28 -------- d-----w- c:\program files\Common Files\ArcSoft
    2012-07-18 09:27 . 2005-04-27 12:06 245408 ----a-w- c:\windows\system32\unicows.dll
    2012-07-18 09:25 . 2001-09-04 23:48 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
    2012-07-18 09:25 . 2001-09-04 23:44 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
    2012-07-18 09:25 . 2001-09-04 23:43 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
    2012-07-18 09:25 . 2001-09-04 23:48 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
    2012-07-18 09:24 . 2012-07-18 09:24 -------- d-----w- c:\program files\My Company Name
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2006-01-23 07:02 . 2006-01-23 07:02 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
    2006-06-07 11:10 . 2006-06-07 11:10 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
    2011-11-21 04:04 . 2012-03-25 17:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-04-23 3487128]
    "GoldenDict"="c:\program files\GoldenDict\GoldenDict.exe" [2010-12-04 2411520]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
    "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
    "VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
    "ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
    "hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
    "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
    "HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
    "egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
    "ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
    "Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-7-18 258048]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    "EnableLinkedConnections"= 1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux"=wdmaud.drv
    .
    [HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
    backupExtension=.CommonStartup
    .
    [HKLM\~\startupfolder\C:^Users^Clinic 123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
    path=c:\users\Clinic 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
    backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
    backupExtension=.Startup
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
    c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
    2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
    2011-04-08 05:20 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2005-01-01 15:30 155648 ----a-w- c:\windows\System32\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
    2008-12-03 06:03 2372840 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Home Server Manager]
    2009-01-30 04:54 558080 ----a-w- c:\program files\Nokia\Nokia Home Media Server\NHSM.exe
    .
    R2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [x]
    R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
    R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
    R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
    R3 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [x]
    R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
    S0 fmsg;fmsg;c:\windows\system32\DRIVERS\fmsg.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
    S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
    S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
    S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
    S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
    S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
    S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
    S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
    S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
    S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
    S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
    S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
    S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
    S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [x]
    S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
    .
    .
    ------- Supplementary Scan -------
    .
    IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
    IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
    TCP: DhcpNameServer = 192.168.1.1
    FF - ProfilePath - c:\users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\
    FF - prefs.js: browser.startup.homepage - www.google.com
    FF - prefs.js: network.proxy.ftp - localhost
    FF - prefs.js: network.proxy.ftp_port - 8080
    FF - prefs.js: network.proxy.http - localhost
    FF - prefs.js: network.proxy.http_port - 8080
    FF - prefs.js: network.proxy.socks - localhost
    FF - prefs.js: network.proxy.socks_port - 1080
    FF - prefs.js: network.proxy.ssl - localhost
    FF - prefs.js: network.proxy.ssl_port - 8080
    FF - prefs.js: network.proxy.type - 0
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*g*p*\OpenWithList]
    @Class="Shell"
    .
    [HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000_Classes\CLSID\{5ab2e88b-ebc8-4922-997f-b850224ea2e0}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:00000096
    "Therad"=dword:0000001b
    .
    [HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
    @Denied: (Full) (Everyone)
    "scansk"=hex(0):38,52,7f,0d,4b,3a,00,17,ac,1d,c9,30,7b,ca,04,99,fc,dc,43,29,56,
    0c,d5,f5,6c,4c,ac,db,e5,85,5f,50,10,c8,53,9e,0c,9c,79,c4,00,00,00,00,00,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'Explorer.exe'(6116)
    c:\windows\System32\netshell.dll
    c:\windows\system32\imapi2.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\atieclxx.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    c:\windows\system32\lkcitdl.exe
    c:\windows\system32\lkads.exe
    c:\windows\system32\lktsrv.exe
    c:\program files\National Instruments\Shared\Security\nidmsrv.exe
    c:\windows\system32\nisvcloc.exe
    c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    c:\windows\system32\WUDFHost.exe
    c:\program files\Windows Media Player\wmpnetwk.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\taskhost.exe
    c:\windows\system32\conhost.exe
    c:\program files\DAEMON Tools Pro\DTShellHlp.exe
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
    .
    **************************************************************************
    .
    Completion time: 2012-08-16 14:14:37 - machine was rebooted
    ComboFix-quarantined-files.txt 2012-08-16 09:44
    .
    Pre-Run: 27,884,740,608 bytes free
    Post-Run: 32,685,346,816 bytes free
    .
    - - End Of File - - 9FCAE1A4C85D72104C6E99D6D879108F
     
  12. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Looks good :)

    Any current issues?

    ==========================.

    Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
    NOTE. If you already have MBAM installed, update it before running the scan.

    * Double-click mbam-setup.exe and follow the prompts to install the program.
    * At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
    * If an update is found, it will download and install the latest version.
    * Once the program has loaded, select Perform quick scan, then click Scan.
    * When the scan is complete, click OK, then Show Results to view the results.
    * Be sure that everything is checked, and click Remove Selected.
    * When completed, a log will open in Notepad.
    * Post the log back here.

    Be sure to restart the computer IF MBAM asks you to do so.

    The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
    Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

    ===========================

    Download OTL to your Desktop.
    Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Click the Scan All Users checkbox.
    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  13. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Malwarebytes Anti-Malware (Trial) 1.62.0.1300
    www.malwarebytes.org

    Database version: v2012.08.16.06

    Windows 7 x86 NTFS
    Internet Explorer 8.0.7600.16385
    Clinic 123 :: CLINIC123-PC [administrator]

    Protection: Enabled

    8/16/2012 10:02:32 PM
    mbam-log-2012-08-16 (22-02-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 197025
    Time elapsed: 10 minute(s), 27 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)
    ===========================================================================================

    During OTL quick scan this error occured:"list index bound" and scanning process stopped with no log
     
  14. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Delete your OTL file download new one, disable your AV program and try again.
     
  15. aliano

    aliano TS Rookie Topic Starter Posts: 17

    I downloaded new OTL and disabled my AV but the error "list index out of bounds(21)" occurred again
     

    Attached Files:

  16. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    See if you can run it from safe mode.
     
    aliano likes this.
  17. aliano

    aliano TS Rookie Topic Starter Posts: 17

    OTL logfile created on: 8/17/2012 9:25:57 PM - Run 1
    OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Clinic 123\Desktop
    Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
    Internet Explorer (Version = 8.0.7600.16385)
    Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

    2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.37% Memory free
    4.00 Gb Paging File | 3.19 Gb Available in Paging File | 79.82% Paging File free
    Paging file location(s): c:\pagefile.sys 0 0 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
    Drive C: | 73.14 Gb Total Space | 29.72 Gb Free Space | 40.63% Space Free | Partition Type: NTFS
    Drive D: | 196.29 Gb Total Space | 29.52 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
    Drive E: | 196.23 Gb Total Space | 26.93 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
    Drive F: | 15.01 Gb Total Space | 8.16 Gb Free Space | 54.39% Space Free | Partition Type: NTFS
    Drive G: | 44.68 Gb Total Space | 23.67 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
    Drive I: | 44.68 Gb Total Space | 33.87 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
    Drive J: | 44.66 Gb Total Space | 9.88 Gb Free Space | 22.12% Space Free | Partition Type: NTFS

    Computer Name: CLINIC123-PC | User Name: Clinic 123 | Logged in as Administrator.
    Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2012/08/17 00:42:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
    PRC - [2012/02/02 14:31:08 | 002,668,864 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    PRC - [2009/07/14 05:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe


    ========== Modules (No Company Name) ==========


    ========== Win32 Services (SafeList) ==========

    SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
    SRV - [2012/07/02 15:03:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
    SRV - [2010/08/26 06:27:04 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
    SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
    SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
    SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
    SRV - [2009/12/24 02:04:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
    SRV - [2009/07/14 05:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
    SRV - [2009/07/14 05:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
    SRV - [2009/07/14 05:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
    SRV - [2009/01/29 20:24:44 | 000,102,400 | ---- | M] (PacketVideo) [On_Demand | Stopped] -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe -- (TwonkyMedia)
    SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2007/03/18 13:36:36 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Stopped] -- C:\OrCAD\license_manager\lmgrd.exe -- (Cadence License Manager)
    SRV - [2006/07/25 18:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
    SRV - [2006/07/25 18:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
    SRV - [2006/07/25 18:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
    SRV - [2006/06/27 20:55:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
    SRV - [2006/06/19 15:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
    SRV - [2006/02/06 17:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
    DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CLINIC~1\AppData\Local\Temp\catchme.sys -- (catchme)
    DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
    DRV - [2012/04/23 15:56:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
    DRV - [2012/03/31 12:40:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
    DRV - [2011/07/02 12:22:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
    DRV - [2011/07/02 12:22:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
    DRV - [2011/05/06 16:20:57 | 000,011,264 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fmsg.sys -- (fmsg)
    DRV - [2011/04/26 16:58:44 | 000,145,920 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IT9135BDA.sys -- (IT9135BDA)
    DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
    DRV - [2010/08/26 08:06:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
    DRV - [2010/08/26 05:50:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
    DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
    DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
    DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
    DRV - [2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
    DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
    DRV - [2010/07/15 17:17:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
    DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
    DRV - [2009/12/21 20:00:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)
    DRV - [2009/12/21 20:00:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)
    DRV - [2009/07/20 06:56:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
    DRV - [2009/07/14 05:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
    DRV - [2009/07/14 05:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
    DRV - [2009/07/14 05:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
    DRV - [2009/07/14 04:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
    DRV - [2009/07/14 03:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
    DRV - [2009/07/14 03:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
    DRV - [2009/07/14 02:32:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
    DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2007/12/03 06:49:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN)
    DRV - [2007/12/03 06:49:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)
    DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)
    DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
    DRV - [2006/07/27 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
    DRV - [1998/07/22 13:44:26 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 49 09 57 53 7C CD 01 [binary data]
    IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

    ========== FireFox ==========

    FF - prefs.js..browser.search.update: false
    FF - prefs.js..browser.startup.homepage: "www.google.com"
    FF - prefs.js..network.proxy.ftp: "localhost"
    FF - prefs.js..network.proxy.ftp_port: 8080
    FF - prefs.js..network.proxy.http: "localhost"
    FF - prefs.js..network.proxy.http_port: 8080
    FF - prefs.js..network.proxy.socks: "localhost"
    FF - prefs.js..network.proxy.socks_port: 1080
    FF - prefs.js..network.proxy.ssl: "localhost"
    FF - prefs.js..network.proxy.ssl_port: 8080
    FF - prefs.js..network.proxy.type: 0
    FF - user.js - File not found

    FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
    FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
    FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 21:49:18 | 000,000,000 | ---D | M]
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
    FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/01 23:15:42 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5 [2012/07/28 14:15:12 | 000,000,000 | ---D | M]
    FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5 [2012/07/28 14:15:12 | 000,000,000 | ---D | M]

    [2012/03/25 21:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clinic 123\AppData\Roaming\mozilla\Extensions
    [2012/07/26 14:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clinic 123\AppData\Roaming\mozilla\Firefox\Profiles\2yxm0cjs.default\extensions
    [2012/03/25 21:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
    [2012/07/28 14:15:12 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\CLINIC 123\APPDATA\ROAMING\IDM\IDMMZCC5
    [2012/07/26 14:59:17 | 000,324,289 | ---- | M] () (No name found) -- C:\USERS\CLINIC 123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YXM0CJS.DEFAULT\EXTENSIONS\{F759CA51-3A91-4DD1-AE78-9DB5EEE9EBF0}.XPI
    [2011/11/21 08:34:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
    [2011/11/21 05:34:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
    [2011/11/21 05:34:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

