Solved Sirefef.Fc Trojan!!!

aliano · Aug 13, 2012

Nod32 has detected Win32/Sirefef.FcTrojan(related to:system32/srevices.exe) but isn't able to clean it!!Please help me to get rid of this trojan and Nod32 annoying warnings

Broni · Aug 13, 2012

Welcome aboard

Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

aliano · Aug 14, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.11.01

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Clinic 123 :: CLINIC123-PC [administrator]

Protection: Enabled

8/11/2012 1:15:25 PM
mbam-log-2012-08-11 (13-15-25).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 196266
Time elapsed: 11 minute(s), 2 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and repaired successfully.

Folders Detected: 0
(No malicious items detected)

Files Detected: 5
C:\Users\Clinic 123\AppData\Local\Temp\29CF.tmp (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Clinic 123\AppData\Local\Temp\KMP_3.2.0.0.exe (PUP.ToolbarDownloader) -> Quarantined and deleted successfully.
C:\Users\Clinic 123\Local Settings\Temporary Internet Files\Content.IE5\0GKE56Z0\soft4[2].exe (Trojan.LameShield) -> Quarantined and deleted successfully.
C:\Users\Clinic 123\Local Settings\Temporary Internet Files\Content.IE5\QRALINED\soft5[1].exe (RootKit.0Access) -> Quarantined and deleted successfully.
C:\Users\Clinic 123\Desktop\explorer.exe (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.

(end)

Broni · Aug 14, 2012

Go on...

aliano · Aug 14, 2012

No gmer log
=============================================================================================
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.7600.16385
Run by Clinic 123 at 0:46:51 on 2012-08-15
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1190 [GMT 4.5:30]
.
AV: ESET Smart Security 4.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 4.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Windows\system32\lkcitdl.exe
C:\Windows\system32\lkads.exe
C:\Windows\system32\lktsrv.exe
C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
C:\Windows\system32\nisvcloc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HP\HP UT\bin\hppusg.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\GoldenDict\GoldenDict.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\explorer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
BHO: IDM integration (IDMIEHlprObj Class): {0055c089-8582-441b-a0bf-17b458c2a3a8} - c:\program files\internet download manager\IDMIECC.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~2\office12\GR469A~1.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
uRun: [IDMan] c:\program files\internet download manager\IDMan.exe /onboot
uRun: [GoldenDict] "c:\program files\goldendict\GoldenDict.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [VirtualCloneDrive] "c:\program files\elaborate bytes\virtualclonedrive\VCDDaemon.exe" /s
mRun: [HPPQVideo] "c:\program files\hp\scheduledlaunch\hp color laserjet cp1510 series\bin\hppschlnch.exe" -r software\hewlett-packard\scheduledlaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater
mRun: [ToolBoxFX] "c:\program files\hp\toolboxfx\bin\HPTLBXFX.exe" /enum

n /alerts

n /notifications

n /fl

n /fr

n /appData

n
mRun: [hpbdfawep] c:\program files\hp\dfawep\bin\hpbdfawep.exe 1
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [HPUsageTracking] "c:\program files\hp\hp ut\bin\hppusg.exe" "c:\program files\hp\hp ut\"
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\tmmoni~1.lnk - c:\program files\arcsoft\totalmedia 3.5\TMMonitor.exe
uPolicies-explorer: HideSCAHealth = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: PromptOnSecureDesktop = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
IE: Download all links with IDM - c:\program files\internet download manager\IEGetAll.htm
IE: Download with IDM - c:\program files\internet download manager\IEExt.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7} : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7}\3586164756C6F584 : DhcpNameServer = 192.168.1.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\progra~1\micros~2\office12\GRA32A~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~2\office12\GR469A~1.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\clinic 123\appdata\roaming\mozilla\firefox\profiles\2yxm0cjs.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 fmsg;fmsg;c:\windows\system32\drivers\fmsg.sys [2011-5-6 11264]
R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-8-26 176128]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2011-5-6 21992]
R2 eamonm;eamonm;c:\windows\system32\drivers\eamonm.sys [2010-7-29 136632]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2010-8-12 810144]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2010-7-29 41336]
R2 IDMWFP;IDMWFP;c:\windows\system32\drivers\idmwfp.sys [2012-4-25 96056]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-8-11 655944]
R2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\drivers\RtNdPt60.sys [2011-5-5 27648]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24 370688]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2012-7-21 2673064]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2010-8-26 6380032]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2010-8-26 221696]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [2011-5-5 101904]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-3-31 242240]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-8-11 22344]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2011-5-5 362600]
R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]
R3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2011-5-5 19968]
S2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [2011-8-22 1327104]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\drivers\IT9135BDA.sys [2011-4-26 145920]
S3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2011-5-5 43520]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\drivers\RtVlan60.sys [2011-5-5 19968]
S3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\drivers\RtTeam60.sys [2011-5-5 43520]
S3 TwonkyMedia;TwonkyMedia;c:\program files\nokia\nokia home media server\media server\twonkymedia.exe -serviceversion 0 --> c:\program files\nokia\nokia home media server\media server\TwonkyMedia.exe -serviceversion 0 [?]
.
=============== Created Last 30 ================
.
2012-08-11 08:18:03 -------- d-----w- c:\users\clinic 123\appdata\roaming\Malwarebytes
2012-08-11 08:17:07 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 08:17:06 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-11 08:17:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-10 08:04:42 -------- d-s---w- C:\ComboFix
2012-08-09 09:25:13 -------- d-----w- c:\windows\system32\DBBK
2012-08-03 14:05:01 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-27 15:03:51 -------- d-----w- c:\program files\Throttle
2012-07-27 14:28:20 -------- d-----w- c:\program files\Your Freedom
2012-07-21 15:31:28 -------- d-----w- c:\users\clinic 123\temp
2012-07-21 15:31:13 -------- d-----w- c:\program files\TeamViewer
2012-07-19 10:07:58 -------- d-----w- c:\users\clinic 123\appdata\local\Programs
2012-07-18 09:29:08 -------- d-----w- c:\users\clinic 123\appdata\local\ArcSoft
2012-07-18 09:29:07 -------- d-----w- c:\programdata\ArcSoft
2012-07-18 09:28:33 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2012-07-18 09:27:22 245408 ----a-w- c:\windows\system32\unicows.dll
2012-07-18 09:25:37 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-07-18 09:25:37 225280 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-07-18 09:25:37 176128 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-07-18 09:25:36 77824 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-07-18 09:24:57 -------- d-----w- c:\program files\My Company Name
.
==================== Find3M ====================
.
.
============= FINISH: 0:47:43.29 ===============
===========================================================================================
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 5/6/2011 7:48:19 AM
System Uptime: 8/14/2012 11:53:19 PM (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | 945PL-S3
Processor: Intel(R) Pentium(R) 4 CPU 3.00GHz | Socket 775 | 3014/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 73 GiB total, 25.352 GiB free.
D: is FIXED (NTFS) - 196 GiB total, 29.598 GiB free.
E: is FIXED (NTFS) - 196 GiB total, 26.933 GiB free.
F: is FIXED (NTFS) - 15 GiB total, 8.162 GiB free.
G: is FIXED (NTFS) - 45 GiB total, 20.159 GiB free.
H: is CDROM ()
I: is FIXED (NTFS) - 45 GiB total, 26.623 GiB free.
J: is FIXED (NTFS) - 45 GiB total, 7.651 GiB free.
K: is CDROM ()
L: is CDROM ()
O: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: PCI Simple Communications Controller
Device ID: PCI\VEN_14F1&DEV_1056&SUBSYS_105614F1&REV_08\4&BC67B8D&0&00F0
Manufacturer:
Name: PCI Simple Communications Controller
PNP Device ID: PCI\VEN_14F1&DEV_1056&SUBSYS_105614F1&REV_08\4&BC67B8D&0&00F0
Service:
.
==== System Restore Points ===================
.
RP114: 7/26/2012 1:57:50 AM - Scheduled Checkpoint
RP115: 8/2/2012 9:51:30 PM - Scheduled Checkpoint
RP117: 8/9/2012 1:54:49 PM - Panda ZAcccess init
RP119: 8/9/2012 2:02:54 PM - Panda ZAcccess Cleanup
.
==== Installed Programs ======================
.
7-Zip 9.20
Adobe Flash Player 11 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player 11.6
AMD Drag and Drop Transcoding
Angry Birds Space v1.0.0.2 Full
ArcSoft TotalMedia 3.5
ATI AVIVO Codecs
ATI Catalyst Install Manager
BufferChm
Cadence License Manager
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CoreAVC Professional Edition (remove only)
COWON Media Center - jetAudio Plus VX
CPUID CPU-Z 1.57.1
Crystal XI
CustomerResearchQFolder
DAEMON Tools Pro
DeviceDiscovery
DeviceManagementQFolder
Diagnostic Utility
Driver Detective
Electronics Workbench V5.12
ESET Online Scanner v3
ESET Smart Security
eSupportQFolder
GetDataBack for NTFS
GoldenDict
Google Chrome
HI-TECH C51-lite V9.60PL0
HI-TECH PICC lite V9.60PL0
High-Definition Video Playback
HP Color LaserJet CP1510 Series 2.0
HP Customer Participation Program 9.0
HP Imaging Device Functions 9.0
HP LaserJet 1100
HP Solution Center 9.0
HP Update
HPCarePackCore
HPCarePackProducts
hppCLJCP1510
hppFonts
hppManualsCP1510
hppPQVideoCP1510
HPProductAssistant
hppTLBXFXCP1510
hppusgCP1510
HPSSupply
hpzTLBXFX
HydraVision
ImTOO Video Editor 2
Internet Download Manager
ITE9135 Driver 32bit
Java Auto Updater
Java(TM) 7 Update 3
K-Lite Codec Pack 7.7.0 (Full)
Macromedia Flash Player 8
Malwarebytes Anti-Malware version 1.62.0.1300
MarketResearch
MATLAB R2009a
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 8.0.1 (x86 en-US)
National Instruments Software
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscCopy Gadget 10
Nero DiscCopyGadget 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero Kwik Media
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
NeroKwikMedia Help (CHM)
NI Circuit Design Suite 10 Core
NI Circuit Design Suite 10 Pro
NI Circuit Design Suite Support and Upgrade Utility
NI EULA Depot
NI LabVIEW Run-Time Engine 8.0.1
NI LabVIEW Run-Time Engine 8.2
NI LabWindows/CVI 8.0.1 Run-Time Engine
NI License Manager
NI Logos 4.7
NI Math Kernel Libraries
NI MDF Support
NI Service Locator
NI TDMS
NI Uninstaller
NI USI 1.3.0
Nokia Connectivity Cable Driver
Nokia Flashing Cable Driver
Nokia Home Media Server
Nokia Map Loader
Nokia Music
Nokia Ovi Application Installer
Nokia Ovi Application Installer 6.85.3011
Nokia Ovi Content Copier
Nokia Ovi Content Copier 6.85.3011
Nokia Ovi One Touch Access
Nokia Ovi One Touch Access 6.85.3011
Nokia Ovi Suite
Nokia Ovi System Utilities
Nokia Ovi System Utilities 6.85.3013
Nokia Photos
Nokia Software Updater
Orcad Family Release 9.2 Standalone
PC Connectivity Solution
pes 2012
Power System Toolbox
PowerWorld Simulator Education/Evaluation Edition
pro evolution soccer 2011 2011
Product_SF_Full_QFolder
Product_SF_Min_QFolder
Rayman Origins
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Release OrCAD 16.0
SolutionCenter
Super Smasher 1.0.1
swMSM
TeamViewer 7
The KMPlayer (remove only)
Total Video Converter 3.71 100812
TrayApp
TwonkyMedia
UltraISO Premium V9.36
Unknown Device Identifier 7.00
VirtualCloneDrive
VLC media player 1.1.10
VobSub v2.23 (Remove Only)
WebReg
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
WinRAR 4.00 (32-bit)
Your Freedom 20120709-01
.
==== Event Viewer Messages From Past Week ========
.
8/9/2012 2:58:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
8/9/2012 2:58:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
8/9/2012 2:58:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
8/9/2012 2:58:43 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
8/9/2012 2:58:36 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ehdrv ElbyCDIO spldr Wanarpv6
8/9/2012 2:58:36 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.
8/9/2012 2:57:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the Power service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 2:57:09 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Reboot the machine) after the unexpected termination of the DCOM Server Process Launcher service, but this action failed with the following error: A system shutdown has already been scheduled.
8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The Power service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The Plug and Play service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/9/2012 2:57:09 PM, Error: Service Control Manager [7031] - The DCOM Server Process Launcher service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Reboot the machine.
8/14/2012 6:09:08 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the lmhosts service.
8/14/2012 11:53:50 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
8/14/2012 11:53:37 PM, Error: Service Control Manager [7000] - The Sentinel service failed to start due to the following error: The system cannot find the device specified.
8/14/2012 11:53:37 PM, Error: Service Control Manager [7000] - The atksgt service failed to start due to the following error: This driver has been blocked from loading
8/14/2012 11:53:37 PM, Error: Application Popup [875] - Driver atksgt.sys has been blocked from loading.
8/10/2012 11:28:46 AM, Error: Service Control Manager [7003] - The epfwwfp service depends the following service: BFE. This service might not be installed.
8/10/2012 11:28:27 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
8/10/2012 11:28:26 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
.
==== End Of File ===========================

Broni · Aug 14, 2012

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

=================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.

aliano · Aug 15, 2012

RogueKiller V7.6.6 [08/10/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Clinic 123 [Admin rights]
Mode: Scan -- Date: 08/15/2012 16:05:16

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 4 ¤¤¤
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L --> FOUND
[ZeroAccess][FILE] n : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n --> FOUND
[ZeroAccess][FILE] @ : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@ --> FOUND
[ZeroAccess][FOLDER] U : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\users\clinic 123\appdata\local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L --> FOUND

¤¤¤ Driver: [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

127.0.0.1 activation.nero.com
127.0.0.1 tonec.com
127.0.0.1 www.tonec.com
127.0.0.1 registeridm.com
127.0.0.1 3dns-5.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate.wip4.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST3500413AS ATA Device +++++
--- User ---
[MBR] 8ef4e726cdec43bf1f21ac3158589d81
[BSP] e7a8c8b769c7acf0e64870223dd59ce4 : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 74899 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 153600000 | Size: 201000 Mo
3 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 565248000 | Size: 200937 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6V160E0 ATA Device +++++
--- User ---
[MBR] 37bb50b30839bcf0f5b245b78edbeb5d
[BSP] d22d4f849956e5c34f8c1c414c18e51d : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 15366 Mo
1 - [XXXXXX] EXTEN (0x05) [VISIBLE] Offset (sectors): 31471335 | Size: 137242 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

===========================================================================================