    ========== Chrome ==========

    CHR - default_search_provider: Google (Enabled)
    CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:eek:riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
    CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
    CHR - homepage: http://www.google.com/
    CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
    CHR - plugin: Native Client (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
    CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
    CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
    CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
    CHR - plugin: Default Plug-in (Enabled) = default_plugin
    CHR - Extension: YouTube = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
    CHR - Extension: Google Search = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
    CHR - Extension: Gmail = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

    O1 HOSTS File: ([2012/08/16 14:09:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
    O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
    O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
    O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
    O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
    O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
    O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
    O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
    O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
    O4 - HKCU..\Run: [GoldenDict] C:\Program Files\GoldenDict\GoldenDict.exe (GoldenDict)
    O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
    O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
    O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7}: DhcpNameServer = 192.168.1.1
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
    O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2011/05/10 21:06:02 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O34 - HKLM BootExecute: (autocheck autochk *)
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*
    O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
    O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
    O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

    ========== Files/Folders - Created Within 30 Days ==========

    [2012/08/17 00:42:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
    [2012/08/16 14:13:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
    [2012/08/16 13:48:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
    [2012/08/16 13:48:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
    [2012/08/16 13:48:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
    [2012/08/16 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
    [2012/08/16 13:37:56 | 004,731,953 | R--- | C] (Swearware) -- C:\Users\Clinic 123\Desktop\ComboFix.exe
    [2012/08/16 12:10:19 | 000,000,000 | ---D | C] -- C:\FRST
    [2012/08/15 19:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SysDll
    [2012/08/15 19:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SysDir
    [2012/08/15 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com
    [2012/08/15 16:03:57 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\RK_Quarantine
    [2012/08/15 00:45:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Clinic 123\Desktop\dds.com
    [2012/08/11 13:38:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Clinic 123\Desktop\aswMBR.exe
    [2012/08/11 12:48:03 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Roaming\Malwarebytes
    [2012/08/11 12:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
    [2012/08/11 12:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
    [2012/08/11 12:47:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
    [2012/08/11 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
    [2012/08/10 12:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2012/08/10 11:37:04 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Clinic 123\Desktop\tdsskiller.exe
    [2012/08/09 13:55:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
    [2012/08/03 18:35:01 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
    [2012/07/27 19:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
    [2012/07/27 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Freedom
    [2012/07/27 18:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Your Freedom
    [2012/07/26 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\newstext.aspx_files
    [2012/07/21 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\temp
    [2012/07/21 20:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
    [2012/07/21 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\Remote Desktop Limitation
    [2012/07/19 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Local\Programs

    ========== Files - Modified Within 30 Days ==========

    [2012/08/17 21:24:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
    [2012/08/17 21:24:13 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
    [2012/08/17 20:29:00 | 000,024,805 | ---- | M] () -- C:\Windows\deff1.dat
    [2012/08/17 19:17:01 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
    [2012/08/17 16:48:57 | 000,106,626 | ---- | M] () -- C:\Users\Clinic 123\Desktop\list index out of bounds.jpg
    [2012/08/17 13:10:39 | 000,670,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
    [2012/08/17 13:10:39 | 000,124,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
    [2012/08/17 13:10:02 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    [2012/08/17 13:10:02 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    [2012/08/17 04:50:09 | 042,164,986 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi
    [2012/08/17 04:39:29 | 010,707,706 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.003
    [2012/08/17 04:34:56 | 015,728,640 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.002
    [2012/08/17 00:42:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
    [2012/08/16 17:45:34 | 011,131,285 | ---- | M] () -- C:\Users\Clinic 123\Desktop\DVBViewer.Pro.v4.5.0.0.MULTILINGUAL.REPACK-CRD.rar
    [2012/08/16 14:09:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
    [2012/08/16 13:39:37 | 004,731,953 | R--- | M] (Swearware) -- C:\Users\Clinic 123\Desktop\ComboFix.exe
    [2012/08/15 20:22:06 | 000,001,472 | ---- | M] () -- C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
    [2012/08/15 19:19:42 | 000,001,725 | ---- | M] () -- C:\Users\Clinic 123\Desktop\SysDir.lnk
    [2012/08/15 16:10:24 | 000,000,512 | ---- | M] () -- C:\Users\Clinic 123\Desktop\MBR.dat
    [2012/08/15 16:03:02 | 001,558,528 | ---- | M] () -- C:\Users\Clinic 123\Desktop\RogueKiller.exe
    [2012/08/15 01:43:41 | 015,728,640 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
    [2012/08/15 00:46:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Clinic 123\Desktop\dds.com
    [2012/08/14 14:14:55 | 000,302,592 | ---- | M] () -- C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
    [2012/08/12 17:21:02 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
    [2012/08/11 13:40:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Clinic 123\Desktop\aswMBR.exe
    [2012/08/11 12:47:08 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/10 14:42:56 | 000,058,654 | ---- | M] () -- C:\Users\Clinic 123\Desktop\rrr.jpg
    [2012/08/10 14:40:35 | 000,169,700 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Untitldded.jpg
    [2012/08/10 11:38:03 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Clinic 123\Desktop\tdsskiller.exe
    [2012/08/09 14:39:30 | 000,378,274 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Untiwwwtled.jpg
    [2012/08/09 05:48:29 | 013,548,027 | ---- | M] () -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
    [2012/08/07 13:55:11 | 000,045,046 | ---- | M] () -- C:\Users\Clinic 123\Desktop\68073514757564361027.jpg
    [2012/08/05 13:57:21 | 000,033,372 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
    [2012/08/04 20:09:06 | 001,174,564 | ---- | M] () -- C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
    [2012/08/03 16:14:38 | 000,407,872 | ---- | M] () -- C:\Users\Clinic 123\Desktop\iexplore.exe
    [2012/08/03 16:13:04 | 000,407,872 | ---- | M] () -- C:\Users\Clinic 123\Desktop\pkiller.exe
    [2012/08/03 15:59:07 | 001,144,963 | ---- | M] () -- C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
    [2012/07/30 14:41:19 | 003,590,834 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Muse - Survival.mp3
    [2012/07/26 15:05:16 | 000,112,405 | ---- | M] () -- C:\Users\Clinic 123\Desktop\newstext.aspx.htm
    [2012/07/25 20:38:51 | 000,037,101 | ---- | M] () -- C:\Users\Clinic 123\Desktop\sudoku.jpg
    [2012/07/25 00:58:08 | 005,221,440 | ---- | M] () -- C:\Users\Clinic 123\Desktop\simorgh.mp3
    [2012/07/23 13:11:58 | 003,314,315 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Hit That Jive.mp3
    [2012/07/23 13:10:41 | 002,817,359 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Ain't no grave (Johnny Cash).mp3
    [2012/07/23 12:49:39 | 007,184,042 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
    [2012/07/22 13:38:20 | 011,626,496 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
    [2012/07/22 13:10:33 | 013,068,288 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
    [2012/07/21 20:02:24 | 000,779,887 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
    [2012/07/21 20:01:24 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/07/21 20:00:10 | 004,660,082 | ---- | M] () -- C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
    [2012/07/21 19:48:27 | 000,000,000 | -H-- | M] () -- C:\Users\Clinic 123\Documents\Default.rdp
    [2012/07/21 18:30:34 | 001,130,052 | ---- | M] () -- C:\Users\Clinic 123\Desktop\TehranMusic.zip
    [2012/07/21 14:12:57 | 007,629,893 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
    [2012/07/21 05:08:34 | 000,002,304 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Google Chrome.lnk
    [2012/07/19 14:36:25 | 000,858,655 | ---- | M] () -- C:\Users\Clinic 123\Desktop\36498273492.rar
    [2012/07/19 14:24:19 | 000,051,504 | -HS- | M] () -- C:\Users\Clinic 123\Desktop\Folder.jpg
    [2012/07/19 14:24:19 | 000,009,690 | -HS- | M] () -- C:\Users\Clinic 123\Desktop\AlbumArtSmall.jpg

    ========== Files Created - No Company Name ==========

    [2012/08/17 16:48:57 | 000,106,626 | ---- | C] () -- C:\Users\Clinic 123\Desktop\list index out of bounds.jpg
    [2012/08/17 13:15:18 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
    [2012/08/17 04:50:06 | 042,164,986 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi
    [2012/08/16 17:42:27 | 011,131,285 | ---- | C] () -- C:\Users\Clinic 123\Desktop\DVBViewer.Pro.v4.5.0.0.MULTILINGUAL.REPACK-CRD.rar
    [2012/08/16 13:48:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
    [2012/08/16 13:48:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
    [2012/08/16 13:48:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
    [2012/08/16 13:48:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
    [2012/08/16 13:48:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
    [2012/08/15 20:22:06 | 000,001,472 | ---- | C] () -- C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
    [2012/08/15 19:19:42 | 000,001,725 | ---- | C] () -- C:\Users\Clinic 123\Desktop\SysDir.lnk
    [2012/08/15 16:10:24 | 000,000,512 | ---- | C] () -- C:\Users\Clinic 123\Desktop\MBR.dat
    [2012/08/15 16:02:03 | 001,558,528 | ---- | C] () -- C:\Users\Clinic 123\Desktop\RogueKiller.exe
    [2012/08/15 01:10:27 | 010,707,706 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.003
    [2012/08/15 01:10:21 | 015,728,640 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.002
    [2012/08/15 01:10:13 | 015,728,640 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
    [2012/08/14 14:14:08 | 000,302,592 | ---- | C] () -- C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
    [2012/08/11 12:47:08 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    [2012/08/10 14:42:55 | 000,058,654 | ---- | C] () -- C:\Users\Clinic 123\Desktop\rrr.jpg
    [2012/08/10 14:40:35 | 000,169,700 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Untitldded.jpg
    [2012/08/09 14:39:30 | 000,378,274 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Untiwwwtled.jpg
    [2012/08/07 13:55:09 | 000,045,046 | ---- | C] () -- C:\Users\Clinic 123\Desktop\68073514757564361027.jpg
    [2012/08/05 13:57:18 | 000,033,372 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
    [2012/08/04 20:09:00 | 001,174,564 | ---- | C] () -- C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
    [2012/08/03 16:14:33 | 000,407,872 | ---- | C] () -- C:\Users\Clinic 123\Desktop\iexplore.exe
    [2012/08/03 16:12:49 | 000,407,872 | ---- | C] () -- C:\Users\Clinic 123\Desktop\pkiller.exe
    [2012/08/03 16:00:17 | 000,072,268 | ---- | C] () -- C:\Users\Clinic 123\Desktop\procexp.chm
    [2012/08/03 15:59:03 | 001,144,963 | ---- | C] () -- C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
    [2012/07/30 14:40:31 | 003,590,834 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Muse - Survival.mp3
    [2012/07/27 16:48:15 | 013,548,027 | ---- | C] () -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
    [2012/07/26 15:05:16 | 000,112,405 | ---- | C] () -- C:\Users\Clinic 123\Desktop\newstext.aspx.htm
    [2012/07/25 20:38:49 | 000,037,101 | ---- | C] () -- C:\Users\Clinic 123\Desktop\sudoku.jpg
    [2012/07/25 00:56:38 | 005,221,440 | ---- | C] () -- C:\Users\Clinic 123\Desktop\simorgh.mp3
    [2012/07/23 13:10:58 | 003,314,315 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Hit That Jive.mp3
    [2012/07/23 13:09:56 | 002,817,359 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Ain't no grave (Johnny Cash).mp3
    [2012/07/23 12:47:43 | 007,184,042 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
    [2012/07/22 13:35:18 | 011,626,496 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
    [2012/07/22 13:07:00 | 013,068,288 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
    [2012/07/21 20:02:03 | 000,779,887 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
    [2012/07/21 20:01:24 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
    [2012/07/21 20:01:24 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
    [2012/07/21 19:59:00 | 004,660,082 | ---- | C] () -- C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
    [2012/07/21 19:48:27 | 000,000,000 | -H-- | C] () -- C:\Users\Clinic 123\Documents\Default.rdp
    [2012/07/21 18:30:20 | 001,130,052 | ---- | C] () -- C:\Users\Clinic 123\Desktop\TehranMusic.zip
    [2012/07/21 14:10:55 | 007,629,893 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
    [2012/07/21 05:08:34 | 000,002,304 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Google Chrome.lnk
    [2012/07/19 14:35:46 | 000,858,655 | ---- | C] () -- C:\Users\Clinic 123\Desktop\36498273492.rar
    [2012/07/19 14:24:19 | 000,051,504 | -HS- | C] () -- C:\Users\Clinic 123\Desktop\Folder.jpg
    [2012/07/19 14:24:19 | 000,009,690 | -HS- | C] () -- C:\Users\Clinic 123\Desktop\AlbumArtSmall.jpg
    [2012/06/05 23:37:41 | 000,004,096 | -H-- | C] () -- C:\Users\Clinic 123\AppData\Local\keyfile3.drm
    [2012/04/06 15:11:38 | 000,251,904 | ---- | C] () -- C:\Windows\System32\orant71.dll
    [2012/04/06 15:11:37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll
    [2012/04/06 15:00:27 | 000,000,000 | ---- | C] () -- C:\Windows\splash.INI
    [2011/09/26 22:14:50 | 000,156,593 | ---- | C] () -- C:\Windows\hppins09.dat.temp
    [2011/09/26 22:14:50 | 000,003,425 | ---- | C] () -- C:\Windows\hppmdl09.dat.temp
    [2011/09/26 21:31:36 | 000,157,073 | ---- | C] () -- C:\Windows\System32\hppins09.dat
    [2011/09/26 21:31:36 | 000,156,720 | ---- | C] () -- C:\Windows\hppins09.dat
    [2011/09/16 09:35:08 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
    [2011/09/15 15:27:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
    [2011/09/15 15:27:48 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
    [2011/09/15 15:27:48 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
    [2011/09/15 15:27:47 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
    [2011/09/02 19:12:24 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
    [2011/08/22 02:32:03 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
    [2011/08/22 02:18:38 | 000,903,168 | ---- | C] () -- C:\Windows\System32\mitmdl30.dll
    [2011/08/22 02:18:38 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
    [2011/08/22 02:18:38 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
    [2011/08/22 02:18:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
    [2011/08/22 02:18:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
    [2011/08/22 02:18:38 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
    [2011/08/22 02:18:38 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
    [2011/08/22 02:18:37 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
    [2011/08/22 02:18:37 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
    [2011/08/22 02:18:37 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
    [2011/08/22 02:18:37 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
    [2011/08/22 02:18:37 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
    [2011/08/22 02:18:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
    [2011/08/22 02:18:37 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
    [2011/08/22 02:18:37 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
    [2011/08/17 13:27:31 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
    [2011/07/02 12:22:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
    [2011/07/02 12:22:11 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
    [2011/06/07 11:34:50 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
    [2011/06/06 19:36:37 | 000,073,471 | ---- | C] () -- C:\Windows\hpqins16.dat
    [2011/05/27 10:59:43 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
    [2011/05/27 10:54:28 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
    [2011/05/27 10:54:28 | 000,017,408 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
    [2011/05/26 17:49:20 | 000,688,443 | ---- | C] () -- C:\Windows\unins000.exe
    [2011/05/26 17:49:20 | 000,002,393 | ---- | C] () -- C:\Windows\unins000.dat
    [2011/05/24 20:17:24 | 000,002,158 | ---- | C] () -- C:\Windows\FONTSMRT.INI
    [2011/05/24 20:17:06 | 000,000,415 | ---- | C] () -- C:\Windows\prntname.ini
    [2011/05/24 20:16:51 | 000,000,076 | ---- | C] () -- C:\Windows\tmprn.ini
    [2011/05/06 16:21:17 | 000,024,805 | ---- | C] () -- C:\Windows\deff1.dat
    [2011/05/05 23:04:15 | 000,031,232 | ---- | C] () -- C:\Users\Clinic 123\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2011/05/05 22:53:20 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
    [2011/05/05 20:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
    [2011/05/05 20:28:56 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat

    ========== LOP Check ==========

    [2011/08/19 15:05:26 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Acapela Group
    [2011/08/20 13:30:04 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Babylon
    [2011/05/08 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\COWON
    [2012/03/31 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DAEMON Tools Pro
    [2011/09/15 16:04:22 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DeepBurner
    [2012/08/17 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DMCache
    [2011/05/11 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\ESET
    [2012/08/17 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\GoldenDict
    [2012/08/12 04:35:56 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\IDM
    [2012/03/21 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\ImTOO
    [2011/09/02 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\iolo
    [2011/06/03 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\National Instruments
    [2011/09/10 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Nokia
    [2011/09/10 11:30:32 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Nseries
    [2011/09/10 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\PC Suite
    [2012/03/27 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Rovio
    [2012/07/14 20:44:28 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

    ========== Purity Check ==========



    ========== Files - Unicode (All) ==========
    [2012/07/26 15:00:35 | 000,542,963 | ---- | M] ()(C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht) -- C:\Users\Clinic 123\Desktop\جدول مسابقات ورزشكاران ايراني.mht
    [2012/07/26 15:00:30 | 000,542,963 | ---- | C] ()(C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht) -- C:\Users\Clinic 123\Desktop\جدول مسابقات ورزشكاران ايراني.mht
    [2012/07/23 14:44:30 | 000,063,371 | ---- | M] ()(C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است.htm
    [2012/07/23 14:44:27 | 000,000,000 | ---D | M](C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است_files
    [2012/07/23 14:44:25 | 000,063,371 | ---- | C] ()(C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است.htm
    [2012/07/23 14:44:25 | 000,000,000 | ---D | C](C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است_files
    [2011/05/06 15:39:57 | 000,000,000 | ---D | M](C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی
    [2011/05/06 15:39:57 | 000,000,000 | ---D | M](C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی
    (C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی

    < End of report >
     
  18. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    All clean :)

    Last scans...

    1. Download Security Check from HERE, and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

      NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

    2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.


    3. Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    4. Please, run F-Secure Online Scanner

    • Disable your Antivirus program.
    • Checkmark I have read and accepted the license terms.
    • Click on Run Check button.
    • Quick scan (recommended) option will come pre-checked. Don't change it.
    • Click on Start button.
    • When scan is done, in Step 3: Clean the files, leave all settings as they're.
    • Click Next button.
    • Click Full report... button.
    • Copy report's content and paste it into your next reply.
     
  19. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Results of screen317's Security Check version 0.99.44
    Windows 7 x86 (UAC is disabled!)
    Out of date service pack!!
    Internet Explorer 8 Out of date!
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Security Center service is not running! This report may not be accurate!
    Windows Firewall Enabled!
    ESET Smart Security 4.2
    Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
    Malwarebytes Anti-Malware version 1.62.0.1300
    CCleaner
    Java(TM) 7 Update 3
    Java version out of Date!
    Adobe Flash Player 11.1.102.63
    Adobe Reader 8 Adobe Reader out of Date!
    Mozilla Firefox (8.0.1)
    Google Chrome 16.0.912.63
    Google Chrome 5.0.375.86
    ````````Process Check: objlist.exe by Laurent````````
    Malwarebytes Anti-Malware mbamgui.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: 2%
    ````````````````````End of Log``````````````````````
    =============================================================================================
    Farbar Service Scanner Version: 06-08-2012
    Ran by Clinic 123 (administrator) on 18-08-2012 at 01:57:34
    Running from "C:\Users\Clinic 123\Downloads\Programs"
    Microsoft Windows 7 Ultimate (X86)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo IP is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============

    Windows Update:
    ============
    BITS Service is not running. Checking service configuration:
    Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
    The ImagePath of BITS service is OK.
    The ServiceDll of BITS service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\system32\nsisvc.dll => MD5 is legit
    C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
    C:\Windows\system32\dhcpcore.dll => MD5 is legit
    C:\Windows\system32\Drivers\afd.sys => MD5 is legit
    C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
    C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
    C:\Windows\system32\dnsrslvr.dll => MD5 is legit
    C:\Windows\system32\mpssvc.dll
    [2009-07-14 04:23] - [2009-07-14 05:45] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

    C:\Windows\system32\bfe.dll
    [2009-07-14 04:24] - [2009-07-14 05:44] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

    C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
    C:\Windows\system32\SDRSVC.dll
    [2009-07-14 03:53] - [2009-07-14 05:46] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

    C:\Windows\system32\vssvc.exe
    [2009-07-14 03:54] - [2009-07-14 05:44] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

    C:\Windows\system32\wscsvc.dll => MD5 is legit
    C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
    C:\Windows\system32\wuaueng.dll
    [2009-07-14 04:45] - [2009-07-14 05:46] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

    C:\Windows\system32\qmgr.dll
    [2009-07-14 04:00] - [2009-07-14 05:46] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

    C:\Windows\system32\es.dll => MD5 is legit
    C:\Windows\system32\cryptsvc.dll => MD5 is legit
    C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
    C:\Windows\system32\svchost.exe => MD5 is legit
    C:\Windows\system32\rpcss.dll => MD5 is legit


    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Eset?
     
  21. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Please exempt me from F-Secure Online Scanning!I tried it but it f***** up at 10% update and I also have an internet account with finite traffic you know
     
  22. Broni

    Broni Malware Annihilator Posts: 52,904   +344

    Try this one. It should go faster.