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-15 16:07:53
-----------------------------
16:07:53.298 OS Version: Windows 6.1.7600
16:07:53.299 Number of processors: 2 586 0x409
16:07:53.302 ComputerName: CLINIC123-PC UserName: Clinic 123
16:07:54.191 Initialize success
16:08:27.767 AVAST engine download error: 0
16:08:55.934 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:08:55.941 Disk 0 Vendor: ST3500413AS JC45 Size: 476938MB BusType: 3
16:08:55.948 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-1
16:08:55.953 Disk 1 Vendor: Maxtor_6V160E0 VA111900 Size: 152626MB BusType: 3
16:08:55.967 Disk 0 MBR read successfully
16:08:55.974 Disk 0 MBR scan
16:08:55.983 Disk 0 Windows 7 default MBR code
16:08:55.998 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
16:08:56.014 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 74899 MB offset 206848
16:08:56.036 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 201000 MB offset 153600000
16:08:56.044 Disk 0 Partition - 00 0F Extended LBA 200937 MB offset 565248000
16:08:56.083 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 200936 MB offset 565250048
16:08:56.117 Disk 0 scanning sectors +976766976
16:08:56.186 Disk 0 scanning C:\Windows\system32\drivers
16:09:03.353 Service scanning
16:09:15.429 Modules scanning
16:09:32.687 Disk 0 trace - called modules:
16:09:32.832 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys halmacpi.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys USBPORT.SYS usbuhci.sys dxgkrnl.sys atikmpag.sys atikmdag.sys dxgmms1.sys hidusb.sys HIDCLASS.SYS HIDPARSE.SYS mouhid.sys mouclass.sys??
16:09:32.836 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e68a38]
16:09:32.838 3 CLASSPNP.SYS[88faf59e] -> nt!IofCallDriver -> [0x85d8c4e8]
16:09:32.839 5 ACPI.sys[83ab13b2] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x850af610]
16:09:32.841 7 mouhid.sys[99d7778b] -> nt!IofCallDriver -> \Device\00000076[0x86f5f030]
16:09:32.842 9 hidusb.sys[99d50391] -> nt!IofCallDriver -> \Device\USBPDO-5[0x86eec030]
16:09:32.843 11 usbhub.sys[96683c89] -> nt!IofCallDriver -> \Device\USBPDO-1[0x865ce028]
16:09:32.862 Scan finished successfully
16:10:24.357 Disk 0 MBR has been saved successfully to "C:\Users\Clinic 123\Desktop\MBR.dat"
16:10:24.386 The log file has been saved successfully to "C:\Users\Clinic 123\Desktop\aswMBR.txt"

Broni · Aug 15, 2012

For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:

Restart the computer.
As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
Use the arrow keys to select the Repair your computer menu item.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:

Insert the installation disc.
Restart your computer.
If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
Click Repair your computer.
Select US as the keyboard language settings, and then click Next.
Select the operating system you want to repair, and then click Next.
Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

- Startup Repair
  System Restore
  Windows Complete PC Restore
  Windows Memory Diagnostic Tool
  Command Prompt
Select Command Prompt
In the command window type in notepad and press Enter.
The notepad opens. Under File menu select Open.
Select "Computer" and find your flash drive letter and close the notepad.
In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
Note: Replace letter e with the drive letter of your flash drive.
The tool will start to run.
When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt

aliano · Aug 15, 2012

FRST.txt :

Scan result of Farbar Recovery Scan Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 15-08-2012 23:40:23
Running from M:\
Windows 7 Ultimate (X86) OS Language: English(US)
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [98304 2010-08-25] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-26] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [9210400 2010-04-30] (Realtek Semiconductor)
HKLM\...\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s [52392 2009-01-29] (Elaborate Bytes AG)
HKLM\...\Run: [HPPQVideo] "C:\Program Files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o remindLater [x]
HKLM\...\Run: [ToolBoxFX] "C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe" /enum

n /alerts

n /notifications

n /fl

n /fr

n /appData

n [53248 2007-08-27] (HP)
HKLM\...\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe 1 [954368 2007-04-25] ()
HKLM\...\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [49152 2007-03-11] (Hewlett-Packard Co.)
HKLM\...\Run: [] [x]
HKLM\...\Run: [HPUsageTracking] "C:\Program Files\HP\HP UT\bin\hppusg.exe" "C:\Program Files\HP\HP UT\" [36864 2007-05-08] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2215064 2010-08-12] (ESET)
HKLM\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [39792 2008-01-11] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [252296 2012-01-16] (Sun Microsystems, Inc.)
HKLM\...\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207360 2010-03-17] (ArcSoft Inc.)
HKLM\...\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray [462920 2012-07-03] (Malwarebytes Corporation)
HKU\Clinic 123\...\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot [3487128 2012-04-23] (Tonec Inc.)
HKU\Clinic 123\...\Run: [GoldenDict] "C:\Program Files\GoldenDict\GoldenDict.exe" [2411520 2010-12-04] (GoldenDict)
HKU\Clinic 123\...\Run: [SysDir] "C:\ProgramData\SysApp\SysDir.exe" /Hide [6738432 2012-07-20] (Microsoft)
HKU\Default\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
HKU\Default User\...\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe [1173504 2009-07-13] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Startup: C:\Users\All Users\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)

================================ Services (Whitelisted) ==================

2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-17] (ArcSoft Inc.)
2 Cadence License Manager; C:\OrCAD\license_manager\lmgrd.exe [1327104 2007-03-18] (Macrovision Corporation)
3 EhttpSrv; "C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe" [33584 2010-08-12] (ESET)
2 ekrn; "C:\Program Files\ESET\ESET Smart Security\ekrn.exe" [810144 2010-08-12] (ESET)
2 eventlog; C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [20992 2009-07-13] (Microsoft Corporation)
2 LkCitadelServer; C:\Windows\system32\lkcitdl.exe [688190 2006-06-19] (National Instruments, Inc.)
2 lkClassAds; C:\Windows\system32\lkads.exe [45056 2006-07-25] (National Instruments, Inc.)
2 lkTimeSync; C:\Windows\system32\lktsrv.exe [57344 2006-07-25] (National Instruments, Inc.)
2 MBAMService; "C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe" [655944 2012-07-03] (Malwarebytes Corporation)
2 NIDomainService; "C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe" [200704 2006-07-25] (National Instruments, Inc.)
3 NILM License Manager; "C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe" [1007616 2006-06-27] (Macrovision Corporation)
2 niSvcLoc; C:\Windows\system32\nisvcloc.exe -s [49152 2006-02-06] (National Instruments Corp.)
3 ServiceLayer; "C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe" [620544 2008-11-10] (Nokia.)
2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
3 TwonkyMedia; C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe -serviceversion 0 [102400 2009-01-29] (PacketVideo)

========================== Drivers (Whitelisted) =============

3 Afc; C:\Windows\System32\drivers\Afc.sys [18688 2006-11-10] (Arcsoft, Inc.)
3 AtiHDAudioService; C:\Windows\System32\drivers\AtihdW73.sys [101904 2010-07-15] (ATI Technologies, Inc.)
2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278728 2011-07-01] ()
2 cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [21992 2010-11-09] (CPUID)
2 cvintdrv; C:\Windows\System32\Drivers\cvintdrv.sys [4096 2006-07-26] ()
3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-03-31] (DT Soft Ltd)
2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [136632 2010-07-29] (ESET)
1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [115008 2010-07-29] (ESET)
1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24232 2009-02-17] (Elaborate Bytes AG)
2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [134512 2010-07-29] (ESET)
3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [32608 2010-07-29] (ESET)
2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [41336 2010-07-29] (ESET)
0 fmsg; C:\Windows\System32\DRIVERS\fmsg.sys [11264 2011-05-06] (Windows (R) Win 7 DDK provider)
2 IDMWFP; C:\Windows\System32\DRIVERS\idmwfp.sys [96056 2012-04-23] (Tonec Inc.)
1 ISODrive; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-28] (EZB Systems, Inc.)
3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [145920 2011-04-26] (ITE )
2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2011-07-01] ()
3 MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [22344 2012-07-03] (Malwarebytes Corporation)
2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [27648 2009-07-19] (Realtek )
3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam60.sys [43520 2009-12-21] (Realtek Corporation)
3 RTVLANPT; C:\Windows\System32\DRIVERS\RtVlan60.sys [19968 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
2 Sentinel; C:\Windows\System32\Drivers\SENTINEL.SYS [64512 1998-07-22] ()
3 TEAM; C:\Windows\System32\DRIVERS\RtTeam60.sys [43520 2009-12-21] (Realtek Corporation)
3 upperdev; C:\Windows\System32\DRIVERS\usbser_lowerflt.sys [8064 2008-09-14] (Windows (R) Codename Longhorn DDK provider)
3 UsbFltr; C:\Windows\System32\Drivers\UsbFltr.sys [9600 2007-04-08] (Waytech Development, Inc.)
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltj.sys [8064 2008-09-14] (Windows (R) Codename Longhorn DDK provider)
3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [19968 2007-12-02] (Windows (R) Codename Longhorn DDK provider)
4 sptd; C:\Windows\System32\Drivers\sptd.sys [x]
3 UIUSys; C:\Windows\System32\DRIVERS\UIUSYS.SYS [x]

========================== NetSvcs (Whitelisted) ===========

============ One Month Created Files and Folders ==============

2012-08-15 07:52 - 2012-08-15 07:52 - 00001472 ____A C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
2012-08-15 06:49 - 2012-08-15 06:49 - 00001725 ____A C:\Users\Clinic 123\Desktop\SysDir.lnk
2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysDll
2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysDir
2012-08-15 06:49 - 2012-08-15 06:49 - 00000000 ____D C:\Users\All Users\SysApp
2012-08-15 06:47 - 2012-07-24 15:09 - 00000000 ____D C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com
2012-08-15 03:40 - 2012-08-15 03:40 - 00002564 ____A C:\Users\Clinic 123\Desktop\aswMBR.txt
2012-08-15 03:40 - 2012-08-15 03:40 - 00000512 ____A C:\Users\Clinic 123\Desktop\MBR.dat
2012-08-15 03:35 - 2012-08-15 03:35 - 00003130 ____A C:\Users\Clinic 123\Desktop\RKreport[1].txt
2012-08-15 03:33 - 2012-08-15 03:35 - 00000000 ____D C:\Users\Clinic 123\Desktop\RK_Quarantine
2012-08-15 03:33 - 2012-08-15 03:33 - 00000326 ____A C:\Windows\Tasks\HP WEP.job
2012-08-15 03:32 - 2012-08-15 03:33 - 01558528 ____A C:\Users\Clinic 123\Desktop\RogueKiller.exe
2012-08-14 12:40 - 2012-08-14 13:13 - 15728640 ____A C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
2012-08-14 12:15 - 2012-08-14 12:16 - 00607260 ____R (Swearware) C:\Users\Clinic 123\Desktop\dds.com
2012-08-14 12:10 - 2012-08-14 12:10 - 00389403 ____A C:\Users\Clinic 123\Downloads\Device-007-TMBC.jar
2012-08-14 01:58 - 2012-08-14 01:58 - 00000000 ____A C:\Users\Clinic 123\Desktop\gmer.log
2012-08-14 01:44 - 2012-08-14 01:44 - 00302592 ____A C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
2012-08-11 01:10 - 2012-08-11 01:12 - 00421888 ____A C:\Users\Clinic 123\Downloads\adwcleaner.exe.part
2012-08-11 01:08 - 2012-08-11 01:10 - 04731392 ____A (AVAST Software) C:\Users\Clinic 123\Desktop\aswMBR.exe
2012-08-11 00:18 - 2012-08-11 00:18 - 00000000 ____D C:\Users\Clinic 123\AppData\Roaming\Malwarebytes
2012-08-11 00:17 - 2012-08-11 00:17 - 00001072 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 00:17 - 2012-08-11 00:17 - 00000000 ____D C:\Users\All Users\Malwarebytes
2012-08-11 00:17 - 2012-08-11 00:17 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2012-08-11 00:17 - 2012-07-03 01:16 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-08-11 00:12 - 2012-08-11 00:15 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Clinic 123\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-10 00:04 - 2012-08-10 00:04 - 00000000 ___SD C:\ComboFix
2012-08-10 00:04 - 2012-08-10 00:04 - 00000000 ____D C:\Qoobox
2012-08-09 23:31 - 2012-08-09 23:33 - 04728003 ____R (Swearware) C:\Users\Clinic 123\Downloads\ComboFix.exe
2012-08-09 23:07 - 2012-08-09 23:08 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Clinic 123\Desktop\tdsskiller.exe
2012-08-09 23:05 - 2012-08-09 23:06 - 00881494 ____A C:\Users\Clinic 123\Downloads\SecurityCheck.exe
2012-08-09 01:25 - 2012-08-09 01:29 - 00000000 ____D C:\Windows\System32\DBBK
2012-08-06 13:50 - 2012-08-07 17:02 - 113307579 ____A C:\Users\Clinic 123\Downloads\OmidNoroozi_06_60KG_Amin-TopGoal.mkv
2012-08-05 01:27 - 2012-08-05 01:27 - 00033372 ____A C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
2012-08-04 07:39 - 2012-08-04 07:39 - 01174564 ____A C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
2012-08-03 06:05 - 2012-08-03 06:05 - 00000000 __SHD C:\Windows\System32\%APPDATA%
2012-08-03 04:30 - 2012-08-03 04:30 - 00741067 ____A C:\Users\Clinic 123\Downloads\Unconfirmed 39336 (1).crdownload
2012-08-03 03:44 - 2012-08-03 03:44 - 00407872 ____A C:\Users\Clinic 123\Desktop\iexplore.exe
2012-08-03 03:42 - 2012-08-03 03:43 - 00407872 ____A C:\Users\Clinic 123\Desktop\pkiller.exe
2012-08-03 03:30 - 2010-03-23 22:39 - 00072268 ____A C:\Users\Clinic 123\Desktop\procexp.chm
2012-08-03 03:30 - 2006-07-27 21:02 - 00007005 ____A C:\Users\Clinic 123\Desktop\Eula.txt
2012-08-03 03:29 - 2012-08-03 03:29 - 01144963 ____A C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
2012-08-02 03:25 - 2012-08-02 03:25 - 00455534 ____A C:\Users\Clinic 123\Downloads\PortBaz Server.zip
2012-08-02 02:56 - 2012-08-02 02:57 - 00527972 ____A C:\Users\Clinic 123\Downloads\93ixvsmkce49rqbjamct.zip
2012-07-31 04:30 - 2012-07-31 04:30 - 00019456 __ASH C:\Users\Clinic 123\Desktop\Thumbs.db
2012-07-31 04:30 - 2012-07-31 04:30 - 00018432 __ASH C:\Users\Clinic 123\Downloads\Thumbs.db
2012-07-31 04:27 - 2012-07-31 04:27 - 00000010 ____A C:\Users\Clinic 123\Desktop\New Text Document (3).txt
2012-07-28 02:54 - 2012-07-28 09:30 - 08373593 ____A C:\Users\Clinic 123\Downloads\Opening_Ceremony_2012_03_HDrip_Amin-TopGoal.mkv
2012-07-28 00:44 - 2012-07-28 00:45 - 02955776 ____A (Arya Rasaneh Tadbir/Shatel) C:\Users\Clinic 123\Downloads\CSAgent.exe
2012-07-27 18:18 - 2012-07-28 17:12 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.002
2012-07-27 12:44 - 2012-07-29 17:10 - 208951449 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.003
2012-07-27 09:48 - 2012-07-27 18:18 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.001
2012-07-27 07:03 - 2012-07-28 01:20 - 00000000 ____D C:\Program Files\Throttle
2012-07-27 06:28 - 2012-07-27 06:28 - 00000000 ____D C:\Program Files\Your Freedom
2012-07-27 04:18 - 2012-08-08 17:18 - 13548027 ____A C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
2012-07-26 02:35 - 2012-07-26 02:35 - 00112405 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.htm
2012-07-26 02:35 - 2012-07-26 02:35 - 00017835 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.txt
2012-07-26 02:35 - 2012-07-26 02:35 - 00000000 ____D C:\Users\Clinic 123\Desktop\newstext.aspx_files
2012-07-26 02:30 - 2012-07-26 02:30 - 00542963 ____A C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht
2012-07-25 03:32 - 2012-07-27 05:07 - 00000142 ____A C:\Users\Clinic 123\Desktop\New Text Document (2).txt
2012-07-23 02:14 - 2012-07-23 02:14 - 00063371 ____A C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm
2012-07-23 02:14 - 2012-07-23 02:14 - 00000000 ____D C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files
2012-07-23 00:17 - 2012-07-23 00:19 - 07184042 ____A C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
2012-07-22 07:04 - 2012-07-22 07:18 - 13906796 ____A C:\Users\Clinic 123\Desktop\dump.log
2012-07-22 01:05 - 2012-07-22 01:08 - 11626496 ____A C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
2012-07-22 00:37 - 2012-07-22 00:40 - 13068288 ____A C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
2012-07-21 11:35 - 2012-07-23 00:09 - 00000000 ____D C:\Users\Clinic 123\Downloads\Farman Fathalian
2012-07-21 07:32 - 2012-07-21 07:32 - 00779887 ____A C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
2012-07-21 07:31 - 2012-07-21 07:31 - 00001125 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-07-21 07:31 - 2012-07-21 07:31 - 00000000 ____D C:\Program Files\TeamViewer
2012-07-21 07:29 - 2012-07-21 07:30 - 04660082 ____A C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
2012-07-21 07:23 - 2011-05-09 20:21 - 00000000 ____D C:\Users\Clinic 123\Desktop\Remote Desktop Limitation
2012-07-21 07:18 - 2012-07-21 07:18 - 00000000 ___AH C:\Users\Clinic 123\Documents\Default.rdp
2012-07-21 06:01 - 2012-08-13 07:09 - 00000000 ____D C:\Users\Clinic 123\Downloads\Farshid AMin
2012-07-21 06:00 - 2012-07-21 06:00 - 01130052 ____A C:\Users\Clinic 123\Desktop\TehranMusic.zip
2012-07-21 01:40 - 2012-07-21 01:42 - 07629893 ____A C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
2012-07-20 16:38 - 2012-07-20 16:38 - 00002304 ____A C:\Users\Clinic 123\Desktop\Google Chrome.lnk
2012-07-20 16:09 - 2012-07-19 11:34 - 00003531 ____A C:\Users\Clinic 123\Desktop\sdoacg.txt
2012-07-19 02:05 - 2012-07-19 02:06 - 00858655 ____A C:\Users\Clinic 123\Desktop\36498273492.rar
2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\Clinic 123\Documents\ArcSoft ToGo
2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\Clinic 123\AppData\Local\ArcSoft
2012-07-18 01:29 - 2012-07-18 01:29 - 00000000 ____D C:\Users\All Users\ArcSoft
2012-07-18 01:28 - 2012-07-20 01:30 - 00000000 ____D C:\Users\Clinic 123\AppData\Roaming\ArcSoft
2012-07-18 01:28 - 2012-07-18 01:28 - 00001964 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2012-07-18 01:28 - 2006-11-10 02:35 - 00018688 ____A (Arcsoft, Inc.) C:\Windows\System32\Drivers\afc.sys
2012-07-18 01:27 - 2012-07-18 01:28 - 00000000 ____D C:\Program Files\Common Files\ArcSoft
2012-07-18 01:27 - 2012-07-18 01:27 - 00000000 ____D C:\Program Files\ArcSoft
2012-07-18 01:27 - 2005-04-27 04:06 - 00245408 ____A (Microsoft Corporation) C:\Windows\System32\unicows.dll
2012-07-18 01:24 - 2012-07-18 01:24 - 00000000 ____D C:\Program Files\My Company Name
2012-07-17 01:24 - 2012-07-17 01:24 - 00000000 ____D C:\Program Files\Gabest