    Please run a BitDefender Online Scan

    • Disable your antivirus program.
    • Click Start Scanner button.
    • Click Free scan now button
    • Allow browser plug-in to be installed when prompted.
    • Click I Agree to agree to the EULA.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on View report.
    • Notepad will open with scan results.
    • Save the report to your desktop and post its content in your next reply.
     
    aliano likes this.
  23. aliano

    aliano TS Rookie Topic Starter Posts: 17

    QuickScan 32-bit v0.9.9.119
    ---------------------------
    Scan date: Wed Aug 22 15:56:32 2012
    Machine ID: F4608921



    No infection found.
    -------------------



    Processes
    ---------
    3972 C:\Program Files\HP\HP UT\bin\hppusg.exe
    AMD External Events 1396 C:\Windows\System32\atieclxx.exe
    AMD External Events 952 C:\Windows\System32\atiesrxx.exe
    ArcSoft Connect 4088 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    ArcSoft Connect 1920 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
    ArcSoft Connect 2552 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    Catalyst Control Centre 2884 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    Catalyst Control Centre 3828 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    DAEMON Tools Pro 3840 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    DVBViewer Pro Recording service 2004 C:\Program Files\DVBViewer\DVBVservice.exe
    DVBViewer Recording Service Tray Applic 1432 C:\Program Files\DVBViewer\DVBVCtrl.exe
    ESET Smart Security 3984 C:\Program Files\ESET\ESET Smart Security\egui.exe
    ESET Smart Security 320 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    Firefox 2232 C:\Program Files\Mozilla Firefox\firefox.exe
    Firefox 1516 C:\Program Files\Mozilla Firefox\plugin-container.exe
    GoldenDict 2392 C:\Program Files\GoldenDict\GoldenDict.exe
    hp digital imaging - hp all-in-one seri 3956 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    HP ToolboxFX 3904 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    IEMonitor Application 1000 C:\Program Files\Internet Download Manager\IEMonitor.exe
    Internet Download Manager (IDM) 336 C:\Program Files\Internet Download Manager\IDMan.exe
    Java(TM) Platform SE Auto Updater 2 0 4044 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Malwarebytes Anti-Malware 4444 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    Microsoft® Windows® Operating System 4464 C:\Program Files\Windows Media Player\wmpnetwk.exe
    Microsoft® Windows® Operating System 3452 C:\Windows\explorer.exe
    Microsoft® Windows® Operating System 516 C:\Windows\System32\csrss.exe
    Microsoft® Windows® Operating System 604 C:\Windows\System32\csrss.exe
    Microsoft® Windows® Operating System 672 C:\Windows\System32\lsm.exe
    Microsoft® Windows® Operating System 644 C:\Windows\System32\services.exe
    Microsoft® Windows® Operating System 292 C:\Windows\System32\smss.exe
    Microsoft® Windows® Operating System 596 C:\Windows\System32\wininit.exe
    Microsoft® Windows® Operating System 736 C:\Windows\System32\winlogon.exe
    National Instruments Logos 1364 C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    National Instruments Logos 588 C:\Windows\System32\lkads.exe
    National Instruments Logos 536 C:\Windows\System32\lkcitdl.exe
    National Instruments Logos 376 C:\Windows\System32\lktsrv.exe
    National Instruments Service Locator 1888 C:\Windows\System32\nisvcloc.exe
    Pandora.TV service file 2144 C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    Realtek HD Audio Manager 3820 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    StarWind Alcohol Edition 2280 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    TeamViewer 2348 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    TMMonitor 2464 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    Virtual CloneDrive 3864 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    Your Freedom 5552 C:\Program Files\Your Freedom\freedom.exe
    (verified) GrooveMonitor Utility 3808 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) Microsoft® Windows® Operating System 3464 C:\Windows\System32\dwm.exe
    (verified) Microsoft® Windows® Operating System 660 C:\Windows\System32\lsass.exe
    (verified) Microsoft® Windows® Operating System 1648 C:\Windows\System32\spoolsv.exe
    (verified) Microsoft® Windows® Operating System 2188 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1684 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 2320 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 2404 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1528 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1292 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1108 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1080 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 1024 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 904 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 836 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 148 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 636 C:\Windows\System32\svchost.exe
    (verified) Microsoft® Windows® Operating System 3276 C:\Windows\System32\taskhost.exe
    (verified) Windows® Search 3792 C:\Windows\System32\SearchIndexer.exe


    Network activity
    ----------------
    Process firefox.exe (2232) connected on port 80 (HTTP) --> 173.194.35.0
    Process firefox.exe (2232) connected on port 80 (HTTP) --> 37.59.67.149
    Process firefox.exe (2232) connected on port 80 (HTTP) --> 173.194.35.0

    Process wininit.exe (596) listens on ports: 49152 (RPC)
    Process services.exe (644) listens on ports: 49163
    Process lsass.exe (660) listens on ports: 49157 (RPC)
    Process svchost.exe (904) listens on ports: 135 (RPC)
    Process svchost.exe (1024) listens on ports: 49153 (RPC)
    Process svchost.exe (1108) listens on ports: 49154 (RPC)
    Process spoolsv.exe (1648) listens on ports: 49155 (RPC)
    Process nisvcloc.exe (1888) listens on ports: 3580
    Process DVBVservice.exe (2004) listens on ports: 3456, 4022, 7522, 8089
    Process PandoraService.exe (2144) listens on ports: 1935, 7955, 12882, 49156 (RPC)
    Process StarWindServiceAE.exe (2280) listens on ports: 3261
    Process wmpnetwk.exe (4464) listens on ports: 554 (RTSP)
    Process freedom.exe (5552) listens on ports: 62799


    Autoruns and critical files
    ---------------------------
    C:\Program Files\HP\HP UT\bin\hppusg.exe
    ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    DVBViewer Recording Service Tray Applic C:\Program Files\DVBViewer\DVBVCtrl.exe
    ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
    GoldenDict C:\Program Files\GoldenDict\GoldenDict.exe
    hp digital imaging - hp all-in-one seri C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    HP ToolboxFX C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
    Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
    Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    TMMonitor C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    WEP Application C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
    Windows® Internet Explorer c:\windows\system32\webcheck.dll
    (verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
    (verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe


    Browser plugins
    ---------------
    AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
    Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    Bitdefender QuickScan C:\Users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
    Java(TM) Platform SE 7 U3 c:\program files\java\jre7\bin\jp2ssv.dll
    Java(TM) Platform SE 7 U3 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    LabVIEW 8.0 OCX C:\Program Files\Internet Explorer\plugins\LV80ActiveXControl.dll
    LabVIEW 8.2 OCX C:\Program Files\Internet Explorer\plugins\LV82ActiveXControl.dll
    NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
    Windows® Internet Explorer C:\Windows\system32\Ieframe.dll
    (verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
    (verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
     
  24. aliano

    aliano TS Rookie Topic Starter Posts: 17

    Scan
    ----
    MD5: 8904797ab560918b115b7ec350b3d2c7 C:\OrCAD\license_manager\lmgrd.exe
    MD5: 95151d7903fef5f221a3b5be603e69bf C:\Program Files\7-Zip\7-zip.dll
    MD5: e5c796b621f6fba8616511063d7f0ffe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
    MD5: dd2fd9dd3d599f38f806fc3918c81884 C:\Program Files\ArcSoft\TotalMedia 3.5\ArcFileSyncLogic.dll
    MD5: 92cae710c5328bf8012665710634099f C:\Program Files\ArcSoft\TotalMedia 3.5\fpxlib.dll
    MD5: 04773ea5a06acf90d168367ea61f0810 C:\Program Files\ArcSoft\TotalMedia 3.5\ImgCtrl.dll
    MD5: f2ed0e090426136b6e26fc4e8547c640 C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll
    MD5: 376b131955e98398698fcc98faf01cbd C:\Program Files\ArcSoft\TotalMedia 3.5\MagCore.dll
    MD5: 140770ed1b79430f5e3bac3e5ed0b0da C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
    MD5: 2ee6c9d342332717824d0a938b95f636 C:\Program Files\ArcSoft\TotalMedia 3.5\magFileIO.dll
    MD5: c4d185b03a77f5c72527d200180cdc9c C:\Program Files\ArcSoft\TotalMedia 3.5\MagicDll\MagUICommon.dll
    MD5: 6e23d3b66cef29cd653c7cb7033788f6 C:\Program Files\ArcSoft\TotalMedia 3.5\MagicDll\MagUICommonET.dll
    MD5: 151f129189a79721a53d7eeb1c9ec527 C:\Program Files\ArcSoft\TotalMedia 3.5\MagPCMac.dll
    MD5: e9eee3af187bcfe98924e6a71a0245ee C:\Program Files\ArcSoft\TotalMedia 3.5\magPltfm.dll
    MD5: aec6ea634f4f2fe8ae67688746e21115 C:\Program Files\ArcSoft\TotalMedia 3.5\magTools.dll
    MD5: 000ad4d456d436186b7006657103fbd8 C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIEngine.dll
    MD5: 47433ebde5306ee8f96878820504ed8d C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIImage.dll
    MD5: c9f1a8832986ab7d1dc879d59f39bf99 C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIInter.dll
    MD5: 29b3b4ee2d60207f0ff83ff2fd7d0d04 C:\Program Files\ArcSoft\TotalMedia 3.5\MFC42LU.DLL
    MD5: 32dc530c2322c052a96b086b956b9f34 C:\Program Files\ArcSoft\TotalMedia 3.5\Modules\Handheld\HandheldMag.dll
    MD5: ee5e3854b8b960043232293df680d759 C:\Program Files\ArcSoft\TotalMedia 3.5\MonitorMgr.dll
    MD5: 87529471ec01cb8b109fd00fb0bd601e C:\Program Files\ArcSoft\TotalMedia 3.5\MSLUP60.dll
    MD5: bd64b96795a01a0392c14ea7ab2f9005 C:\Program Files\ArcSoft\TotalMedia 3.5\MSLURT.dll
    MD5: 6950ad47e6cb3493275c1d687337745e C:\Program Files\ArcSoft\TotalMedia 3.5\MSVCP60.dll
    MD5: 2c2561348b2e112beb75db48ce401f56 C:\Program Files\ArcSoft\TotalMedia 3.5\PortableDevice.dll
    MD5: 73b0e14ef9b7115e41b7c5ce70129bff C:\Program Files\ArcSoft\TotalMedia 3.5\Res_Monitor.dll
    MD5: 1039b5838a86fa30c3b696ad3390dbd0 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
    MD5: 608964b87c4bddee178a717e80a844df C:\Program Files\ArcSoft\TotalMedia 3.5\ToolsCtrl.dll
    MD5: 9a9be26bd1629b4332d5c68284445373 C:\Program Files\ArcSoft\TotalMedia 3.5\uafc.dll
    MD5: 35b86237df68b9937f3805801c907124 C:\Program Files\ArcSoft\TotalMedia 3.5\uafcrc.dll
    MD5: 6f0aa4a6a0c714387f098ef464c9333e C:\Program Files\ArcSoft\TotalMedia 3.5\uAlignSplit.dll
    MD5: 04c193d288793b8df7ecd9c6adcb8dd4 C:\Program Files\ArcSoft\TotalMedia 3.5\uDiscClub.dll
    MD5: 937707f9b6fd057836a6ed2867ff306a C:\Program Files\ArcSoft\TotalMedia 3.5\uDvdIfo.dll
    MD5: 5ab35b8f23775d20b32a65d60fdbf6e2 C:\Program Files\ArcSoft\TotalMedia 3.5\uDXPubTool.dll
    MD5: 5cf01a73b34d541579754b6056423c00 C:\Program Files\ArcSoft\TotalMedia 3.5\uEpg.dll
    MD5: f14de5c4f3eff4d3c06a52b97812d671 C:\Program Files\ArcSoft\TotalMedia 3.5\uEZDLL.dll
    MD5: 6e0b6167e2ea8b2171822e8186df6ca4 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaClub.dll
    MD5: 5b5d6b7a313df1f602c5d6aa3813b1e0 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaEVR.Dll
    MD5: e67fef9d419aa08cd1e67961418370fc C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaExport.dll
    MD5: cc1fb4f7da4de66b4d78f40378a73a27 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaImport.dll
    MD5: 00609c36902d60c4533b5dd98f246738 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaInfo.dll
    MD5: c1fbfbfe796349d16fcb2c88a0933d0d C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
    MD5: 93448fa34d7c1c3378d496308dbbb82c C:\Program Files\ArcSoft\TotalMedia 3.5\uSche.dll
    MD5: d3c11ea798bc20f0bfc7cf2693da4334 C:\Program Files\ArcSoft\TotalMedia 3.5\uVDibTool.dll
    MD5: 0a7977ff7535f237c8c745ae09887c35 C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
    MD5: 1d5a364193eed5a97803b95377ac15ee C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
    MD5: da557791a5706d090ceb6577888fbdea C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
    MD5: b08e334c6973ce6076ad8575da7f3d1d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
    MD5: 1ca10f5c48b7fcf6f62a1c0ffba2a1b2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
    MD5: bf7c51d2e330886ede129d05e6fef9bf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
    MD5: 32f468d6a63a904185699862c9411745 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
    MD5: c3e749265ac97e7934496a855215ad9d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
    MD5: 3318b9c8eec32dba863ed139da3b96ec C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
    MD5: 90c02d661b4779555968b6deee2c4e02 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
    MD5: e822f85c40dcfa9195a54fd025976289 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
    MD5: bb345d73546e6f4eba8e45b6dd122b77 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
    MD5: 6e743448fba96380d5df7a12a461562b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
    MD5: 8253471312ace62813eedb0bbd65c7f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
    MD5: cc7ca22b35918122268263a3eddeffdf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
    MD5: 15603e55d29a664eb60ae75614a0a770 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
    MD5: 1f3744e1a9fe300c4c18c8c0f54bb763 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
    MD5: d207bf7be9111afcccec42a41012306c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATIDEMGX.dll
    MD5: ee850c95ed088e8835f2425ee551296f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
    MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    MD5: 14e17dd37ac52759c8aade350e6bdda8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
    MD5: 8be410ff42a526294cf1cad00cd8b000 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
    MD5: d1da9d819f4f741e2ecb80a6e96cfee9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
    MD5: ac50e4d575e307030407af26f1c1ee7c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
    MD5: a6d4f7aac2c9f5b2e2c99b84e4d6075f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
    MD5: 2b73cc57989fa631679b45987bc681f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Shared.dll
    MD5: f96c00ba25fa64e380eab6fd9ef4add1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
    MD5: 8c948b617f06e9c06b9527ebaaf0cc2d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
    MD5: 6d878631dd93fec20a6b6fb59014bba0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
    MD5: 84f16bc0542017c2f1cf0490558c281b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
    MD5: bc4756fed56f7ce5d6a77f1fd21ffd51 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
    MD5: 3b883342f818e3b15e620f7a6901c9f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
    MD5: 0927c7be7e375d9824ba05087bf1359a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
    MD5: 9c2beca493018344ac56c9d439cd2190 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
    MD5: 8d19a4a5fa71281cf819ee4a16a5c930 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
    MD5: b50ea6ec7007580b8a1414f9a4c5899c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
    MD5: 0b7c030d125feee46572e35e1ced5647 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
    MD5: 89dddfa13d72bb9209c6658d4c4f134b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
    MD5: 972c4e624174d6d21710d6bcd889d7c3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
    MD5: 4383c6324eea252f449595c94e7d4cf2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
    MD5: 263df2d8d716af06b2fc17ecae13a75c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
    MD5: 36ddd9c72ea391ca2e7afe330fbb5584 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
    MD5: f13c400ef91773c97a2b4476209e9bfe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
    MD5: 078209b9ab7358177a66fc0f5e51dbeb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
    MD5: 5be2e5e328587368c8d723a36f12335e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
    MD5: 893565e89770d37c8e2053c67bd8a0aa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
    MD5: 2d9eb237c07bb2fd0f87d9ed0651e4a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
    MD5: 7d3b7176651e17321f26e1819ab891aa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
    MD5: 2a0f27ff1e5da3505b9a1291c9f7fc5e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Dashboard.dll
    MD5: 1b926f35175f5a9c68d89b276f2e43b4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Runtime.dll
    MD5: cc9790be510c9a44426bf9f3d15e1d55 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Shared.dll
    MD5: d2bf3acd6478019d74b42e65fad833d0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
    MD5: 67098763c34da71f950afd35f7db8332 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
    MD5: a705d672c67a851d83f01c27d1676218 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
    MD5: c2129bd845692d01627ebe57a6ccaea3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
    MD5: 2f7aa5334e979708bf5a627486ccbd55 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Runtime.dll
    MD5: 92b20fb26cc263d225089904a39deb36 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Shared.dll
    MD5: 4f42f374a4afcab117b09a6b9bd339c3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
    MD5: 549a6fc0a75c8eb3145b4c7d9721093c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
    MD5: 5bb82e44b77dcec0e4f725720d407e5a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
    MD5: 4d98bc312a595628c7b62515fd5d6294 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
    MD5: b89bad32c203e9b6e9bd324ec1ed84a8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
    MD5: 724819752b356c666adfb91201d19913 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
    MD5: a1eeb23d5e1acd91bf80fab932215a2d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
    MD5: b027e352870a3e580365c2a0a9eac1e9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
    MD5: b1a4709ea9dd8b340e46058d2a9a28cd C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.shared.dll
    MD5: 600015228bcd74be803849732523256a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
    MD5: f8bf424679facd875a903a9bf931e86e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
    MD5: ec11ce3ff73700c49f1670241f0b9b83 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
    MD5: a3ee6cf40ab19bf2b7dcc0a83d844e66 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Dashboard.dll
    MD5: a54dd1814c8c14119d50d865d64e4ea2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Runtime.dll
    MD5: 82c4e47fa5fa2f2c63b9538368a4ee3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Shared.dll
    MD5: c8c05901812e4923cc9139a4c47ef369 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
    MD5: 27df6787c324985ca9e0f1f4ccf45d1e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
    MD5: 79affa7ae8fb412474d688de24f65021 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
    MD5: 69c3b3559c83f7a6621e958e86f94711 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
    MD5: 843bd3d989ea43c07e0028c1c96290eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
    MD5: 85b4d9b42463bb6fd76558107fc62fbc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
    MD5: 7d8c23cc9560102b81c6b9327b7f0317 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
    MD5: 815a03570ea5e224de196b98a7e299ab C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
    MD5: 624e1e7c612c038a649097068332c620 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
    MD5: 8a13c81a371cd73d253a9f4816be8038 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
    MD5: 84b6fc5308f74fd7d96c6101745f2f61 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
    MD5: a78a90cc8dbfbd1562b40c25ee9cc219 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
    MD5: e821fed8cdbaef41ac8194a1ce94af19 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
    MD5: 04955298be40ff29004d8af2b9c859df C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
    MD5: d4bf5441ded9eddc440d7ae103c2d531 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
    MD5: acff631613aad3da0d3ede1ad1bfe314 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
    MD5: 40dae1c67086270c9743b37fa53860c0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
    MD5: fe0d39365d173817cda81df84a26e5a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
    MD5: 52cef07697c7ba2c49e26b79e9516fec C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
    MD5: bea14aa7f441810d9c0559b833125507 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
    MD5: be3a8e99a8a74423d14a6f34aaedd9af C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
    MD5: cd2c7009069c4a5779769621c9f2e884 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.SkinFactory.dll
    MD5: 2c0efe81eb1269fcbbfe6b4525dd449b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
    MD5: 699427527642716ded58b2f60bd14fb4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.dll
    MD5: 5e2f9e4321fc4108b871ce2a4d0d791b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.dll
    MD5: 462194ca4fa6c433e9dda5424a411397 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.Private.dll
    MD5: b54f6c669e740041e40713ae20f0e77d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
    MD5: 419ca1c06e4897fce3058fd45ea34c68 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
    MD5: 91977120ee7d2d5b2fe60e6670dae5e8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
    MD5: 0700ea00c2cbb1f89e2681f90a14820c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
    MD5: e7584278475abe7c43863b514bad69b5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
    MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
    MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
    MD5: 40261429e4139a04d27bc9489f3ed7eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
    MD5: 5c281ffe91b8639a7448fcec5754e123 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
    MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
    MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
    MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
    MD5: 258c457aed786e5f6360a8472bf6c176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
    MD5: 9e897687058f8a8d95ce888ac6835ad7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
    MD5: 50004ed7815fcdc0fb613f6f0188d601 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
    MD5: fd9c464b82180735a6eed112b6123458 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
    MD5: 2c8018dd4103b260a0a0c1804b9082e5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
    MD5: e54df1f9cd97f0ab065af0641babe3c1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
    MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    MD5: f3908b786b80423d4d739948a066dcfc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
    MD5: 337d1a8ed745ca9950d767585b0855a3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
    MD5: 74c6983c22f3f070c941128d01687dd7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
    MD5: e90c00af0e23f8ae2a621b883d7d8fd4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
    MD5: cf92f1b9bbce85a82b55c5389e0c8e10 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
    MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
    MD5: 7548c242d95cbff76908360ad629c09f C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll
    MD5: fe798cc2f350e3567e75266f37b98be2 C:\Program Files\Common Files\ArcSoft\Bin\magPltfm.dll
    MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
    MD5: f400694d7d2785f60133c20f7f2f4f7a C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
    MD5: 59a6413fb2cc89fd8651b1d2962fb8b9 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\MSVCP60.dll
    MD5: ba466d3dc13712d5c0cec39a5265038d C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcWmdmMgrCom.dll
    MD5: 7e27ca6ad25702e048bfea4376e75cbc C:\Program Files\Common Files\ATI Technologies\Multimedia\atimpenc.dll
    MD5: dfdabcd3f7eedb8f5474b9439e3f4483 C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
    MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files\Common Files\Java\Java Update\jusched.exe
    MD5: a88cc2ed8f8ca2ad5b362a20dbabe9c5 C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
    MD5: 220b467a0001cd118d2bf97966e8106a C:\Program Files\Common Files\Nero\NeroShellExt\SolutionExplorer.dll
    MD5: 17ad6a5e8a3e68d3f77894b02b88bf92 C:\Program Files\Common Files\System\ado\msadrh15.dll
    MD5: 74ffa8fc7a88d6d707792805864ea04f C:\Program Files\DAEMON Tools Pro\DTCommonRes.dll
    MD5: 62ca2829b6c25a9aa53feeb90e497884 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
    MD5: 2f3e4e3c42a170009f2cc1dd434c0967 C:\Program Files\DAEMON Tools Pro\DTShl32.dll
    MD5: 21d39cc4de4684477d7dedf9fca426f1 C:\Program Files\DAEMON Tools Pro\Engine.dll
    MD5: 4de1ebb2314e2f10ac9ec83138193f8b C:\Program Files\DAEMON Tools Pro\ImgEngine.dll
    MD5: 76a152a7acba74fb62f4946ea37c14d5 C:\Program Files\DVBViewer\DVBVCtrl.exe
    MD5: be0fc1728239e3c786f499fa3beb2f41 C:\Program Files\DVBViewer\DVBVservice.exe
    MD5: 23a977bd85955841b3e54bf4711ed61a C:\Program Files\DVBViewer\sqlite3.dll
    MD5: de37f9b256fabe999a03ea23b4ca26ec C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    MD5: cbe195127a3a162865f2396b3cf11a75 C:\Program Files\ESET\ESET Smart Security\egui.exe
    MD5: efbb5c82ada23bb8dade9d757c636d8e C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
    MD5: 5fe935c3329ec9de10111b76cc95695a C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
    MD5: 47316e319360c65a7c86a468dd430ea0 C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
    MD5: 88c9085f1332adfbcc30e50f03e64048 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
    MD5: fd59640966349e41b48687a0c0f64539 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
    MD5: 15a5cd23d96d9b2c9a661dccd0eff091 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
    MD5: fdbbb142eb919434432d9215c133460e C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
    MD5: 436ee0f9b3d62875f6075ae9246740e5 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
    MD5: d83323d7cd5d1cc46b42da9e59409890 C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
    MD5: efa198f8983d064a81052851f7bb80c2 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
    MD5: 06a55658b781ee045c2bde16b73e9f4d C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
    MD5: d38dee988862af60716a0ec7bbd1875c C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
    MD5: 34cefefebd8ae513f4927b0e43f8f5ca C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
    MD5: c95fd762058ebab2fadb1e9f6feec776 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
    MD5: 3888af0d0aeb7bee34058957ab723aff C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
    MD5: a14d9e43ba94d78bba68ee9a9891cb44 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
    MD5: 51b3328eb674c5e8484ba72ade9c1d71 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
    MD5: 2cf4290bb2aad96e6ab621322a1bd393 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
    MD5: 8dc09e45e33c679f8bad8c3c72132670 C:\Program Files\ESET\ESET Smart Security\shellExt.dll
    MD5: ca70572b19d6964d4c1e5d7c8b9f61b8 C:\Program Files\ESET\ESET Smart Security\updater.dll
     