============ 3 Months Modified Files ========================

2012-08-15 11:03 - 2011-05-05 07:57 - 00793834 ____A C:\Windows\System32\PerfStringBackup.INI
2012-08-15 07:52 - 2012-08-15 07:52 - 00001472 ____A C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
2012-08-15 06:49 - 2012-08-15 06:49 - 00001725 ____A C:\Users\Clinic 123\Desktop\SysDir.lnk
2012-08-15 03:40 - 2012-08-15 03:40 - 00002564 ____A C:\Users\Clinic 123\Desktop\aswMBR.txt
2012-08-15 03:40 - 2012-08-15 03:40 - 00000512 ____A C:\Users\Clinic 123\Desktop\MBR.dat
2012-08-15 03:35 - 2012-08-15 03:35 - 00003130 ____A C:\Users\Clinic 123\Desktop\RKreport[1].txt
2012-08-15 03:33 - 2012-08-15 03:33 - 00000326 ____A C:\Windows\Tasks\HP WEP.job
2012-08-15 03:33 - 2012-08-15 03:32 - 01558528 ____A C:\Users\Clinic 123\Desktop\RogueKiller.exe
2012-08-15 03:27 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:27 - 2009-07-13 20:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-08-15 03:25 - 2012-03-25 06:39 - 00001696 ____A C:\users\Clinic
2012-08-15 03:22 - 2011-09-10 01:17 - 00054141 ____A C:\Windows\setupact.log
2012-08-15 03:22 - 2009-07-13 20:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-08-14 13:21 - 2011-05-05 07:51 - 01871041 ____A C:\Windows\WindowsUpdate.log
2012-08-14 13:13 - 2012-08-14 12:40 - 15728640 ____A C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
2012-08-14 12:16 - 2012-08-14 12:15 - 00607260 ____R (Swearware) C:\Users\Clinic 123\Desktop\dds.com
2012-08-14 12:10 - 2012-08-14 12:10 - 00389403 ____A C:\Users\Clinic 123\Downloads\Device-007-TMBC.jar
2012-08-14 01:58 - 2012-08-14 01:58 - 00000000 ____A C:\Users\Clinic 123\Desktop\gmer.log
2012-08-14 01:44 - 2012-08-14 01:44 - 00302592 ____A C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
2012-08-13 13:02 - 2011-05-06 03:51 - 00024805 ____A C:\Windows\deff1.dat
2012-08-12 04:51 - 2011-06-06 23:04 - 00000116 ____A C:\Windows\NeroDigital.ini
2012-08-11 01:12 - 2012-08-11 01:10 - 00421888 ____A C:\Users\Clinic 123\Downloads\adwcleaner.exe.part
2012-08-11 01:10 - 2012-08-11 01:08 - 04731392 ____A (AVAST Software) C:\Users\Clinic 123\Desktop\aswMBR.exe
2012-08-11 01:02 - 2011-09-18 03:51 - 00004278 ____A C:\Windows\PFRO.log
2012-08-11 00:17 - 2012-08-11 00:17 - 00001072 ____A C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2012-08-11 00:15 - 2012-08-11 00:12 - 10652120 ____A (Malwarebytes Corporation ) C:\Users\Clinic 123\Downloads\mbam-setup-1.62.0.1300.exe
2012-08-09 23:33 - 2012-08-09 23:31 - 04728003 ____R (Swearware) C:\Users\Clinic 123\Downloads\ComboFix.exe
2012-08-09 23:08 - 2012-08-09 23:07 - 02136664 ____A (Kaspersky Lab ZAO) C:\Users\Clinic 123\Desktop\tdsskiller.exe
2012-08-09 23:06 - 2012-08-09 23:05 - 00881494 ____A C:\Users\Clinic 123\Downloads\SecurityCheck.exe
2012-08-08 17:18 - 2012-07-27 04:18 - 13548027 ____A C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
2012-08-07 17:02 - 2012-08-06 13:50 - 113307579 ____A C:\Users\Clinic 123\Downloads\OmidNoroozi_06_60KG_Amin-TopGoal.mkv
2012-08-05 01:27 - 2012-08-05 01:27 - 00033372 ____A C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
2012-08-04 07:39 - 2012-08-04 07:39 - 01174564 ____A C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
2012-08-03 04:30 - 2012-08-03 04:30 - 00741067 ____A C:\Users\Clinic 123\Downloads\Unconfirmed 39336 (1).crdownload
2012-08-03 03:44 - 2012-08-03 03:44 - 00407872 ____A C:\Users\Clinic 123\Desktop\iexplore.exe
2012-08-03 03:43 - 2012-08-03 03:42 - 00407872 ____A C:\Users\Clinic 123\Desktop\pkiller.exe
2012-08-03 03:29 - 2012-08-03 03:29 - 01144963 ____A C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
2012-08-02 03:25 - 2012-08-02 03:25 - 00455534 ____A C:\Users\Clinic 123\Downloads\PortBaz Server.zip
2012-08-02 02:57 - 2012-08-02 02:56 - 00527972 ____A C:\Users\Clinic 123\Downloads\93ixvsmkce49rqbjamct.zip
2012-07-31 04:30 - 2012-07-31 04:30 - 00019456 __ASH C:\Users\Clinic 123\Desktop\Thumbs.db
2012-07-31 04:30 - 2012-07-31 04:30 - 00018432 __ASH C:\Users\Clinic 123\Downloads\Thumbs.db
2012-07-31 04:27 - 2012-07-31 04:27 - 00000010 ____A C:\Users\Clinic 123\Desktop\New Text Document (3).txt
2012-07-29 17:10 - 2012-07-27 12:44 - 208951449 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.003
2012-07-28 17:12 - 2012-07-27 18:18 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.002
2012-07-28 09:30 - 2012-07-28 02:54 - 08373593 ____A C:\Users\Clinic 123\Downloads\Opening_Ceremony_2012_03_HDrip_Amin-TopGoal.mkv
2012-07-28 00:45 - 2012-07-28 00:44 - 02955776 ____A (Arya Rasaneh Tadbir/Shatel) C:\Users\Clinic 123\Downloads\CSAgent.exe
2012-07-27 18:18 - 2012-07-27 09:48 - 209715200 ____A C:\Users\Clinic 123\Downloads\Bd.Techr.BRR_ywarez.com.mkv.001
2012-07-27 05:07 - 2012-07-25 03:32 - 00000142 ____A C:\Users\Clinic 123\Desktop\New Text Document (2).txt
2012-07-26 02:35 - 2012-07-26 02:35 - 00112405 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.htm
2012-07-26 02:35 - 2012-07-26 02:35 - 00017835 ____A C:\Users\Clinic 123\Desktop\newstext.aspx.txt
2012-07-26 02:30 - 2012-07-26 02:30 - 00542963 ____A C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht
2012-07-23 02:14 - 2012-07-23 02:14 - 00063371 ____A C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm
2012-07-23 00:19 - 2012-07-23 00:17 - 07184042 ____A C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
2012-07-22 07:18 - 2012-07-22 07:04 - 13906796 ____A C:\Users\Clinic 123\Desktop\dump.log
2012-07-22 01:08 - 2012-07-22 01:05 - 11626496 ____A C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
2012-07-22 00:40 - 2012-07-22 00:37 - 13068288 ____A C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
2012-07-21 07:32 - 2012-07-21 07:32 - 00779887 ____A C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
2012-07-21 07:31 - 2012-07-21 07:31 - 00001125 ____A C:\Users\Public\Desktop\TeamViewer 7.lnk
2012-07-21 07:30 - 2012-07-21 07:29 - 04660082 ____A C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
2012-07-21 07:18 - 2012-07-21 07:18 - 00000000 ___AH C:\Users\Clinic 123\Documents\Default.rdp
2012-07-21 06:00 - 2012-07-21 06:00 - 01130052 ____A C:\Users\Clinic 123\Desktop\TehranMusic.zip
2012-07-21 01:42 - 2012-07-21 01:40 - 07629893 ____A C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
2012-07-20 16:38 - 2012-07-20 16:38 - 00002304 ____A C:\Users\Clinic 123\Desktop\Google Chrome.lnk
2012-07-19 11:34 - 2012-07-20 16:09 - 00003531 ____A C:\Users\Clinic 123\Desktop\sdoacg.txt
2012-07-19 02:06 - 2012-07-19 02:05 - 00858655 ____A C:\Users\Clinic 123\Desktop\36498273492.rar
2012-07-18 01:28 - 2012-07-18 01:28 - 00001964 ____A C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2012-07-14 08:14 - 2009-07-13 20:53 - 00032528 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-07-03 01:16 - 2012-08-11 00:17 - 00022344 ____A (Malwarebytes Corporation) C:\Windows\System32\Drivers\mbam.sys
2012-06-25 06:14 - 2012-06-25 06:14 - 01255711 ____A C:\Users\Clinic 123\Desktop\Ali Hosseini pour(88000096).zip
2012-06-25 06:14 - 2012-06-25 06:14 - 01096501 ____A C:\Users\Clinic 123\Desktop\Rasoul Shojaee 88000133.zip
2012-06-05 11:07 - 2012-06-05 11:07 - 00004096 ___AH C:\Users\Clinic 123\AppData\Local\keyfile3.drm
2012-06-05 10:46 - 2012-06-01 07:39 - 01839312 ____A C:\Users\Clinic 123\Desktop\Superconducting Machines.pptx
2012-06-04 08:35 - 2012-06-04 08:35 - 00003833 ____A C:\Users\Clinic 123\Desktop\NewOne1.pwd
2012-06-04 08:35 - 2012-06-04 08:35 - 00003833 ____A C:\Users\Clinic 123\Desktop\newcase.pwd
2012-06-01 07:23 - 2012-06-01 07:23 - 00002645 ____A C:\Users\Clinic 123\Desktop\Microsoft Office PowerPoint 2007.lnk
2012-06-01 05:46 - 2012-06-01 05:46 - 03463264 ____A C:\Users\Clinic 123\Desktop\Unfiled Notes.mht
2012-05-30 07:02 - 2012-05-30 07:02 - 00002015 ____A C:\Users\Clinic 123\Desktop\Simulator 15 Edu-Eval.lnk

ZeroAccess:
C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}
C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L
C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U

ZeroAccess:
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\L
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U

========================= Known DLLs (Whitelisted) ============

========================= Bamital & volsnap Check ============

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe A302BBFF2A7278C0E239EE5D471D86A9 ZeroAccess <==== ATTENTION!.
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ======================

Percentage of memory in use: 21%
Total physical RAM: 2047.55 MB
Available physical RAM: 1615.18 MB
Total Pagefile: 2047.55 MB
Available Pagefile: 1622.36 MB
Total Virtual: 2047.88 MB
Available Virtual: 1968.7 MB