  25. aliano

    aliano TS Rookie Topic Starter Posts: 17

    MD5: 59c739766e4ffa5a7b277e585f16acae C:\Program Files\GoldenDict\GdTextOutSpy.dll
    MD5: 43847868c9bab19c36368126d8a04f4d C:\Program Files\GoldenDict\GoldenDict.exe
    MD5: 5788ff84c91dc1346100729cf5b2609d C:\Program Files\GoldenDict\imageformats\qgif4.dll
    MD5: e7eb18cdf17920e3e87c32d4b8df674f C:\Program Files\GoldenDict\imageformats\qico4.dll
    MD5: 0c6b04974459f5b6ab52ae40cb0554ea C:\Program Files\GoldenDict\imageformats\qjpeg4.dll
    MD5: bdb0c4d25d34f099d6544f9a846d7021 C:\Program Files\GoldenDict\imageformats\qmng4.dll
    MD5: b40a4133de33f62d4a6ca3337b1e0e98 C:\Program Files\GoldenDict\imageformats\qtiff4.dll
    MD5: c4b4409f186da70fcf2bcc60d5f05489 C:\Program Files\GoldenDict\libgcc_s_dw2-1.dll
    MD5: fd1dc6c680299a2ed1eedcc3eabda601 C:\Program Files\GoldenDict\libiconv2.dll
    MD5: dbda60d92e774b4acb3b1cd71f909426 C:\Program Files\GoldenDict\mingwm10.dll
    MD5: df73cd37abce9dff192e9f5d813f0efa C:\Program Files\GoldenDict\phonon4.dll
    MD5: 209cc188ab1e4595e5642224f7453f6f C:\Program Files\GoldenDict\QtCore4.dll
    MD5: 44cb41cd7d1da6561e901ff0ef6ef99c C:\Program Files\GoldenDict\QtGui4.dll
    MD5: 2269f24b150c2d30a6b860338f54c176 C:\Program Files\GoldenDict\QtNetwork4.dll
    MD5: baf55ed841c3f9ea2e947feb02f706c4 C:\Program Files\GoldenDict\QtWebKit4.dll
    MD5: f6ee315f9be79f614c2b5b5cc15ccaa9 C:\Program Files\GoldenDict\QtXml4.dll
    MD5: c7d4d685a0af2a09cbc21cb474358595 C:\Program Files\GoldenDict\zlib1.dll
    MD5: e98cfb0c92e3a8e5c6f530d28d3dbd80 C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
    MD5: 58d4765ab87347db835d5693adf652c1 c:\program files\hp\digital imaging\bin\hpqcxs08.dll
    MD5: 9af5ea601c06e5c64f9f006e050b931e c:\program files\hp\digital imaging\bin\hpqddcmn.dll
    MD5: 99ed733f614660eb32199bf889dfb7e2 c:\program files\hp\digital imaging\bin\hpqddsvc.dll
    MD5: 5b6748dfa56a0be54c45b989378293e1 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
    MD5: 7af5a466cf4aeca28e3dcbcf5b6fd220 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    MD5: 8621c46f5ba088b4bc61d01e053799c6 C:\Program Files\HP\HP UT\bin\Enumeration.dll
    MD5: 676b8eafbbf50d404527d461b28ee9fa C:\Program Files\HP\HP UT\bin\hppusg.exe
    MD5: a5408669c55d268a3a7b4805fdf0efe7 C:\Program Files\HP\HP UT\bin\HPToolkit.dll
    MD5: ba8db79766b8c7b84d557e3c97b7f0ac C:\Program Files\HP\HP UT\bin\HPTools.dll
    MD5: 2052cc7c18923a88f67d9ded11d04058 C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
    MD5: f7585c6f1b7d813fc60c0c150b7868e5 C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
    MD5: c314cda134602b4bba86596423263cbe C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
    MD5: 4c6de30665dd88dcf36206b86c97e919 C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
    MD5: 41e9d827a260d506dffdac2a899d5353 C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
    MD5: f2e13c160cca46e861d10863ecdef524 C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
    MD5: 6277d740a2a2fa6adc2ff3e0c6f5246b C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
    MD5: eb44fb2fd05ba20c2a69693aaf6a4099 C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
    MD5: 213a53fa33116513722b0f2f7ce17297 C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
    MD5: 9828caf511808cc853628090ff4f6992 C:\Program Files\HP\ToolboxFX\bin\NamedPipeChannel.dll
    MD5: 29536b6e08358d4956dc3df2b2416e66 C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
    MD5: 48cf488a23577d1bc5d73a2102baf4e5 C:\Program Files\Internet Download Manager\IDMan.exe
    MD5: caf705aa1a7810fd81b50b08e2415dd4 C:\Program Files\Internet Download Manager\idmcchandler2.dll
    MD5: ea1a320b897268bd6accfeddb31b9cab C:\Program Files\Internet Download Manager\idmftype.dll
    MD5: eec9fc5fded72f65c609a720750d6a3b c:\program files\internet download manager\idmiecc.dll
    MD5: f3d66d5aff658162d93edbcda2da35dc C:\Program Files\Internet Download Manager\idmmkb.dll
    MD5: fc9f5c1efbf339cc00ef33587570f86c C:\Program Files\Internet Download Manager\IDMNetMon.DLL
    MD5: 1d3910b356bbdebf096cad12e4f04103 C:\Program Files\Internet Download Manager\IDMShellExt.dll
    MD5: 4ddc46c5feecf9eb92ad554d6ed37e0c C:\Program Files\Internet Explorer\ieproxy.dll
    MD5: 09ebabefff3e96123fa4e649b714a203 C:\Program Files\Internet Explorer\plugins\LV80ActiveXControl.dll
    MD5: 53a348aa51fdd7c2ba7a807a1c4e00ba C:\Program Files\Internet Explorer\plugins\LV82ActiveXControl.dll
    MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
    MD5: 1d2a28be7ee00aaddde21b0f384f20a8 c:\program files\java\jre7\bin\jp2ssv.dll
    MD5: 0edfc83fad9ef12df0801d0927c3cbb8 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
    MD5: 8d7fbdeceeb7339212d15224817870bd C:\Program Files\JetAudio\JetFlExt.dll
    MD5: fb665485b6c8ee16fed0619adff8b27a C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
    MD5: 8f233c5bc68e34d18d38257b283ce96c C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
    MD5: 05d6b219b8279e928ecddb11df8d5934 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
    MD5: 84db35f319e5b67838a4877c11748866 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    MD5: 24744f14e76174927aa2bd4600709192 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
    MD5: 43683e970f008c93c9429ef428147a54 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    MD5: 5abc507ead0a15a3c07c17dfb3e510ae C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
    MD5: bd4c601a0c7c2b5e06753c77b0f15cec C:\Program Files\Mozilla Firefox\components\browsercomps.dll
    MD5: 25532414a7a088553527a75b31df0592 C:\Program Files\Mozilla Firefox\firefox.exe
    MD5: acdda9608d9e9374227ae3981305da74 C:\Program Files\Mozilla Firefox\freebl3.dll
    MD5: 8bb7bee59f0287a0ead64957db67b532 C:\Program Files\Mozilla Firefox\mozalloc.dll
    MD5: 54e853f7cbb2a7114da3763bf9abd4d5 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
    MD5: 37ef3bb68aea271b600a1d2eec58cd2a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
    MD5: 3a5236be0bc729a077a80e2e5a716843 C:\Program Files\Mozilla Firefox\mozjs.dll
    MD5: 3481a993bbbcef7f83938d3bbcba53c3 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
    MD5: b18ac873044816fcd21f6c742eea4556 C:\Program Files\Mozilla Firefox\nspr4.dll
    MD5: 3c840551b5baafc45b3f02c789d4fc77 C:\Program Files\Mozilla Firefox\nss3.dll
    MD5: 15032e6af825451b861f0f941c344932 C:\Program Files\Mozilla Firefox\nssckbi.dll
    MD5: c45c19f159f02a7a050c840dfccac489 C:\Program Files\Mozilla Firefox\nssdbm3.dll
    MD5: 4585bff270a7f0bac15c15f131012578 C:\Program Files\Mozilla Firefox\nssutil3.dll
    MD5: 3a6b10e1d909da39716dfbb921a4842c C:\Program Files\Mozilla Firefox\plc4.dll
    MD5: f9375875aa40bf4756d66ff692393aac C:\Program Files\Mozilla Firefox\plds4.dll
    MD5: 1cd878ffa3b97d9008fa0e723ed996cb C:\Program Files\Mozilla Firefox\plugin-container.exe
    MD5: 3cf277c305780ffeb8be2f80276a9e37 C:\Program Files\Mozilla Firefox\smime3.dll
    MD5: c30f05f0faa9c826b8578d0159fa7c83 C:\Program Files\Mozilla Firefox\softokn3.dll
    MD5: eda70aba6202a5a152c6d8b5c5874ce9 C:\Program Files\Mozilla Firefox\ssl3.dll
    MD5: 49f6273082e0341ddd4af0be02394da9 C:\Program Files\Mozilla Firefox\xpcom.dll
    MD5: d2f353297cdf9197dc322f4c930009c0 C:\Program Files\Mozilla Firefox\xul.dll
    MD5: b17093b9a2c5f874975c732c1a8ba771 C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
    MD5: 5fbbc10263154d72cc85166a4547e21d C:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll
    MD5: ab886a4e9f00a251d96f8958f2fc94d7 C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
    MD5: d639e877eca1cd4591d74a2281a9ba1a C:\Program Files\Nero\Nero 10\Nero BackItUp\NBRes_en-US.nls
    MD5: af016aceb82fc1ecedb773a4693ca5a0 C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll
    MD5: b605f7c971b7e5f69dc124e039bcf14f C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
    MD5: 3ec8de67b1c78c31e54c0f030e6bd7d5 C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
    MD5: 7c4e1a22b7f7ed30e134a7a6c0075daa C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
    MD5: 8b6a4dfd617c1a851386005b58bb717d C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
    MD5: da4207a57b76170725d5405943843722 C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
    MD5: d5b69fdd9cda438179a9a72da388f673 C:\Program Files\PANDORA.TV\PanService\libupnp.dll
    MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files\PANDORA.TV\PanService\MSVCP100.dll
    MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files\PANDORA.TV\PanService\MSVCR100.dll
    MD5: 01907300eb52206b06facb9608f369a9 C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
    MD5: ba540c8386c71eea7746cef1255a469e C:\Program Files\PANDORA.TV\PanService\PanStreamer.dll
    MD5: f481bde7b3d8439d882d51543d8f6305 C:\Program Files\PANDORA.TV\PanService\proxy.dll
    MD5: 0ab7d0e87f3843f8104b3670f5a9af62 C:\Program Files\PANDORA.TV\PanService\pthreadVC2.dll
    MD5: 40d5d8eebe614f115b81e677587f1007 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    MD5: 4a84526076717f87f3e1ad24ab28fb5a C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
    MD5: 089b5f924e96ba9c40e4e4522bf43770 c:\program files\windows defender\mprtp.dll
    MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe
    MD5: 8da7de8b3ac78c784be73dd9c20c786c C:\Program Files\WinRAR\rarext.dll
    MD5: 8dee907802dc058c8ac582addeb0f38d C:\Program Files\Your Freedom\freedom.exe
    MD5: 8aacba4e800a99a22686f5ad4512f60a C:\Program Files\Your Freedom\LatteLibWin-3.0.0.dll
    MD5: 17f5315b31675c3514d1bea382e24e0b C:\Program Files\Your Freedom\rt\bin\awt.dll
    MD5: 1abe76d4671f3b4c001d1f43731f0e32 C:\Program Files\Your Freedom\rt\bin\dcpr.dll
    MD5: 73cf2f3e0bc7f989c30c7dac9489651e C:\Program Files\Your Freedom\rt\bin\fontmanager.dll
    MD5: a18786237fe5b876d7d0adec6221ffd1 C:\Program Files\Your Freedom\rt\bin\hpi.dll
    MD5: cf2330250a2beeeca97dd6d23e495d6a C:\Program Files\Your Freedom\rt\bin\java.dll
    MD5: fa743e3746d09dae00f59a0e7ff9cd28 C:\Program Files\Your Freedom\rt\bin\jetvm\jvm.dll
    MD5: a04d799147fd29b1c856f8a06879b220 C:\Program Files\Your Freedom\rt\bin\jpeg.dll
    MD5: f93a02a2652d7b50f5b64f70c925c70d C:\Program Files\Your Freedom\rt\bin\net.dll
    MD5: 841621e6657363e8f1c606baa39b726d C:\Program Files\Your Freedom\rt\bin\nio.dll
    MD5: 116b2223bd7c740e0b0f5fc56f1c7d41 C:\Program Files\Your Freedom\rt\bin\sunmscapi.dll
    MD5: 1ae1ef87eea87306388a93142abbdb96 C:\Program Files\Your Freedom\rt\bin\zip.dll
    MD5: e370ed8bfe2ebcb506f1544772ceec2f C:\Program Files\Your Freedom\rt\jetrt\baseline760.dll
    MD5: f4dd9e29cab8110c976b9200e8067bc2 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD3E12DC-3561-4344-A175-3D9A1E12F3C7}\mpengine.dll
    MD5: 0dd42a8cef1a562927264f4164710535 C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5\components8\idmmzcc.dll
    MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
    MD5: ff885a5a7af62f47a5b97f385cfd4fbf C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
    MD5: b1b4d14cefa7d1c0e1fd1b4ecb5ddce2 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
    MD5: 0de5baeec29ecb3a7c0a40f1d1b02362 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
    MD5: 1d8d7a6ad401e267b217c9d609eb2b82 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\ebb1a98d5d55d13bbe33034416ee5a1f\System.Deployment.ni.dll
    MD5: e5fc214de61ac769cdc8fa6a61c7578d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
    MD5: d3e94342eedebf9b61f3ca1254598ec4 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
    MD5: 13cf544d751bf3cffa10c0971ff10f50 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
    MD5: 0424ea7eb0c419756a502567231e1866 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
    MD5: 9ec43eeadd6a4139934a9ccb43c23063 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
    MD5: 6b285819c2d8648837743b57fd449939 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
    MD5: 61b193f8e187bada79d8330e3de35d29 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
    MD5: 15bc38a7492befe831966adb477cf76f C:\Windows\explorer.exe
    MD5: f475daa3cf6d19da49be7bac0a966db3 C:\Windows\system32\Adobe\Director\np32dsw.dll
    MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll
    MD5: c5e3c0a164e792549b0e44f531a56f3b C:\Windows\system32\atiadlxx.dll
    MD5: 90bf2c95ff63ea8cd6a2c1c85d00076d C:\Windows\system32\aticfx32.dll
    MD5: 610ef4722272b9a6571ade15269f16bc C:\Windows\system32\atidxx32.dll
    MD5: 23d643acee70cf354aa612641d15d800 C:\Windows\System32\atieclxx.exe
    MD5: 369fc70bdbaa2d13e0e66647e14cecef C:\Windows\System32\atiesrxx.exe
    MD5: ce0fbbf22322d49eef4ebcbd0b870414 C:\Windows\system32\atipdlxx.dll
    MD5: b858095e6f354c3c2f002a429b17897e C:\Windows\system32\atiu9pag.dll
    MD5: 2a342d6a9b46ac5923ad5ecbf5c5558c C:\Windows\system32\atiumdag.dll
    MD5: 52e53dd1510d1ceaffea4a5be291dbd5 C:\Windows\system32\atiumdva.dll
    MD5: 07a37df1d8e90dc97c6c4118cdee0bc1 C:\Windows\system32\atiuxpag.dll
    MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll
    MD5: 3e9aad82823c3ef21de2e73b494d8aa2 C:\Windows\system32\AVIFIL32.dll
    MD5: 9a595df601070da78c40481120dd2c06 C:\Windows\system32\basesrv.DLL
    MD5: 420d4c7b1f783a8a03197e04054b2e68 C:\Windows\System32\bdaplgin.ax
    MD5: 65c2f2a191905da1baada9804e4c2c3c C:\Windows\system32\chsbrkr.dll
    MD5: fb798295e0483218be8b4f6f17b5cdfe C:\Windows\system32\chtbrkr.dll
    MD5: 9092668daf4061898fd3f2c19d8c7f85 C:\Windows\system32\CLUSAPI.DLL
    MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll
    MD5: 10de24cccd418c31107813682eb73542 C:\Windows\system32\CSRSRV.dll
    MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe
    MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll
    MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll
    MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\Windows\system32\drivers\Afc.sys
    MD5: 76bab0c824e2d05b940c4dd40a9b08bf C:\Windows\system32\DRIVERS\athr.sys
    MD5: 7b4342936a3885cfe18e5d1df6d55bc5 C:\Windows\system32\drivers\AtihdW73.sys
    MD5: da3cf5b94ad09290896e2b73df6d4173 C:\Windows\system32\DRIVERS\atikmdag.sys
    MD5: 46a3f55772fd2d1526994693ae352579 C:\Windows\system32\DRIVERS\atikmpag.sys
    MD5: 72bc628af75c4c3250f2a3bac260265a C:\Windows\system32\DRIVERS\atksgt.sys
    MD5: 77361d72a04f18809d0efb6cceb74d4b C:\Windows\system32\DRIVERS\bridge.sys
    MD5: 9a908a9bb857c2cceb2907eb9dcaeb8b C:\Windows\system32\drivers\ccdcmb.sys
    MD5: 68ec3ee2348e475ea62c66e6aafcfc9b C:\Windows\system32\drivers\ccdcmbo.sys
    MD5: c2eb4539a4f6ab6edd01bdc191619975 C:\Windows\system32\drivers\cpuz135_x32.sys
    MD5: 687af6bb383885ff6a64071b189a7f3e C:\Windows\system32\DRIVERS\dtsoftbus01.sys
    MD5: 73ce42907cf42bfb91bcd27fe7c7a7af C:\Windows\system32\DRIVERS\eamonm.sys
    MD5: 7d300a43a7bd8769e0f901bf9e1ae367 C:\Windows\system32\DRIVERS\ehdrv.sys
    MD5: 178cc9403816c082d22a1d47fa1f9c85 C:\Windows\System32\Drivers\ElbyCDIO.sys
    MD5: 15bfe00f030ea20955117bb0677e9668 C:\Windows\system32\DRIVERS\epfw.sys
    MD5: 52310e0e603d7da79ecca7d764937a91 C:\Windows\system32\DRIVERS\Epfwndis.sys
    MD5: 235250a79cf1e16a5a42407cfe3f6a4c C:\Windows\system32\DRIVERS\epfwwfp.sys
    MD5: 275be7a9a72f95d69b5c560c81542016 C:\Windows\system32\DRIVERS\fmsg.sys
    MD5: 8dc6f8a868b06f7b21c5683053509c8f C:\Windows\system32\DRIVERS\idmwfp.sys
    MD5: 532f4655db4c3f702f420722350b6022 C:\Windows\System32\Drivers\IT9135BDA.sys
    MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\Windows\system32\DRIVERS\lirsgt.sys
    MD5: 6dfe7f2e8e8a337263aa5c92a215f161 C:\Windows\system32\drivers\mbam.sys
    MD5: 0db7527db188c7d967a37bb51bbf3963 C:\Windows\system32\drivers\mbamswissarmy.sys
    MD5: fd2041e9ba03db7764b2248f02475079 C:\Windows\system32\DRIVERS\pccsmcfd.sys
    MD5: e099d23ee1bbce0cf5745f811f3b1882 C:\Windows\system32\DRIVERS\Rt86win7.sys
    MD5: f42f2f88017a2e2b6f783acef6c2c149 C:\Windows\system32\drivers\RTKVHDA.sys
    MD5: f2fec929e9fa9902f0bb52a4522068d4 C:\Windows\system32\DRIVERS\RtNdPt60.sys
    MD5: c8a7202fd20479ecf5788605806cfc9b C:\Windows\system32\DRIVERS\RtTeam60.sys
    MD5: e6472a4007fb17d27d4091abd657a291 C:\Windows\system32\DRIVERS\RtVlan60.sys
    MD5: b5665baa2120b8a54e22e9cd07c05106 C:\Windows\System32\DRIVERS\srvnet.sys
    MD5: 1d6a4fa75af0400d3f99642c271f3255 C:\Windows\System32\Drivers\UsbFltr.sys
    MD5: 88701eca76145e2c011c0eeff0f7b70e C:\Windows\system32\drivers\usbser.sys
    MD5: a34560a5d516a2f5240180370866b99d C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
    MD5: 6410eebd6e0427466812858ee84c8467 C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
    MD5: 2cc2660b3ec3434c88d2c808dd7937d4 C:\Windows\system32\DRIVERS\VClone.sys
    MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll
    MD5: 496c56361f57c2ca54931ebbc7d6c2cf C:\Windows\system32\eapphost.dll
    MD5: 61933976cfb6f3f2a0e14a1da704adf6 C:\Windows\system32\EFSCORE.dll
    MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll
    MD5: 00a99da54c14969a899ed316d16e9a9e C:\Windows\system32\efssvc.dll
    MD5: 359c3ac547aa1d24eed35be3ab3759dc C:\Windows\system32\EFSUTIL.dll
    MD5: d86657285ff0dedb3531100cd6289ffe C:\Windows\system32\ElbyCDIO.dll
    MD5: b68388f16859f6607cbd6379b0519a2f C:\Windows\system32\ElbyVCD.dll
    MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll
    MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll
    MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll
    MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll
    MD5: db603d3fd090c66f9709ef6493c26ba3 c:\windows\system32\FwRemoteSvr.DLL
    MD5: d5cc5113671ac70993a5b46923212f16 C:\Windows\System32\FXSMON.DLL
    MD5: e2f6cc0d191361ee94fea3957653f531 C:\Windows\system32\hidphone.tsp