======================= Partitions =========================

2 Drive c: (Win 7) (Fixed) (Total:73.14 GB) (Free:26.3 GB) NTFS
3 Drive d: (Family) (Fixed) (Total:15.01 GB) (Free:8.16 GB) NTFS
4 Drive e: (Aliano) (Fixed) (Total:196.23 GB) (Free:26.93 GB) NTFS
5 Drive f: (Aliano) (Fixed) (Total:44.68 GB) (Free:20.16 GB) NTFS
6 Drive g: (Aliano) (Fixed) (Total:44.68 GB) (Free:26.62 GB) NTFS
7 Drive h: (Aliano) (Fixed) (Total:44.66 GB) (Free:7.65 GB) NTFS
8 Drive j: (Aliano) (Fixed) (Total:196.29 GB) (Free:29.6 GB) NTFS
11 Drive m: (ALIANO) (Removable) (Total:1.88 GB) (Free:1.35 GB) FAT32
12 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
13 Drive y: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 1024 KB
Disk 1 Online 149 GB 15 MB
Disk 2 Online 1926 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 73 GB 101 MB
Partition 3 Primary 196 GB 73 GB
Partition 0 Extended 196 GB 269 GB
Partition 4 Logical 196 GB 269 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 Y System Rese NTFS Partition 100 MB Healthy

==================================================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 C Win 7 NTFS Partition 73 GB Healthy

==================================================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 J Aliano NTFS Partition 196 GB Healthy

==================================================================================

Disk: 0
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 E Aliano NTFS Partition 196 GB Healthy

==================================================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 15 GB 31 KB
Partition 0 Extended 134 GB 15 GB
Partition 2 Logical 44 GB 15 GB
Partition 3 Logical 44 GB 59 GB
Partition 4 Logical 44 GB 104 GB

==================================================================================

Disk: 1
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 D Family NTFS Partition 15 GB Healthy

==================================================================================

Disk: 1
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 7 F Aliano NTFS Partition 44 GB Healthy

==================================================================================

Disk: 1
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 8 G Aliano NTFS Partition 44 GB Healthy

==================================================================================

Disk: 1
Partition 4
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 9 H Aliano NTFS Partition 44 GB Healthy

==================================================================================

Partitions of Disk 2:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1926 MB 31 KB

==================================================================================

Disk: 2
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 10 M ALIANO FAT32 Removable 1926 MB Healthy

==================================================================================

Last Boot: 2012-08-06 12:55

======================= End Of Log ==========================

===========================================================================================
Serach.txt :

Farbar Recovery Scan Tool Version: 15-08-2012
Ran by SYSTEM at 2012-08-15 23:43:22
Running from M:\

================== Search: "services.exe" ===================

C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) 5F1B6A9C35D3D5CA72D6D6FDEF9747D6

C:\Windows\System32\services.exe
[2009-07-13 15:11] - [2009-07-13 17:14] - 0259072 ____A (Microsoft Corporation) A302BBFF2A7278C0E239EE5D471D86A9

=== End Of Search ===

Broni · Aug 15, 2012

Download attached fixlist.txt file and save it to the very same USB flash drive you've been using. Plug the drive back in.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

On Vista or Windows 7: Now please enter System Recovery Options.
On Windows XP: Now please boot into the UBCD.
Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the flashdrive (Fixlog.txt) please post it to your reply.

Next...

Restart normally.

Please download ComboFix from Here, Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
Close any open browsers.
WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.

NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.

When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG and CA Internet Security (Total Defense Internet Security) users: ComboFix will not run until AVG/CA Internet Security is uninstalled as a protective measure against the anti-virus. This is because AVG/CA Internet Security "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG/CA Internet Security cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG/CA Internet Security first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.
**Note 4: Some infections may take some significant time to be cured. As long as your computer clock is running Combofix is still working. Be patient.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try the following...

Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.
Download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

http://download.bleepingcomputer.com/grinler/beta/rkill.exe
http://download.bleepingcomputer.com/grinler/beta/iExplore.exe

Restart computer in safe mode

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

When the scan is done Notepad will open with rKill.txt log.
NOTE. rKill.txt log will also be present on your desktop.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

IF you had to run rKill post BOTH logs, rKill.txt and Combofix.txt.

aliano · Aug 16, 2012

Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 15-08-2012
Ran by SYSTEM at 2012-08-16 13:32:54 Run:1
Running from M:\

==============================================

HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Session Manager\SubSystems\\Windows No ZeroAccess entry found.
C:\Windows\System32\consrv.dll not found.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ Default Value restored successfully.
C:\Windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818} moved successfully.
C:\Users\Clinic 123\AppData\Local\{b98dba18-425c-8c2a-57c6-2bcee49d7818} moved successfully.
C:\Windows\System32\services.exe moved successfully.
C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe copied successfully to C:\Windows\System32\services.exe

==== End of Fixlog ====

=============================================================================================

ComboFix 12-08-16.01 - Clinic 123 08/16/2012 13:51:18.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.2048.1299 [GMT 4.5:30]
Running from: c:\users\Clinic 123\Desktop\ComboFix.exe
AV: ESET Smart Security 4.2 *Disabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 4.2 *Disabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\sysapp
c:\programdata\sysapp\icon1_48_ico_rgba.ico
c:\programdata\sysapp\Ionic.Zip.Reduced.dll
c:\programdata\sysapp\Janus.Data.v3.dll
c:\programdata\sysapp\Janus.Windows.Common.v3.dll
c:\programdata\sysapp\Janus.Windows.GridEX.v3.dll
c:\programdata\sysapp\NDde.dll
c:\programdata\sysapp\SysAppInstaller.exe
c:\programdata\sysapp\SysAppInstaller.exe.config
c:\programdata\sysapp\SysDir.exe
c:\programdata\sysapp\SysDir.exe.config
c:\programdata\sysapp\SysDir.InstallState
c:\programdata\sysapp\TheBestLicence.rtf
c:\windows\Help\hp1100.hlp
c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\@
c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\n
c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\00000001.@
c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\80000000.@
c:\windows\Installer\{b98dba18-425c-8c2a-57c6-2bcee49d7818}\U\800000cb.@
.
.
((((((((((((((((((((((((( Files Created from 2012-07-16 to 2012-08-16 )))))))))))))))))))))))))))))))
.
.
2012-08-16 09:35 . 2012-08-16 09:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-16 07:40 . 2012-08-16 07:40 -------- d-----w- C:\FRST
2012-08-15 14:49 . 2012-08-15 14:49 -------- d-----w- c:\programdata\SysDll
2012-08-15 14:49 . 2012-08-15 14:49 -------- d-----w- c:\programdata\SysDir
2012-08-11 08:18 . 2012-08-11 08:18 -------- d-----w- c:\users\Clinic 123\AppData\Roaming\Malwarebytes
2012-08-11 08:17 . 2012-08-11 08:17 -------- d-----w- c:\programdata\Malwarebytes
2012-08-11 08:17 . 2012-08-11 08:17 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-11 08:17 . 2012-07-03 09:16 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-09 09:25 . 2012-08-09 09:29 -------- d-----w- c:\windows\system32\DBBK
2012-08-03 14:05 . 2012-08-03 14:05 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-07-27 15:03 . 2012-07-28 09:20 -------- d-----w- c:\program files\Throttle
2012-07-27 14:28 . 2012-07-27 14:28 -------- d-----w- c:\program files\Your Freedom
2012-07-21 15:31 . 2012-07-21 15:31 -------- d-----w- c:\users\Clinic 123\temp
2012-07-21 15:31 . 2012-07-21 15:31 -------- d-----w- c:\program files\TeamViewer
2012-07-19 10:07 . 2012-07-19 10:07 -------- d-----w- c:\users\Clinic 123\AppData\Local\Programs
2012-07-18 09:29 . 2012-07-18 09:29 -------- d-----w- c:\users\Clinic 123\AppData\Local\ArcSoft
2012-07-18 09:29 . 2012-07-18 09:29 -------- d-----w- c:\programdata\ArcSoft
2012-07-18 09:28 . 2012-07-20 09:30 -------- d-----w- c:\users\Clinic 123\AppData\Roaming\ArcSoft
2012-07-18 09:28 . 2006-11-10 10:35 18688 ----a-w- c:\windows\system32\drivers\afc.sys
2012-07-18 09:27 . 2012-07-18 09:27 -------- d-----w- c:\program files\ArcSoft
2012-07-18 09:27 . 2012-07-18 09:28 -------- d-----w- c:\program files\Common Files\ArcSoft
2012-07-18 09:27 . 2005-04-27 12:06 245408 ----a-w- c:\windows\system32\unicows.dll
2012-07-18 09:25 . 2001-09-04 23:48 225280 ------w- c:\program files\Common Files\InstallShield\IScript\iscript.dll
2012-07-18 09:25 . 2001-09-04 23:44 176128 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2012-07-18 09:25 . 2001-09-04 23:43 32768 ------w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2012-07-18 09:25 . 2001-09-04 23:48 77824 ----a-w- c:\program files\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2012-07-18 09:24 . 2012-07-18 09:24 -------- d-----w- c:\program files\My Company Name
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2006-01-23 07:02 . 2006-01-23 07:02 131072 ----a-w- c:\program files\internet explorer\plugins\LV80ActiveXControl.dll
2006-06-07 11:10 . 2006-06-07 11:10 132848 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2011-11-21 04:04 . 2012-03-25 17:19 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-02-08 00:49 22376 ----a-w- c:\program files\Internet Download Manager\IDMShellExt.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2012-04-23 3487128]
"GoldenDict"="c:\program files\GoldenDict\GoldenDict.exe" [2010-12-04 2411520]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-25 98304]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-30 9210400]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-01-29 52392]
"ToolBoxFX"="c:\program files\HP\ToolBoxFX\bin\HPTLBXFX.exe" [2007-08-28 53248]
"hpbdfawep"="c:\program files\HP\Dfawep\bin\hpbdfawep.exe" [2007-04-25 954368]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 49152]
"HPUsageTracking"="c:\program files\HP\HP UT\bin\hppusg.exe" [2007-05-08 36864]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2010-08-12 2215064]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-03-18 207360]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
TMMonitor.lnk - c:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2012-7-18 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Clinic 123^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\users\Clinic 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
c:\program files\Common Files\Nokia\MPlatform\NokiaMServer [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
2010-08-20 11:03 33120 ----a-w- c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent]
2011-04-08 05:20 1406248 ----a-w- c:\program files\Nero\Nero 10\Nero BackItUp\NBAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2005-01-01 15:30 155648 ----a-w- c:\windows\System32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
2008-12-03 06:03 2372840 ----a-w- c:\program files\Nokia\Nokia Music\NokiaMusic.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia Home Server Manager]
2009-01-30 04:54 558080 ----a-w- c:\program files\Nokia\Nokia Home Media Server\NHSM.exe
.
R2 Cadence License Manager;Cadence License Manager;c:\orcad\license_manager\lmgrd.exe [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan60.sys [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys [x]
R3 TwonkyMedia;TwonkyMedia;c:\program files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe [x]
R4 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 fmsg;fmsg;c:\windows\system32\DRIVERS\fmsg.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW73.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\Drivers\UsbFltr.sys [x]
S3 VLAN;Realtek Virtual Miniport Driver for VLAN (NDIS 6.2);c:\windows\system32\DRIVERS\RtVLAN60.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
IE: Download all links with IDM - c:\program files\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - c:\program files\Internet Download Manager\IEExt.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: network.proxy.ftp - localhost
FF - prefs.js: network.proxy.ftp_port - 8080
FF - prefs.js: network.proxy.http - localhost
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.socks - localhost
FF - prefs.js: network.proxy.socks_port - 1080
FF - prefs.js: network.proxy.ssl - localhost
FF - prefs.js: network.proxy.ssl_port - 8080
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKLM-Run-HPPQVideo - c:\program files\HP\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe -r SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.* 3*g*p*\OpenWithList]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000_Classes\CLSID\{5ab2e88b-ebc8-4922-997f-b850224ea2e0}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000096
"Therad"=dword:0000001b
.
[HKEY_USERS\S-1-5-21-3649482752-44363841-3366599895-1000_Classes\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
"scansk"=hex(0):38,52,7f,0d,4b,3a,00,17,ac,1d,c9,30,7b,ca,04,99,fc,dc,43,29,56,
0c,d5,f5,6c,4c,ac,db,e5,85,5f,50,10,c8,53,9e,0c,9c,79,c4,00,00,00,00,00,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(6116)
c:\windows\System32\netshell.dll
c:\windows\system32\imapi2.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2012-08-16 14:14:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-16 09:44
.
Pre-Run: 27,884,740,608 bytes free
Post-Run: 32,685,346,816 bytes free
.
- - End Of File - - 9FCAE1A4C85D72104C6E99D6D879108F

Broni · Aug 16, 2012

Looks good

Any current issues?

==========================.

Download Malwarebytes' Anti-Malware (MBAM): http://www.malwarebytes.org/products/malwarebytes_free to your desktop.
NOTE. If you already have MBAM installed, update it before running the scan.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer IF MBAM asks you to do so.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

===========================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

aliano · Aug 16, 2012

Malwarebytes Anti-Malware (Trial) 1.62.0.1300
www.malwarebytes.org

Database version: v2012.08.16.06

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
Clinic 123 :: CLINIC123-PC [administrator]

Protection: Enabled

8/16/2012 10:02:32 PM
mbam-log-2012-08-16 (22-02-32).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 197025
Time elapsed: 10 minute(s), 27 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
===========================================================================================

During OTL quick scan this error occured:"list index bound" and scanning process stopped with no log

Broni · Aug 16, 2012

Delete your OTL file download new one, disable your AV program and try again.

aliano · Aug 17, 2012

Delete your OTL file download new one, disable your AV program and try again.

I downloaded new OTL and disabled my AV but the error "list index out of bounds(21)" occurred again

Broni · Aug 17, 2012

See if you can run it from safe mode.

aliano · Aug 17, 2012

OTL logfile created on: 8/17/2012 9:25:57 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Clinic 123\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.17 Gb Available Physical Memory | 58.37% Memory free
4.00 Gb Paging File | 3.19 Gb Available in Paging File | 79.82% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 73.14 Gb Total Space | 29.72 Gb Free Space | 40.63% Space Free | Partition Type: NTFS
Drive D: | 196.29 Gb Total Space | 29.52 Gb Free Space | 15.04% Space Free | Partition Type: NTFS
Drive E: | 196.23 Gb Total Space | 26.93 Gb Free Space | 13.73% Space Free | Partition Type: NTFS
Drive F: | 15.01 Gb Total Space | 8.16 Gb Free Space | 54.39% Space Free | Partition Type: NTFS
Drive G: | 44.68 Gb Total Space | 23.67 Gb Free Space | 52.97% Space Free | Partition Type: NTFS
Drive I: | 44.68 Gb Total Space | 33.87 Gb Free Space | 75.79% Space Free | Partition Type: NTFS
Drive J: | 44.66 Gb Total Space | 9.88 Gb Free Space | 22.12% Space Free | Partition Type: NTFS

Computer Name: CLINIC123-PC | User Name: Clinic 123 | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/08/17 00:42:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
PRC - [2012/02/02 14:31:08 | 002,668,864 | ---- | M] (DT Soft Ltd) -- C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
PRC - [2009/07/14 05:44:20 | 002,613,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe

========== Modules (No Company Name) ==========

========== Win32 Services (SafeList) ==========

SRV - [2012/07/03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/07/02 15:03:28 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Stopped] -- C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2010/08/26 06:27:04 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/08/12 14:18:40 | 000,033,584 | ---- | M] (ESET) [On_Demand | Stopped] -- C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe -- (EhttpSrv)
SRV - [2010/08/12 14:16:26 | 000,810,144 | ---- | M] (ESET) [Auto | Stopped] -- C:\Program Files\ESET\ESET Smart Security\ekrn.exe -- (ekrn)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009/12/24 02:04:20 | 000,370,688 | ---- | M] (StarWind Software) [Auto | Stopped] -- C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe -- (StarWindServiceAE)
SRV - [2009/07/14 05:46:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 05:46:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 05:45:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/01/29 20:24:44 | 000,102,400 | ---- | M] (PacketVideo) [On_Demand | Stopped] -- C:\Program Files\Nokia\Nokia Home Media Server\Media Server\twonkymedia.exe -- (TwonkyMedia)
SRV - [2008/11/11 09:38:06 | 000,620,544 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2007/03/18 13:36:36 | 001,327,104 | ---- | M] (Macrovision Corporation) [Auto | Stopped] -- C:\OrCAD\license_manager\lmgrd.exe -- (Cadence License Manager)
SRV - [2006/07/25 18:28:16 | 000,200,704 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe -- (NIDomainService)
SRV - [2006/07/25 18:28:10 | 000,057,344 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lktsrv.exe -- (lkTimeSync)
SRV - [2006/07/25 18:28:02 | 000,045,056 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkads.exe -- (lkClassAds)
SRV - [2006/06/27 20:55:28 | 001,007,616 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe -- (NILM License Manager)
SRV - [2006/06/19 15:01:52 | 000,688,190 | ---- | M] (National Instruments, Inc.) [Auto | Stopped] -- C:\Windows\System32\lkcitdl.exe -- (LkCitadelServer)
SRV - [2006/02/06 17:46:42 | 000,049,152 | ---- | M] (National Instruments Corp.) [Auto | Stopped] -- C:\Windows\System32\nisvcloc.exe -- (niSvcLoc)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\UIUSYS.SYS -- (UIUSys)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\CLINIC~1\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/04/23 15:56:26 | 000,096,056 | ---- | M] (Tonec Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\idmwfp.sys -- (IDMWFP)
DRV - [2012/03/31 12:40:14 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2011/07/02 12:22:12 | 000,278,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2011/07/02 12:22:11 | 000,025,416 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011/05/06 16:20:57 | 000,011,264 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\System32\drivers\fmsg.sys -- (fmsg)
DRV - [2011/04/26 16:58:44 | 000,145,920 | ---- | M] (ITE ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IT9135BDA.sys -- (IT9135BDA)
DRV - [2010/11/09 15:35:30 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cpuz135_x32.sys -- (cpuz135)
DRV - [2010/08/26 08:06:28 | 006,380,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2010/08/26 05:50:36 | 000,221,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2010/07/29 13:31:26 | 000,136,632 | ---- | M] (ESET) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\eamonm.sys -- (eamonm)
DRV - [2010/07/29 13:31:26 | 000,134,512 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfw.sys -- (epfw)
DRV - [2010/07/29 13:31:26 | 000,115,008 | ---- | M] (ESET) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ehdrv.sys -- (ehdrv)
DRV - [2010/07/29 13:31:26 | 000,041,336 | ---- | M] (ESET) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\epfwwfp.sys -- (epfwwfp)
DRV - [2010/07/29 13:31:26 | 000,032,608 | ---- | M] (ESET) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\epfwndis.sys -- (Epfwndis)
DRV - [2010/07/15 17:17:36 | 000,101,904 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2010/01/29 11:40:04 | 000,082,320 | ---- | M] (EZB Systems, Inc.) [File_System | System | Stopped] -- C:\Program Files\UltraISO\drivers\ISODrive.sys -- (ISODrive)
DRV - [2009/12/21 20:00:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (TEAM)
DRV - [2009/12/21 20:00:30 | 000,043,520 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV - [2009/07/20 06:56:40 | 000,027,648 | ---- | M] (Realtek ) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV - [2009/07/14 05:49:10 | 000,175,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2009/07/14 05:49:10 | 000,040,896 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2009/07/14 05:49:10 | 000,028,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2009/07/14 04:21:11 | 000,034,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009/07/14 03:58:47 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/07/14 03:58:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2009/07/14 02:32:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008/09/15 07:56:34 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2008/09/15 07:56:24 | 000,022,016 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2008/09/15 07:56:24 | 000,017,664 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2008/09/15 07:56:24 | 000,008,064 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/12/03 06:49:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtVlan60.sys -- (VLAN)
DRV - [2007/12/03 06:49:42 | 000,019,968 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtVlan60.sys -- (RTVLANPT)
DRV - [2007/04/09 09:50:34 | 000,009,600 | ---- | M] (Waytech Development, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\UsbFltr.sys -- (UsbFltr)
DRV - [2006/11/10 15:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006/07/27 11:00:00 | 000,004,096 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\cvintdrv.sys -- (cvintdrv)
DRV - [1998/07/22 13:44:26 | 000,064,512 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SENTINEL.SYS -- (Sentinel)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = EE 49 09 57 53 7C CD 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "www.google.com"
FF - prefs.js..network.proxy.ftp: "localhost"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "localhost"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.socks: "localhost"
FF - prefs.js..network.proxy.socks_port: 1080
FF - prefs.js..network.proxy.ssl: "localhost"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/03/25 21:49:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird [2011/06/01 23:15:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5 [2012/07/28 14:15:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\SeaMonkey\Extensions\\mozilla_cc@internetdownloadmanager.com: C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5 [2012/07/28 14:15:12 | 000,000,000 | ---D | M]

[2012/03/25 21:52:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clinic 123\AppData\Roaming\mozilla\Extensions
[2012/07/26 14:59:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clinic 123\AppData\Roaming\mozilla\Firefox\Profiles\2yxm0cjs.default\extensions
[2012/03/25 21:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/28 14:15:12 | 000,000,000 | ---D | M] (IDM CC) -- C:\USERS\CLINIC 123\APPDATA\ROAMING\IDM\IDMMZCC5
[2012/07/26 14:59:17 | 000,324,289 | ---- | M] () (No name found) -- C:\USERS\CLINIC 123\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\2YXM0CJS.DEFAULT\EXTENSIONS\{F759CA51-3A91-4DD1-AE78-9DB5EEE9EBF0}.XPI
[2011/11/21 08:34:51 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/11/21 05:34:05 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011/11/21 05:34:05 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google

riginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Clinic 123\AppData\Local\Google\Chrome\Application\16.0.912.63\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: YouTube = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2_0\
CHR - Extension: Google Search = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.14_0\
CHR - Extension: Gmail = C:\Users\Clinic 123\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\6.1.3_0\

O1 HOSTS File: ([2012/08/16 14:09:50 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (IDM integration (IDMIEHlprObj Class)) - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll (Internet Download Manager, Tonec Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [egui] C:\Program Files\ESET\ESET Smart Security\egui.exe (ESET)
O4 - HKLM..\Run: [hpbdfawep] C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe ()
O4 - HKLM..\Run: [HPUsageTracking] C:\Program Files\HP\HP UT\bin\hppusg.exe ()
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [ToolBoxFX] C:\Program Files\HP\ToolBoxFX\bin\HPTLBXFX.exe (HP)
O4 - HKCU..\Run: [GoldenDict] C:\Program Files\GoldenDict\GoldenDict.exe (GoldenDict)
O4 - HKCU..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe (Tonec Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm ()
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9FBDE429-3DB3-46F4-A9A6-04E8B6F905A7}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/05/10 21:06:02 | 000,000,024 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/08/17 00:42:18 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
[2012/08/16 14:13:38 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012/08/16 13:48:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/08/16 13:48:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/08/16 13:48:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/08/16 13:47:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/08/16 13:37:56 | 004,731,953 | R--- | C] (Swearware) -- C:\Users\Clinic 123\Desktop\ComboFix.exe
[2012/08/16 12:10:19 | 000,000,000 | ---D | C] -- C:\FRST
[2012/08/15 19:19:56 | 000,000,000 | ---D | C] -- C:\ProgramData\SysDll
[2012/08/15 19:19:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SysDir
[2012/08/15 19:17:42 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com
[2012/08/15 16:03:57 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\RK_Quarantine
[2012/08/15 00:45:13 | 000,607,260 | R--- | C] (Swearware) -- C:\Users\Clinic 123\Desktop\dds.com
[2012/08/11 13:38:44 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Clinic 123\Desktop\aswMBR.exe
[2012/08/11 12:48:03 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Roaming\Malwarebytes
[2012/08/11 12:47:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/11 12:47:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/11 12:47:06 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/08/11 12:47:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/08/10 12:34:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/08/10 11:37:04 | 002,136,664 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Clinic 123\Desktop\tdsskiller.exe
[2012/08/09 13:55:13 | 000,000,000 | ---D | C] -- C:\Windows\System32\DBBK
[2012/08/03 18:35:01 | 000,000,000 | -HSD | C] -- C:\Windows\System32\%APPDATA%
[2012/07/27 19:33:51 | 000,000,000 | ---D | C] -- C:\Program Files\Throttle
[2012/07/27 18:58:37 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Your Freedom
[2012/07/27 18:58:20 | 000,000,000 | ---D | C] -- C:\Program Files\Your Freedom
[2012/07/26 15:05:16 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\newstext.aspx_files
[2012/07/21 20:01:28 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\temp
[2012/07/21 20:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012/07/21 19:53:43 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\Desktop\Remote Desktop Limitation
[2012/07/19 14:37:58 | 000,000,000 | ---D | C] -- C:\Users\Clinic 123\AppData\Local\Programs

========== Files - Modified Within 30 Days ==========

[2012/08/17 21:24:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/08/17 21:24:13 | 1610,260,480 | -HS- | M] () -- C:\hiberfil.sys
[2012/08/17 20:29:00 | 000,024,805 | ---- | M] () -- C:\Windows\deff1.dat
[2012/08/17 19:17:01 | 000,000,326 | ---- | M] () -- C:\Windows\tasks\HP WEP.job
[2012/08/17 16:48:57 | 000,106,626 | ---- | M] () -- C:\Users\Clinic 123\Desktop\list index out of bounds.jpg
[2012/08/17 13:10:39 | 000,670,648 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/08/17 13:10:39 | 000,124,646 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/08/17 13:10:02 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 13:10:02 | 000,014,192 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/08/17 04:50:09 | 042,164,986 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi
[2012/08/17 04:39:29 | 010,707,706 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.003
[2012/08/17 04:34:56 | 015,728,640 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.002
[2012/08/17 00:42:50 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Clinic 123\Desktop\OTL.exe
[2012/08/16 17:45:34 | 011,131,285 | ---- | M] () -- C:\Users\Clinic 123\Desktop\DVBViewer.Pro.v4.5.0.0.MULTILINGUAL.REPACK-CRD.rar
[2012/08/16 14:09:50 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/08/16 13:39:37 | 004,731,953 | R--- | M] (Swearware) -- C:\Users\Clinic 123\Desktop\ComboFix.exe
[2012/08/15 20:22:06 | 000,001,472 | ---- | M] () -- C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
[2012/08/15 19:19:42 | 000,001,725 | ---- | M] () -- C:\Users\Clinic 123\Desktop\SysDir.lnk
[2012/08/15 16:10:24 | 000,000,512 | ---- | M] () -- C:\Users\Clinic 123\Desktop\MBR.dat
[2012/08/15 16:03:02 | 001,558,528 | ---- | M] () -- C:\Users\Clinic 123\Desktop\RogueKiller.exe
[2012/08/15 01:43:41 | 015,728,640 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
[2012/08/15 00:46:04 | 000,607,260 | R--- | M] (Swearware) -- C:\Users\Clinic 123\Desktop\dds.com
[2012/08/14 14:14:55 | 000,302,592 | ---- | M] () -- C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
[2012/08/12 17:21:02 | 000,000,116 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012/08/11 13:40:59 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Clinic 123\Desktop\aswMBR.exe
[2012/08/11 12:47:08 | 000,001,072 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/10 14:42:56 | 000,058,654 | ---- | M] () -- C:\Users\Clinic 123\Desktop\rrr.jpg
[2012/08/10 14:40:35 | 000,169,700 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Untitldded.jpg
[2012/08/10 11:38:03 | 002,136,664 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Clinic 123\Desktop\tdsskiller.exe
[2012/08/09 14:39:30 | 000,378,274 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Untiwwwtled.jpg
[2012/08/09 05:48:29 | 013,548,027 | ---- | M] () -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
[2012/08/07 13:55:11 | 000,045,046 | ---- | M] () -- C:\Users\Clinic 123\Desktop\68073514757564361027.jpg
[2012/08/05 13:57:21 | 000,033,372 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
[2012/08/04 20:09:06 | 001,174,564 | ---- | M] () -- C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
[2012/08/03 16:14:38 | 000,407,872 | ---- | M] () -- C:\Users\Clinic 123\Desktop\iexplore.exe
[2012/08/03 16:13:04 | 000,407,872 | ---- | M] () -- C:\Users\Clinic 123\Desktop\pkiller.exe
[2012/08/03 15:59:07 | 001,144,963 | ---- | M] () -- C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
[2012/07/30 14:41:19 | 003,590,834 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Muse - Survival.mp3
[2012/07/26 15:05:16 | 000,112,405 | ---- | M] () -- C:\Users\Clinic 123\Desktop\newstext.aspx.htm
[2012/07/25 20:38:51 | 000,037,101 | ---- | M] () -- C:\Users\Clinic 123\Desktop\sudoku.jpg
[2012/07/25 00:58:08 | 005,221,440 | ---- | M] () -- C:\Users\Clinic 123\Desktop\simorgh.mp3
[2012/07/23 13:11:58 | 003,314,315 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Hit That Jive.mp3
[2012/07/23 13:10:41 | 002,817,359 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Ain't no grave (Johnny Cash).mp3
[2012/07/23 12:49:39 | 007,184,042 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
[2012/07/22 13:38:20 | 011,626,496 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
[2012/07/22 13:10:33 | 013,068,288 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
[2012/07/21 20:02:24 | 000,779,887 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
[2012/07/21 20:01:24 | 000,001,125 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/21 20:00:10 | 004,660,082 | ---- | M] () -- C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
[2012/07/21 19:48:27 | 000,000,000 | -H-- | M] () -- C:\Users\Clinic 123\Documents\Default.rdp
[2012/07/21 18:30:34 | 001,130,052 | ---- | M] () -- C:\Users\Clinic 123\Desktop\TehranMusic.zip
[2012/07/21 14:12:57 | 007,629,893 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
[2012/07/21 05:08:34 | 000,002,304 | ---- | M] () -- C:\Users\Clinic 123\Desktop\Google Chrome.lnk
[2012/07/19 14:36:25 | 000,858,655 | ---- | M] () -- C:\Users\Clinic 123\Desktop\36498273492.rar
[2012/07/19 14:24:19 | 000,051,504 | -HS- | M] () -- C:\Users\Clinic 123\Desktop\Folder.jpg
[2012/07/19 14:24:19 | 000,009,690 | -HS- | M] () -- C:\Users\Clinic 123\Desktop\AlbumArtSmall.jpg