    MD5: dd3a01e5017cb298136415b13337db72 C:\Windows\System32\hptcpmib.dll
    MD5: 4a4ac3a786937b51cb19c708045cb930 C:\Windows\System32\HpTcpMon.dll
    MD5: 982a03d52d67f4401e83c37d34008cd7 C:\Windows\System32\HPTcpMUI.dll
    MD5: 3584a093e8778c9e5f80ced99f0b7f35 C:\Windows\System32\hpzjrd01.dll
    MD5: 258a532cffaad910b5b14f27dcd7bfb3 C:\Windows\System32\inetpp.dll
    MD5: 4605f7ee9805f7e1c98d6c959dd2949c C:\Windows\system32\kernel32.dll
    MD5: af75dba674e55221b7a055b0a4345f16 C:\Windows\system32\keyiso.dll
    MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\Windows\system32\kmddsp.tsp
    MD5: 4d835f31269d000f68ab10471e404461 C:\Windows\system32\korwbrkr.dll
    MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll
    MD5: c3e0622e21b721ac955be6bcdbeaa7e5 C:\Windows\System32\lkads.exe
    MD5: 47a111a4dc0d67da431df9f91ee09682 C:\Windows\System32\lkcitdl.exe
    MD5: b258cdce34729f2dea3b3a73ece43ee4 C:\Windows\system32\LKDYNAM.dll
    MD5: 0c7abf038f8a8bb2d55973c304e90851 C:\Windows\system32\LKOBENV.dll
    MD5: 8ae8961f376974e9170905fc6332047e C:\Windows\system32\LKSEC.dll
    MD5: c1b6d29fc8a9293fdb4a049ea8e3d1ce C:\Windows\system32\LKSOCK.dll
    MD5: 4ebaa6cb622ee573732d36350ff3ae60 C:\Windows\system32\LKSTIME.dll
    MD5: 3e04e2168c28adea88c05bcdee696a4a C:\Windows\System32\lktsrv.exe
    MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll
    MD5: 724a74ba9b5832a91562d2ac393e540b C:\Windows\System32\localspl.dll
    MD5: 4bc5b6d0b7ba1b92c9610a7eb1bad8ab C:\Windows\system32\lsasrv.dll
    MD5: 398dc10274c0cb861338cfc56e727c9f C:\Windows\System32\lsm.exe
    MD5: 4209095c1923d84eeaad3798b8869d15 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
    MD5: f3f571288cde445881102e385bf3471f C:\Windows\system32\Magnification.dll
    MD5: 3809706eb1866f53abd0b1621b307cc0 C:\Windows\System32\mfds.dll
    MD5: ba54a966f873b043fdfcda0b77937855 C:\Windows\System32\mgmtapi.dll
    MD5: f5777c29e38e4bf12c6f93a0b2f1b2d7 C:\Windows\system32\MSASN1.dll
    MD5: e3477a3942d12e7aa29f65d9e69a4ed4 C:\Windows\System32\MSDvbNP.ax
    MD5: 25fc9e3237d9dc8f7511af13e70c49bc C:\Windows\System32\msmpeg2enc.dll
    MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\System32\msmpeg2vdec.dll
    MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll
    MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL
    MD5: 0ce7a0ffbba93810384b6794c6901f4c C:\Windows\system32\MSSRCH.DLL
    MD5: f40388a19f3be3cec25656ce07392877 C:\Windows\system32\msv1_0.DLL
    MD5: 126b75d50756fe204283d418ae1a66df C:\Windows\system32\MSVCIRT.dll
    MD5: be21c5c05e5e8536f1385100cc8eafa5 C:\Windows\System32\msvidctl.dll
    MD5: 5f610783fbf01f9885d80a1db1a2f220 C:\Windows\system32\NCI.dll
    MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL
    MD5: 3f2deafc463d75611cb9c5e36a8ccf15 c:\windows\system32\ncsi.dll
    MD5: aa11a26692e0db2996caefe9ec61f61f C:\Windows\system32\ndptsp.tsp
    MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL
    MD5: c5b5ccdbf8ed1475240313ed88234e3f C:\Windows\system32\netcfgx.dll
    MD5: c1ae600c554a0ebc6cd211541fa6815f C:\Windows\system32\netjoin.dll
    MD5: eaa75d9000b71f10eec04d2ae6c60e81 C:\Windows\system32\netlogon.DLL
    MD5: 8e6f26523af128dc3b56b89be0aef698 C:\Windows\system32\nidscmem.dll
    MD5: ab4b4cf9b3cad76d71ed44b144e1484a C:\Windows\system32\nisvcloc.dll
    MD5: fb381d34299c626f00d9231822c3aa87 C:\Windows\System32\nisvcloc.exe
    MD5: 16707ec5fd029a4415b138796f0981ce c:\windows\system32\nrpsrv.DLL
    MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll
    MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll
    MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL
    MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll
    MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll
    MD5: dda6cfd632dcb8d9c72ada58799bf776 C:\Windows\System32\PrintIsolationProxy.dll
    MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll
    MD5: 75dd1448b57d1f9382a8b59ed8e3790b C:\Windows\System32\raschap.dll
    MD5: 98963bd29723a373009b017e87be9ce8 C:\Windows\system32\rasppp.dll
    MD5: b5c452baf3a3914ef87628252ea12feb C:\Windows\system32\rastapi.DLL
    MD5: 9015ee5171bcb15653da27024bd27128 C:\Windows\system32\RESUTILS.DLL
    MD5: 469e4f31ac0eebb876fd58ea2dc65ff6 C:\Windows\system32\RTCOM\RtkCfg.dll
    MD5: de326c5e0891ddeb6c076e0af7210967 C:\Windows\system32\RtkAPO.dll
    MD5: 4bef53964dc519550ee030253fc1e25e C:\Windows\system32\SAMSRV.dll
    MD5: 26073302daea83cc5b944c546d6b47d2 C:\Windows\system32\scecli.DLL
    MD5: 1c9cdbdf895a556e66aebfd93a36b536 C:\Windows\system32\SCESRV.dll
    MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll
    MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe
    MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe
    MD5: c2a44c942ec023cf2d5cf144b0f5d146 C:\Windows\system32\spool\PRTPROCS\W32X86\hpzppwn7.dll
    MD5: dbd10464e7246c9e722025debc093d01 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll
    MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL
    MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe
    MD5: 2f94e3709f029512a1bd8f6c108d7b62 C:\Windows\system32\SSCORE.DLL
    MD5: 54c5eb1fd11027fb23bc4f79146ce159 C:\Windows\system32\SspiSrv.dll
    MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL
    MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll
    MD5: 04105c8da62353589c29bdaeb8d88bd8 c:\windows\system32\sysmain.dll
    MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll
    MD5: 0d4e8439ad3159a335fa720e043ea22e C:\Windows\system32\taskcomp.dll
    MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll
    MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll
    MD5: a739793f1a4f04b66e2444e90ae9e694 C:\Windows\system32\tspkg.DLL
    MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll
    MD5: 91da0906b27adc98b7cc9d17f6f8227c C:\Windows\system32\umb.dll
    MD5: f45330f0364bc8223ef835ea5e3ebb8e C:\Windows\system32\unimdm.tsp
    MD5: e675de8cf57d8814218733b3dae896d7 C:\Windows\system32\uniplat.dll
    MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll
    MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll
    MD5: 582c191f861d18b8c937fb9859b80e9c C:\Windows\system32\vpnike.dll
    MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll
    MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll
    MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll
    MD5: 801211dcfd6414ffa48bca661a76c6fa C:\Windows\system32\wbem\wbemcore.dll
    MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll
    MD5: 0e7441be4d8c31c7f94d4e09af8339c8 C:\Windows\system32\wbem\wmidcprv.dll
    MD5: b8f4a6990a6295159792b4ad189d460d C:\Windows\system32\wbem\wmiprvsd.dll
    MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe
    MD5: 23d5ae191d918bb82fd8027e1ba869d4 C:\Windows\system32\wdiasqmmodule.dll
    MD5: 177df28315bf4300ecb5cbeeee961292 c:\windows\system32\webcheck.dll
    MD5: 4262220b609ad082ce66914172597a96 C:\Windows\System32\webservices.dll
    MD5: 2873dfe622f4a3929d93f7bc85ade13e c:\windows\system32\wevtsvc.dll
    MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll
    MD5: e0fe1259d88a89493098d9269144fd5f C:\Windows\system32\wiarpc.dll
    MD5: 2f998e1fca7749e836fdfafe88de9237 C:\Windows\System32\win32spl.dll
    MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe
    MD5: 8ec6a4ab12b8f3759e21f8e3a388f2cf C:\Windows\System32\winlogon.exe
    MD5: 827e4f75901ca3f990b1487d3301841e C:\Windows\system32\winsrv.DLL
    MD5: 81e1423a5d3f0f350307b537d33599fc c:\windows\system32\WLANMSM.DLL
    MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll
    MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll
    MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll
    MD5: de76461d3e5ebe1c762967d21c17b8c0 C:\Windows\system32\wmdrmdev.dll
    MD5: 3d7dd3c29daf738624de918f666f70fa C:\Windows\system32\wmp.dll
    MD5: b315c62e9046bcb58137a49625b6e253 C:\Windows\system32\wmploc.dll
    MD5: ab303e17cd72b3a65ae0e5cda80307f0 C:\Windows\system32\wmpmde.dll
    MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll
    MD5: 206eccf79765e9f3fc6cca04114ee058 C:\Windows\System32\wsdapi.dll
    MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll
    MD5: 596371a825c6abb55e436b6f0966a24f C:\Windows\System32\wsnmp32.dll
    MD5: dd4400813589985677a363f8a589cd02 C:\Windows\system32\wuapi.dll
    MD5: a33408cc036f9c08142b11be5e93f0a1 c:\windows\system32\wuaueng.dll
    MD5: 688975cea9add749e339168a2841205a c:\windows\system32\WUDFPlatform.dll
    MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL


    No file uploaded.

    Scan finished - communication took 3 sec
    Total traffic - 0.02 MB sent, 2.31 KB recvd
    Scanned 1255 files and modules - 164 seconds

    ==============================================================================
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...