========== Files Created - No Company Name ==========

[2012/08/17 16:48:57 | 000,106,626 | ---- | C] () -- C:\Users\Clinic 123\Desktop\list index out of bounds.jpg
[2012/08/17 13:15:18 | 000,000,326 | ---- | C] () -- C:\Windows\tasks\HP WEP.job
[2012/08/17 04:50:06 | 042,164,986 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi
[2012/08/16 17:42:27 | 011,131,285 | ---- | C] () -- C:\Users\Clinic 123\Desktop\DVBViewer.Pro.v4.5.0.0.MULTILINGUAL.REPACK-CRD.rar
[2012/08/16 13:48:30 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/08/16 13:48:30 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/08/16 13:48:30 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/08/16 13:48:30 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/08/16 13:48:30 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/08/15 20:22:06 | 000,001,472 | ---- | C] () -- C:\Users\Clinic 123\Desktop\iexplore.exe - Shortcut.lnk
[2012/08/15 19:19:42 | 000,001,725 | ---- | C] () -- C:\Users\Clinic 123\Desktop\SysDir.lnk
[2012/08/15 16:10:24 | 000,000,512 | ---- | C] () -- C:\Users\Clinic 123\Desktop\MBR.dat
[2012/08/15 16:02:03 | 001,558,528 | ---- | C] () -- C:\Users\Clinic 123\Desktop\RogueKiller.exe
[2012/08/15 01:10:27 | 010,707,706 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.003
[2012/08/15 01:10:21 | 015,728,640 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.002
[2012/08/15 01:10:13 | 015,728,640 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Ehsan+Hadadi-'s+Trophy1.avi.001
[2012/08/14 14:14:08 | 000,302,592 | ---- | C] () -- C:\Users\Clinic 123\Desktop\yo6e5e1h.exe
[2012/08/11 12:47:08 | 000,001,072 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012/08/10 14:42:55 | 000,058,654 | ---- | C] () -- C:\Users\Clinic 123\Desktop\rrr.jpg
[2012/08/10 14:40:35 | 000,169,700 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Untitldded.jpg
[2012/08/09 14:39:30 | 000,378,274 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Untiwwwtled.jpg
[2012/08/07 13:55:09 | 000,045,046 | ---- | C] () -- C:\Users\Clinic 123\Desktop\68073514757564361027.jpg
[2012/08/05 13:57:18 | 000,033,372 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Payment Gateway-Result Page.mht
[2012/08/04 20:09:00 | 001,174,564 | ---- | C] () -- C:\Users\Clinic 123\Desktop\2011 World Wrestling Championships - Wikipedia, the free encyclopedia.mht
[2012/08/03 16:14:33 | 000,407,872 | ---- | C] () -- C:\Users\Clinic 123\Desktop\iexplore.exe
[2012/08/03 16:12:49 | 000,407,872 | ---- | C] () -- C:\Users\Clinic 123\Desktop\pkiller.exe
[2012/08/03 16:00:17 | 000,072,268 | ---- | C] () -- C:\Users\Clinic 123\Desktop\procexp.chm
[2012/08/03 15:59:03 | 001,144,963 | ---- | C] () -- C:\Users\Clinic 123\Desktop\ProcessExplorer.zip
[2012/07/30 14:40:31 | 003,590,834 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Muse - Survival.mp3
[2012/07/27 16:48:15 | 013,548,027 | ---- | C] () -- C:\Users\Clinic 123\Desktop\The.Best.Keylogger.3.53.Build.1009._MihanDownload.com.rar
[2012/07/26 15:05:16 | 000,112,405 | ---- | C] () -- C:\Users\Clinic 123\Desktop\newstext.aspx.htm
[2012/07/25 20:38:49 | 000,037,101 | ---- | C] () -- C:\Users\Clinic 123\Desktop\sudoku.jpg
[2012/07/25 00:56:38 | 005,221,440 | ---- | C] () -- C:\Users\Clinic 123\Desktop\simorgh.mp3
[2012/07/23 13:10:58 | 003,314,315 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Hit That Jive.mp3
[2012/07/23 13:09:56 | 002,817,359 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Django Unchained OST - Ain't no grave (Johnny Cash).mp3
[2012/07/23 12:47:43 | 007,184,042 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Chelsea 1-1 PSG_Kooora.com.avi
[2012/07/22 13:35:18 | 011,626,496 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Inter_2-1_Milan_Yaghoub2000.avi
[2012/07/22 13:07:00 | 013,068,288 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Inter_1-1_Milan_Yaghoub2000.avi
[2012/07/21 20:02:03 | 000,779,887 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Team_Viewer_Learn_Mihandownload.com.rar
[2012/07/21 20:01:24 | 000,001,137 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012/07/21 20:01:24 | 000,001,125 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012/07/21 19:59:00 | 004,660,082 | ---- | C] () -- C:\Users\Clinic 123\Desktop\TeamViewer.7.0.13852.Final_mihandownload.com.rar
[2012/07/21 19:48:27 | 000,000,000 | -H-- | C] () -- C:\Users\Clinic 123\Documents\Default.rdp
[2012/07/21 18:30:20 | 001,130,052 | ---- | C] () -- C:\Users\Clinic 123\Desktop\TehranMusic.zip
[2012/07/21 14:10:55 | 007,629,893 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Seattle Sounders 0-2 Chelsea.KoooRa.CoM.wmv
[2012/07/21 05:08:34 | 000,002,304 | ---- | C] () -- C:\Users\Clinic 123\Desktop\Google Chrome.lnk
[2012/07/19 14:35:46 | 000,858,655 | ---- | C] () -- C:\Users\Clinic 123\Desktop\36498273492.rar
[2012/07/19 14:24:19 | 000,051,504 | -HS- | C] () -- C:\Users\Clinic 123\Desktop\Folder.jpg
[2012/07/19 14:24:19 | 000,009,690 | -HS- | C] () -- C:\Users\Clinic 123\Desktop\AlbumArtSmall.jpg
[2012/06/05 23:37:41 | 000,004,096 | -H-- | C] () -- C:\Users\Clinic 123\AppData\Local\keyfile3.drm
[2012/04/06 15:11:38 | 000,251,904 | ---- | C] () -- C:\Windows\System32\orant71.dll
[2012/04/06 15:11:37 | 000,018,944 | ---- | C] ( ) -- C:\Windows\System32\implode.dll
[2012/04/06 15:00:27 | 000,000,000 | ---- | C] () -- C:\Windows\splash.INI
[2011/09/26 22:14:50 | 000,156,593 | ---- | C] () -- C:\Windows\hppins09.dat.temp
[2011/09/26 22:14:50 | 000,003,425 | ---- | C] () -- C:\Windows\hppmdl09.dat.temp
[2011/09/26 21:31:36 | 000,157,073 | ---- | C] () -- C:\Windows\System32\hppins09.dat
[2011/09/26 21:31:36 | 000,156,720 | ---- | C] () -- C:\Windows\hppins09.dat
[2011/09/16 09:35:08 | 000,000,252 | ---- | C] () -- C:\Windows\System32\AF15IRTBL.bin
[2011/09/15 15:27:53 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/09/15 15:27:48 | 000,650,752 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/09/15 15:27:48 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/09/15 15:27:47 | 000,074,752 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/09/02 19:12:24 | 000,074,703 | ---- | C] () -- C:\Windows\System32\mfc45.dll
[2011/08/22 02:32:03 | 000,000,374 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/08/22 02:18:38 | 000,903,168 | ---- | C] () -- C:\Windows\System32\mitmdl30.dll
[2011/08/22 02:18:38 | 000,110,080 | ---- | C] () -- C:\Windows\System32\lfpng60n.dll
[2011/08/22 02:18:38 | 000,046,080 | ---- | C] () -- C:\Windows\System32\lftif60n.dll
[2011/08/22 02:18:38 | 000,020,480 | ---- | C] () -- C:\Windows\System32\lfpsd60n.dll
[2011/08/22 02:18:38 | 000,019,968 | ---- | C] () -- C:\Windows\System32\lftga60n.dll
[2011/08/22 02:18:38 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwpg60n.dll
[2011/08/22 02:18:38 | 000,019,456 | ---- | C] () -- C:\Windows\System32\lfwmf60n.dll
[2011/08/22 02:18:37 | 000,176,128 | ---- | C] () -- C:\Windows\System32\lffax60n.dll
[2011/08/22 02:18:37 | 000,141,824 | ---- | C] () -- C:\Windows\System32\lfcmp60n.dll
[2011/08/22 02:18:37 | 000,023,552 | ---- | C] () -- C:\Windows\System32\lfpcx60n.dll
[2011/08/22 02:18:37 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfpct60n.dll
[2011/08/22 02:18:37 | 000,022,528 | ---- | C] () -- C:\Windows\System32\lfeps60n.dll
[2011/08/22 02:18:37 | 000,022,016 | ---- | C] () -- C:\Windows\System32\lfbmp60n.dll
[2011/08/22 02:18:37 | 000,018,432 | ---- | C] () -- C:\Windows\System32\lfmsp60n.dll
[2011/08/22 02:18:37 | 000,017,920 | ---- | C] () -- C:\Windows\System32\lfmac60n.dll
[2011/08/17 13:27:31 | 000,034,308 | ---- | C] () -- C:\Windows\System32\BASSMOD.dll
[2011/07/02 12:22:12 | 000,278,728 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2011/07/02 12:22:11 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2011/06/07 11:34:50 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011/06/06 19:36:37 | 000,073,471 | ---- | C] () -- C:\Windows\hpqins16.dat
[2011/05/27 10:59:43 | 000,000,146 | ---- | C] () -- C:\Windows\capture.INI
[2011/05/27 10:54:28 | 000,064,512 | ---- | C] () -- C:\Windows\System32\drivers\SENTINEL.SYS
[2011/05/27 10:54:28 | 000,017,408 | ---- | C] () -- C:\Windows\System32\RNBOVDD.DLL
[2011/05/26 17:49:20 | 000,688,443 | ---- | C] () -- C:\Windows\unins000.exe
[2011/05/26 17:49:20 | 000,002,393 | ---- | C] () -- C:\Windows\unins000.dat
[2011/05/24 20:17:24 | 000,002,158 | ---- | C] () -- C:\Windows\FONTSMRT.INI
[2011/05/24 20:17:06 | 000,000,415 | ---- | C] () -- C:\Windows\prntname.ini
[2011/05/24 20:16:51 | 000,000,076 | ---- | C] () -- C:\Windows\tmprn.ini
[2011/05/06 16:21:17 | 000,024,805 | ---- | C] () -- C:\Windows\deff1.dat
[2011/05/05 23:04:15 | 000,031,232 | ---- | C] () -- C:\Users\Clinic 123\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/05 22:53:20 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011/05/05 20:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/05/05 20:28:56 | 000,002,857 | ---- | C] () -- C:\Windows\System32\atipblag.dat

========== LOP Check ==========

[2011/08/19 15:05:26 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Acapela Group
[2011/08/20 13:30:04 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Babylon
[2011/05/08 14:16:46 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\COWON
[2012/03/31 12:42:03 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DAEMON Tools Pro
[2011/09/15 16:04:22 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DeepBurner
[2012/08/17 21:23:06 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\DMCache
[2011/05/11 21:04:45 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\ESET
[2012/08/17 21:17:47 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\GoldenDict
[2012/08/12 04:35:56 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\IDM
[2012/03/21 19:51:04 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\ImTOO
[2011/09/02 19:12:16 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\iolo
[2011/06/03 14:19:58 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\National Instruments
[2011/09/10 11:17:48 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Nokia
[2011/09/10 11:30:32 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Nseries
[2011/09/10 11:30:36 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\PC Suite
[2012/03/27 23:55:14 | 000,000,000 | ---D | M] -- C:\Users\Clinic 123\AppData\Roaming\Rovio
[2012/07/14 20:44:28 | 000,032,528 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2012/07/26 15:00:35 | 000,542,963 | ---- | M] ()(C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht) -- C:\Users\Clinic 123\Desktop\جدول مسابقات ورزشكاران ايراني.mht
[2012/07/26 15:00:30 | 000,542,963 | ---- | C] ()(C:\Users\Clinic 123\Desktop\???? ??????? ????????? ??????.mht) -- C:\Users\Clinic 123\Desktop\جدول مسابقات ورزشكاران ايراني.mht
[2012/07/23 14:44:30 | 000,063,371 | ---- | M] ()(C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است.htm
[2012/07/23 14:44:27 | 000,000,000 | ---D | M](C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است_files
[2012/07/23 14:44:25 | 000,063,371 | ---- | C] ()(C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???.htm) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است.htm
[2012/07/23 14:44:25 | 000,000,000 | ---D | C](C:\Users\Clinic 123\Desktop\??????-?????-?????????-??????-??-????-?????-???_files) -- C:\Users\Clinic 123\Desktop\برنامه-رقابت-ورزشکاران-ایرانی-در-لندن-چگونه-است_files
[2011/05/06 15:39:57 | 000,000,000 | ---D | M](C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی
[2011/05/06 15:39:57 | 000,000,000 | ---D | M](C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی
(C:\Users\Clinic 123\AppData\Local\???????_?????) -- C:\Users\Clinic 123\AppData\Local\حمیدرضا_محمدی

< End of report >

Broni · Aug 17, 2012

All clean

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:
- Internet Services
- Windows Firewall
- System Restore
- Security Center
- Windows Update
- Windows Defender
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

4. Please, run F-Secure Online Scanner

Disable your Antivirus program.
Checkmark I have read and accepted the license terms.
Click on Run Check button.
Quick scan (recommended) option will come pre-checked. Don't change it.
Click on Start button.
When scan is done, in Step 3: Clean the files, leave all settings as they're.
Click Next button.
Click Full report... button.
Copy report's content and paste it into your next reply.

aliano · Aug 18, 2012

Results of screen317's Security Check version 0.99.44
Windows 7 x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 8 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Windows Firewall Enabled!
ESET Smart Security 4.2
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.62.0.1300
CCleaner
Java(TM) 7 Update 3
Java version out of Date!
Adobe Flash Player 11.1.102.63
Adobe Reader 8 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
Google Chrome 16.0.912.63
Google Chrome 5.0.375.86
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamgui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````
=============================================================================================
Farbar Service Scanner Version: 06-08-2012
Ran by Clinic 123 (administrator) on 18-08-2012 at 01:57:34
Running from "C:\Users\Clinic 123\Downloads\Programs"
Microsoft Windows 7 Ultimate (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============
BITS Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of BITS. The value does not exist.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll
[2009-07-14 04:23] - [2009-07-14 05:45] - 0565760 ____A (Microsoft Corporation) 5CD996CECF45CBC3E8D109C86B82D69E

C:\Windows\system32\bfe.dll
[2009-07-14 04:24] - [2009-07-14 05:44] - 0493568 ____A (Microsoft Corporation) 85AC71C045CEB054ED48A7841AAE0C11

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll
[2009-07-14 03:53] - [2009-07-14 05:46] - 0125952 ____A (Microsoft Corporation) 5FD90ABDBFAEE85986802622CBB03446

C:\Windows\system32\vssvc.exe
[2009-07-14 03:54] - [2009-07-14 05:44] - 1025536 ____A (Microsoft Corporation) 7EA2BCD94D9CFAF4C556F5CC94532A6C

C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll
[2009-07-14 04:45] - [2009-07-14 05:46] - 1912832 ____A (Microsoft Corporation) A33408CC036F9C08142B11BE5E93F0A1

C:\Windows\system32\qmgr.dll
[2009-07-14 04:00] - [2009-07-14 05:46] - 0589312 ____A (Microsoft Corporation) 53F476476F55A27F580661BDE09C4EC4

C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit

**** End of log ****

Broni · Aug 18, 2012

Eset?

aliano · Aug 21, 2012

Please exempt me from F-Secure Online Scanning!I tried it but it f***** up at 10% update and I also have an internet account with finite traffic you know

Broni · Aug 21, 2012

Try this one. It should go faster.

Please run a BitDefender Online Scan

Disable your antivirus program.
Click Start Scanner button.
Click Free scan now button
Allow browser plug-in to be installed when prompted.
Click I Agree to agree to the EULA.
Please refrain from using the computer until the scan is finished.
When the scan is finished, click on View report.
Notepad will open with scan results.
Save the report to your desktop and post its content in your next reply.

aliano · Aug 22, 2012

QuickScan 32-bit v0.9.9.119
---------------------------
Scan date: Wed Aug 22 15:56:32 2012
Machine ID: F4608921

No infection found.
-------------------

Processes
---------
3972 C:\Program Files\HP\HP UT\bin\hppusg.exe
AMD External Events 1396 C:\Windows\System32\atieclxx.exe
AMD External Events 952 C:\Windows\System32\atiesrxx.exe
ArcSoft Connect 4088 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
ArcSoft Connect 1920 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
ArcSoft Connect 2552 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
Catalyst Control Centre 2884 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
Catalyst Control Centre 3828 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
DAEMON Tools Pro 3840 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
DVBViewer Pro Recording service 2004 C:\Program Files\DVBViewer\DVBVservice.exe
DVBViewer Recording Service Tray Applic 1432 C:\Program Files\DVBViewer\DVBVCtrl.exe
ESET Smart Security 3984 C:\Program Files\ESET\ESET Smart Security\egui.exe
ESET Smart Security 320 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
Firefox 2232 C:\Program Files\Mozilla Firefox\firefox.exe
Firefox 1516 C:\Program Files\Mozilla Firefox\plugin-container.exe
GoldenDict 2392 C:\Program Files\GoldenDict\GoldenDict.exe
hp digital imaging - hp all-in-one seri 3956 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
HP ToolboxFX 3904 C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
IEMonitor Application 1000 C:\Program Files\Internet Download Manager\IEMonitor.exe
Internet Download Manager (IDM) 336 C:\Program Files\Internet Download Manager\IDMan.exe
Java(TM) Platform SE Auto Updater 2 0 4044 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes Anti-Malware 4444 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
Microsoft® Windows® Operating System 4464 C:\Program Files\Windows Media Player\wmpnetwk.exe
Microsoft® Windows® Operating System 3452 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 516 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 604 C:\Windows\System32\csrss.exe
Microsoft® Windows® Operating System 672 C:\Windows\System32\lsm.exe
Microsoft® Windows® Operating System 644 C:\Windows\System32\services.exe
Microsoft® Windows® Operating System 292 C:\Windows\System32\smss.exe
Microsoft® Windows® Operating System 596 C:\Windows\System32\wininit.exe
Microsoft® Windows® Operating System 736 C:\Windows\System32\winlogon.exe
National Instruments Logos 1364 C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
National Instruments Logos 588 C:\Windows\System32\lkads.exe
National Instruments Logos 536 C:\Windows\System32\lkcitdl.exe
National Instruments Logos 376 C:\Windows\System32\lktsrv.exe
National Instruments Service Locator 1888 C:\Windows\System32\nisvcloc.exe
Pandora.TV service file 2144 C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
Realtek HD Audio Manager 3820 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
StarWind Alcohol Edition 2280 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
TeamViewer 2348 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
TMMonitor 2464 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
Virtual CloneDrive 3864 C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
Your Freedom 5552 C:\Program Files\Your Freedom\freedom.exe
(verified) GrooveMonitor Utility 3808 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Microsoft® Windows® Operating System 3464 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 660 C:\Windows\System32\lsass.exe
(verified) Microsoft® Windows® Operating System 1648 C:\Windows\System32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 2188 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1684 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2320 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 2404 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1528 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1292 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1108 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1080 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 1024 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 904 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 836 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 148 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 636 C:\Windows\System32\svchost.exe
(verified) Microsoft® Windows® Operating System 3276 C:\Windows\System32\taskhost.exe
(verified) Windows® Search 3792 C:\Windows\System32\SearchIndexer.exe

Network activity
----------------
Process firefox.exe (2232) connected on port 80 (HTTP) --> 173.194.35.0
Process firefox.exe (2232) connected on port 80 (HTTP) --> 37.59.67.149
Process firefox.exe (2232) connected on port 80 (HTTP) --> 173.194.35.0

Process wininit.exe (596) listens on ports: 49152 (RPC)
Process services.exe (644) listens on ports: 49163
Process lsass.exe (660) listens on ports: 49157 (RPC)
Process svchost.exe (904) listens on ports: 135 (RPC)
Process svchost.exe (1024) listens on ports: 49153 (RPC)
Process svchost.exe (1108) listens on ports: 49154 (RPC)
Process spoolsv.exe (1648) listens on ports: 49155 (RPC)
Process nisvcloc.exe (1888) listens on ports: 3580
Process DVBVservice.exe (2004) listens on ports: 3456, 4022, 7522, 8089
Process PandoraService.exe (2144) listens on ports: 1935, 7955, 12882, 49156 (RPC)
Process StarWindServiceAE.exe (2280) listens on ports: 3261
Process wmpnetwk.exe (4464) listens on ports: 554 (RTSP)
Process freedom.exe (5552) listens on ports: 62799

Autoruns and critical files
---------------------------
C:\Program Files\HP\HP UT\bin\hppusg.exe
ArcSoft Connect C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
DVBViewer Recording Service Tray Applic C:\Program Files\DVBViewer\DVBVCtrl.exe
ESET Smart Security C:\Program Files\ESET\ESET Smart Security\egui.exe
GoldenDict C:\Program Files\GoldenDict\GoldenDict.exe
hp digital imaging - hp all-in-one seri C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
HP ToolboxFX C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
Internet Download Manager (IDM) C:\Program Files\Internet Download Manager\IDMan.exe
Java(TM) Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Malwarebytes Anti-Malware C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
Realtek HD Audio Manager C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
TMMonitor C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
Virtual CloneDrive C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
WEP Application C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
Windows® Internet Explorer c:\windows\system32\webcheck.dll
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Browser plugins
---------------
AcroIEHelper Library c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Bitdefender QuickScan C:\Users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Internet Download Manager Module c:\program files\internet download manager\idmiecc.dll
Java(TM) Platform SE 7 U3 c:\program files\java\jre7\bin\jp2ssv.dll
Java(TM) Platform SE 7 U3 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
LabVIEW 8.0 OCX C:\Program Files\Internet Explorer\plugins\LV80ActiveXControl.dll
LabVIEW 8.2 OCX C:\Program Files\Internet Explorer\plugins\LV82ActiveXControl.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Windows® Internet Explorer C:\Windows\system32\Ieframe.dll
(verified) GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll

aliano · Aug 22, 2012

Scan
----
MD5: 8904797ab560918b115b7ec350b3d2c7 C:\OrCAD\license_manager\lmgrd.exe
MD5: 95151d7903fef5f221a3b5be603e69bf C:\Program Files\7-Zip\7-zip.dll
MD5: e5c796b621f6fba8616511063d7f0ffe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
MD5: dd2fd9dd3d599f38f806fc3918c81884 C:\Program Files\ArcSoft\TotalMedia 3.5\ArcFileSyncLogic.dll
MD5: 92cae710c5328bf8012665710634099f C:\Program Files\ArcSoft\TotalMedia 3.5\fpxlib.dll
MD5: 04773ea5a06acf90d168367ea61f0810 C:\Program Files\ArcSoft\TotalMedia 3.5\ImgCtrl.dll
MD5: f2ed0e090426136b6e26fc4e8547c640 C:\Program Files\ArcSoft\TotalMedia 3.5\kgl.dll
MD5: 376b131955e98398698fcc98faf01cbd C:\Program Files\ArcSoft\TotalMedia 3.5\MagCore.dll
MD5: 140770ed1b79430f5e3bac3e5ed0b0da C:\Program Files\ArcSoft\TotalMedia 3.5\magengin.dll
MD5: 2ee6c9d342332717824d0a938b95f636 C:\Program Files\ArcSoft\TotalMedia 3.5\magFileIO.dll
MD5: c4d185b03a77f5c72527d200180cdc9c C:\Program Files\ArcSoft\TotalMedia 3.5\MagicDll\MagUICommon.dll
MD5: 6e23d3b66cef29cd653c7cb7033788f6 C:\Program Files\ArcSoft\TotalMedia 3.5\MagicDll\MagUICommonET.dll
MD5: 151f129189a79721a53d7eeb1c9ec527 C:\Program Files\ArcSoft\TotalMedia 3.5\MagPCMac.dll
MD5: e9eee3af187bcfe98924e6a71a0245ee C:\Program Files\ArcSoft\TotalMedia 3.5\magPltfm.dll
MD5: aec6ea634f4f2fe8ae67688746e21115 C:\Program Files\ArcSoft\TotalMedia 3.5\magTools.dll
MD5: 000ad4d456d436186b7006657103fbd8 C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIEngine.dll
MD5: 47433ebde5306ee8f96878820504ed8d C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIImage.dll
MD5: c9f1a8832986ab7d1dc879d59f39bf99 C:\Program Files\ArcSoft\TotalMedia 3.5\MagUIInter.dll
MD5: 29b3b4ee2d60207f0ff83ff2fd7d0d04 C:\Program Files\ArcSoft\TotalMedia 3.5\MFC42LU.DLL
MD5: 32dc530c2322c052a96b086b956b9f34 C:\Program Files\ArcSoft\TotalMedia 3.5\Modules\Handheld\HandheldMag.dll
MD5: ee5e3854b8b960043232293df680d759 C:\Program Files\ArcSoft\TotalMedia 3.5\MonitorMgr.dll
MD5: 87529471ec01cb8b109fd00fb0bd601e C:\Program Files\ArcSoft\TotalMedia 3.5\MSLUP60.dll
MD5: bd64b96795a01a0392c14ea7ab2f9005 C:\Program Files\ArcSoft\TotalMedia 3.5\MSLURT.dll
MD5: 6950ad47e6cb3493275c1d687337745e C:\Program Files\ArcSoft\TotalMedia 3.5\MSVCP60.dll
MD5: 2c2561348b2e112beb75db48ce401f56 C:\Program Files\ArcSoft\TotalMedia 3.5\PortableDevice.dll
MD5: 73b0e14ef9b7115e41b7c5ce70129bff C:\Program Files\ArcSoft\TotalMedia 3.5\Res_Monitor.dll
MD5: 1039b5838a86fa30c3b696ad3390dbd0 C:\Program Files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
MD5: 608964b87c4bddee178a717e80a844df C:\Program Files\ArcSoft\TotalMedia 3.5\ToolsCtrl.dll
MD5: 9a9be26bd1629b4332d5c68284445373 C:\Program Files\ArcSoft\TotalMedia 3.5\uafc.dll
MD5: 35b86237df68b9937f3805801c907124 C:\Program Files\ArcSoft\TotalMedia 3.5\uafcrc.dll
MD5: 6f0aa4a6a0c714387f098ef464c9333e C:\Program Files\ArcSoft\TotalMedia 3.5\uAlignSplit.dll
MD5: 04c193d288793b8df7ecd9c6adcb8dd4 C:\Program Files\ArcSoft\TotalMedia 3.5\uDiscClub.dll
MD5: 937707f9b6fd057836a6ed2867ff306a C:\Program Files\ArcSoft\TotalMedia 3.5\uDvdIfo.dll
MD5: 5ab35b8f23775d20b32a65d60fdbf6e2 C:\Program Files\ArcSoft\TotalMedia 3.5\uDXPubTool.dll
MD5: 5cf01a73b34d541579754b6056423c00 C:\Program Files\ArcSoft\TotalMedia 3.5\uEpg.dll
MD5: f14de5c4f3eff4d3c06a52b97812d671 C:\Program Files\ArcSoft\TotalMedia 3.5\uEZDLL.dll
MD5: 6e0b6167e2ea8b2171822e8186df6ca4 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaClub.dll
MD5: 5b5d6b7a313df1f602c5d6aa3813b1e0 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaEVR.Dll
MD5: e67fef9d419aa08cd1e67961418370fc C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaExport.dll
MD5: cc1fb4f7da4de66b4d78f40378a73a27 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaImport.dll
MD5: 00609c36902d60c4533b5dd98f246738 C:\Program Files\ArcSoft\TotalMedia 3.5\uMediaInfo.dll
MD5: c1fbfbfe796349d16fcb2c88a0933d0d C:\Program Files\ArcSoft\TotalMedia 3.5\uPiApi.dll
MD5: 93448fa34d7c1c3378d496308dbbb82c C:\Program Files\ArcSoft\TotalMedia 3.5\uSche.dll
MD5: d3c11ea798bc20f0bfc7cf2693da4334 C:\Program Files\ArcSoft\TotalMedia 3.5\uVDibTool.dll
MD5: 0a7977ff7535f237c8c745ae09887c35 C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
MD5: 1d5a364193eed5a97803b95377ac15ee C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
MD5: da557791a5706d090ceb6577888fbdea C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Actions.CCAA.Shared.dll
MD5: b08e334c6973ce6076ad8575da7f3d1d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.DPPE.Shared.dll
MD5: 1ca10f5c48b7fcf6f62a1c0ffba2a1b2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.EEU.Shared.dll
MD5: bf7c51d2e330886ede129d05e6fef9bf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.GD.Shared.dll
MD5: 32f468d6a63a904185699862c9411745 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Hotkeys.Shared.dll
MD5: c3e749265ac97e7934496a855215ad9d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.REG.Shared.dll
MD5: 3318b9c8eec32dba863ed139da3b96ec C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.Source.Kit.Server.dll
MD5: 90c02d661b4779555968b6deee2c4e02 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Plugin.WinMessages.Shared.dll
MD5: e822f85c40dcfa9195a54fd025976289 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.dll
MD5: bb345d73546e6f4eba8e45b6dd122b77 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\AEM.Server.Shared.dll
MD5: 6e743448fba96380d5df7a12a461562b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Foundation.dll
MD5: 8253471312ace62813eedb0bbd65c7f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\APM.Server.dll
MD5: cc7ca22b35918122268263a3eddeffdf C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
MD5: 15603e55d29a664eb60ae75614a0a770 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamenu.dll
MD5: 1f3744e1a9fe300c4c18c8c0f54bb763 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATICCCom.dll
MD5: d207bf7be9111afcccec42a41012306c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ATIDEMGX.dll
MD5: ee850c95ed088e8835f2425ee551296f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atixclib.dll
MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
MD5: 14e17dd37ac52759c8aade350e6bdda8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.Implementation.dll
MD5: 8be410ff42a526294cf1cad00cd8b000 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MD5: d1da9d819f4f741e2ecb80a6e96cfee9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CustomFormats.Graphics.Shared.dll
MD5: ac50e4d575e307030407af26f1c1ee7c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Dashboard.dll
MD5: a6d4f7aac2c9f5b2e2c99b84e4d6075f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Runtime.dll
MD5: 2b73cc57989fa631679b45987bc681f9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeskMan.HydraVision.Shared.dll
MD5: f96c00ba25fa64e380eab6fd9ef4add1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Dashboard.dll
MD5: 8c948b617f06e9c06b9527ebaaf0cc2d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.Runtime.dll
MD5: 6d878631dd93fec20a6b6fb59014bba0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCRT.Graphics.shared.dll
MD5: 84f16bc0542017c2f1cf0490558c281b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Runtime.dll
MD5: bc4756fed56f7ce5d6a77f1fd21ffd51 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceCV.Graphics.Shared.dll
MD5: 3b883342f818e3b15e620f7a6901c9f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Dashboard.dll
MD5: 0927c7be7e375d9824ba05087bf1359a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Runtime.dll
MD5: 9c2beca493018344ac56c9d439cd2190 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceDFP.Graphics.Shared.dll
MD5: 8d19a4a5fa71281cf819ee4a16a5c930 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Runtime.dll
MD5: b50ea6ec7007580b8a1414f9a4c5899c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceLCD.Graphics.Shared.dll
MD5: 0b7c030d125feee46572e35e1ced5647 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Runtime.dll
MD5: 89dddfa13d72bb9209c6658d4c4f134b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceProperty.Graphics.Shared.dll
MD5: 972c4e624174d6d21710d6bcd889d7c3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.Runtime.dll
MD5: 4383c6324eea252f449595c94e7d4cf2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DeviceTV.Graphics.shared.dll
MD5: 263df2d8d716af06b2fc17ecae13a75c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.dll
MD5: 36ddd9c72ea391ca2e7afe330fbb5584 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Runtime.dll
MD5: f13c400ef91773c97a2b4476209e9bfe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysColour2.Graphics.Shared.dll
MD5: 078209b9ab7358177a66fc0f5e51dbeb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager.Graphics.Dashboard.dll
MD5: 5be2e5e328587368c8d723a36f12335e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.dll
MD5: 893565e89770d37c8e2053c67bd8a0aa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.dll
MD5: 2d9eb237c07bb2fd0f87d9ed0651e4a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.Runtime.dll
MD5: 7d3b7176651e17321f26e1819ab891aa C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.DisplaysOptions.Graphics.shared.dll
MD5: 2a0f27ff1e5da3505b9a1291c9f7fc5e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Dashboard.dll
MD5: 1b926f35175f5a9c68d89b276f2e43b4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Runtime.dll
MD5: cc9790be510c9a44426bf9f3d15e1d55 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Grid.HydraVision.Shared.dll
MD5: d2bf3acd6478019d74b42e65fad833d0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Runtime.dll
MD5: 67098763c34da71f950afd35f7db8332 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.HotkeysHandling.Graphics.Shared.dll
MD5: a705d672c67a851d83f01c27d1676218 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.InfoCentre.Graphics.Dashboard.dll
MD5: c2129bd845692d01627ebe57a6ccaea3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Dashboard.dll
MD5: 2f7aa5334e979708bf5a627486ccbd55 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Runtime.dll
MD5: 92b20fb26cc263d225089904a39deb36 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MDProp.HydraVision.Shared.dll
MD5: 4f42f374a4afcab117b09a6b9bd339c3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Dashboard.dll
MD5: 549a6fc0a75c8eb3145b4c7d9721093c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Runtime.dll
MD5: 5bb82e44b77dcec0e4f725720d407e5a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MMVideo.Graphics.Shared.dll
MD5: 4d98bc312a595628c7b62515fd5d6294 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Dashboard.dll
MD5: b89bad32c203e9b6e9bd324ec1ed84a8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Runtime.dll
MD5: 724819752b356c666adfb91201d19913 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.MultiDesk.HydraVision.Shared.dll
MD5: a1eeb23d5e1acd91bf80fab932215a2d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Dashboard.dll
MD5: b027e352870a3e580365c2a0a9eac1e9 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.Runtime.dll
MD5: b1a4709ea9dd8b340e46058d2a9a28cd C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.OverDrive5.Graphics.shared.dll
MD5: 600015228bcd74be803849732523256a C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Dashboard.dll
MD5: f8bf424679facd875a903a9bf931e86e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Runtime.dll
MD5: ec11ce3ff73700c49f1670241f0b9b83 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Radeon3D.Graphics.Shared.dll
MD5: a3ee6cf40ab19bf2b7dcc0a83d844e66 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Dashboard.dll
MD5: a54dd1814c8c14119d50d865d64e4ea2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Runtime.dll
MD5: 82c4e47fa5fa2f2c63b9538368a4ee3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.Settings.HydraVision.Shared.dll
MD5: c8c05901812e4923cc9139a4c47ef369 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Dashboard.dll
MD5: 27df6787c324985ca9e0f1f4ccf45d1e C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.Runtime.dll
MD5: 79affa7ae8fb412474d688de24f65021 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.TransCode.Graphics.shared.dll
MD5: 69c3b3559c83f7a6621e958e86f94711 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.VeryLargeDesktop.Graphics.Shared.dll
MD5: 843bd3d989ea43c07e0028c1c96290eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.dll
MD5: 85b4d9b42463bb6fd76558107fc62fbc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Dashboard.Shared.dll
MD5: 7d8c23cc9560102b81c6b9327b7f0317 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.dll
MD5: 815a03570ea5e224de196b98a7e299ab C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Runtime.Shared.Private.dll
MD5: 624e1e7c612c038a649097068332c620 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.Graphics.Shared.dll
MD5: 8a13c81a371cd73d253a9f4816be8038 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Dashboard.dll
MD5: 84b6fc5308f74fd7d96c6101745f2f61 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Runtime.dll
MD5: a78a90cc8dbfbd1562b40c25ee9cc219 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Caste.HydraVision.Shared.dll
MD5: e821fed8cdbaef41ac8194a1ce94af19 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.dll
MD5: 04955298be40ff29004d8af2b9c859df C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Client.Shared.Private.dll
MD5: d4bf5441ded9eddc440d7ae103c2d531 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.dll
MD5: acff631613aad3da0d3ede1ad1bfe314 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.dll
MD5: 40dae1c67086270c9743b37fa53860c0 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Dashboard.Shared.Private.dll
MD5: fe0d39365d173817cda81df84a26e5a4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.dll
MD5: 52cef07697c7ba2c49e26b79e9516fec C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Extension.EEU.dll
MD5: bea14aa7f441810d9c0559b833125507 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.dll
MD5: be3a8e99a8a74423d14a6f34aaedd9af C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Runtime.Shared.Private.dll
MD5: cd2c7009069c4a5779769621c9f2e884 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.SkinFactory.dll
MD5: 2c0efe81eb1269fcbbfe6b4525dd449b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Systemtray.dll
MD5: 699427527642716ded58b2f60bd14fb4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.dll
MD5: 5e2f9e4321fc4108b871ce2a4d0d791b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.dll
MD5: 462194ca4fa6c433e9dda5424a411397 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Component.Wizard.Shared.Private.dll
MD5: b54f6c669e740041e40713ae20f0e77d C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.dll
MD5: 419ca1c06e4897fce3058fd45ea34c68 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.Private.dll
MD5: 91977120ee7d2d5b2fe60e6670dae5e8 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Foundation.XManifest.dll
MD5: 0700ea00c2cbb1f89e2681f90a14820c C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: e7584278475abe7c43863b514bad69b5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.dll
MD5: 0deab952a0a36abcb6270fe45d3cace1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0703.dll
MD5: 2e7fab502a8615b1aab0eab35afbca3b C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0706.dll
MD5: 40261429e4139a04d27bc9489f3ed7eb C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0709.dll
MD5: 5c281ffe91b8639a7448fcec5754e123 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0712.dll
MD5: 7f9a009e33940087fde0fa25d8aa5706 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0804.dll
MD5: 0386fad4fee556be7c263dd397d30e75 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0805.dll
MD5: acfd0d2cd67c478673f2eab1cb4d9d79 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0812.dll
MD5: 258c457aed786e5f6360a8472bf6c176 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0906.dll
MD5: 9e897687058f8a8d95ce888ac6835ad7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\DEM.Graphics.I0912.dll
MD5: 50004ed7815fcdc0fb613f6f0188d601 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.dll
MD5: fd9c464b82180735a6eed112b6123458 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.dll
MD5: 2c8018dd4103b260a0a0c1804b9082e5 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Implementation.Private.dll
MD5: e54df1f9cd97f0ab065af0641babe3c1 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\LOG.Foundation.Private.dll
MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
MD5: f3908b786b80423d4d739948a066dcfc C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Foundation.dll
MD5: 337d1a8ed745ca9950d767585b0855a3 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.Implementation.dll
MD5: 74c6983c22f3f070c941128d01687dd7 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\NEWAEM.Foundation.dll
MD5: e90c00af0e23f8ae2a621b883d7d8fd4 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Implementation.dll
MD5: cf92f1b9bbce85a82b55c5389e0c8e10 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ResourceManagement.Foundation.Private.dll
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a c:\program files\common files\adobe\acrobat\activex\acroiehelper.dll
MD5: 7548c242d95cbff76908360ad629c09f C:\Program Files\Common Files\ArcSoft\Bin\ArcCon.dll
MD5: fe798cc2f350e3567e75266f37b98be2 C:\Program Files\Common Files\ArcSoft\Bin\magPltfm.dll
MD5: a7810b302294793de88542aae177d1b1 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
MD5: f400694d7d2785f60133c20f7f2f4f7a C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
MD5: 59a6413fb2cc89fd8651b1d2962fb8b9 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\MSVCP60.dll
MD5: ba466d3dc13712d5c0cec39a5265038d C:\Program Files\Common Files\ArcSoft\MPEG Engine\ArcWmdmMgrCom.dll
MD5: 7e27ca6ad25702e048bfea4376e75cbc C:\Program Files\Common Files\ATI Technologies\Multimedia\atimpenc.dll
MD5: dfdabcd3f7eedb8f5474b9439e3f4483 C:\Program Files\Common Files\ATI Technologies\Multimedia\atixcode.dll
MD5: 995beb69ae5c50d354894354f5a6cd5a C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: a88cc2ed8f8ca2ad5b362a20dbabe9c5 C:\Program Files\Common Files\Nero\NeroShellExt\NeroShellExt.dll
MD5: 220b467a0001cd118d2bf97966e8106a C:\Program Files\Common Files\Nero\NeroShellExt\SolutionExplorer.dll
MD5: 17ad6a5e8a3e68d3f77894b02b88bf92 C:\Program Files\Common Files\System\ado\msadrh15.dll
MD5: 74ffa8fc7a88d6d707792805864ea04f C:\Program Files\DAEMON Tools Pro\DTCommonRes.dll
MD5: 62ca2829b6c25a9aa53feeb90e497884 C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe
MD5: 2f3e4e3c42a170009f2cc1dd434c0967 C:\Program Files\DAEMON Tools Pro\DTShl32.dll
MD5: 21d39cc4de4684477d7dedf9fca426f1 C:\Program Files\DAEMON Tools Pro\Engine.dll
MD5: 4de1ebb2314e2f10ac9ec83138193f8b C:\Program Files\DAEMON Tools Pro\ImgEngine.dll
MD5: 76a152a7acba74fb62f4946ea37c14d5 C:\Program Files\DVBViewer\DVBVCtrl.exe
MD5: be0fc1728239e3c786f499fa3beb2f41 C:\Program Files\DVBViewer\DVBVservice.exe
MD5: 23a977bd85955841b3e54bf4711ed61a C:\Program Files\DVBViewer\sqlite3.dll
MD5: de37f9b256fabe999a03ea23b4ca26ec C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
MD5: cbe195127a3a162865f2396b3cf11a75 C:\Program Files\ESET\ESET Smart Security\egui.exe
MD5: efbb5c82ada23bb8dade9d757c636d8e C:\Program Files\ESET\ESET Smart Security\eguiAmon.dll
MD5: 5fe935c3329ec9de10111b76cc95695a C:\Program Files\ESET\ESET Smart Security\eguiDmon.dll
MD5: 47316e319360c65a7c86a468dd430ea0 C:\Program Files\ESET\ESET Smart Security\eguiEmon.dll
MD5: 88c9085f1332adfbcc30e50f03e64048 C:\Program Files\ESET\ESET Smart Security\eguiEpfw.dll
MD5: fd59640966349e41b48687a0c0f64539 C:\Program Files\ESET\ESET Smart Security\eguiMailPlugins.dll
MD5: 15a5cd23d96d9b2c9a661dccd0eff091 C:\Program Files\ESET\ESET Smart Security\eguiScan.dll
MD5: fdbbb142eb919434432d9215c133460e C:\Program Files\ESET\ESET Smart Security\eguiSmon.dll
MD5: 436ee0f9b3d62875f6075ae9246740e5 C:\Program Files\ESET\ESET Smart Security\eguiUpdate.dll
MD5: d83323d7cd5d1cc46b42da9e59409890 C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
MD5: efa198f8983d064a81052851f7bb80c2 C:\Program Files\ESET\ESET Smart Security\ekrn.exe
MD5: 06a55658b781ee045c2bde16b73e9f4d C:\Program Files\ESET\ESET Smart Security\ekrnAmon.dll
MD5: d38dee988862af60716a0ec7bbd1875c C:\Program Files\ESET\ESET Smart Security\ekrnDmon.dll
MD5: 34cefefebd8ae513f4927b0e43f8f5ca C:\Program Files\ESET\ESET Smart Security\ekrnEmon.dll
MD5: c95fd762058ebab2fadb1e9f6feec776 C:\Program Files\ESET\ESET Smart Security\ekrnEpfw.dll
MD5: 3888af0d0aeb7bee34058957ab723aff C:\Program Files\ESET\ESET Smart Security\ekrnMailPlugins.dll
MD5: a14d9e43ba94d78bba68ee9a9891cb44 C:\Program Files\ESET\ESET Smart Security\ekrnScan.dll
MD5: 51b3328eb674c5e8484ba72ade9c1d71 C:\Program Files\ESET\ESET Smart Security\ekrnSmon.dll
MD5: 2cf4290bb2aad96e6ab621322a1bd393 C:\Program Files\ESET\ESET Smart Security\ekrnUpdate.dll
MD5: 8dc09e45e33c679f8bad8c3c72132670 C:\Program Files\ESET\ESET Smart Security\shellExt.dll
MD5: ca70572b19d6964d4c1e5d7c8b9f61b8 C:\Program Files\ESET\ESET Smart Security\updater.dll

aliano · Aug 22, 2012

MD5: 59c739766e4ffa5a7b277e585f16acae C:\Program Files\GoldenDict\GdTextOutSpy.dll
MD5: 43847868c9bab19c36368126d8a04f4d C:\Program Files\GoldenDict\GoldenDict.exe
MD5: 5788ff84c91dc1346100729cf5b2609d C:\Program Files\GoldenDict\imageformats\qgif4.dll
MD5: e7eb18cdf17920e3e87c32d4b8df674f C:\Program Files\GoldenDict\imageformats\qico4.dll
MD5: 0c6b04974459f5b6ab52ae40cb0554ea C:\Program Files\GoldenDict\imageformats\qjpeg4.dll
MD5: bdb0c4d25d34f099d6544f9a846d7021 C:\Program Files\GoldenDict\imageformats\qmng4.dll
MD5: b40a4133de33f62d4a6ca3337b1e0e98 C:\Program Files\GoldenDict\imageformats\qtiff4.dll
MD5: c4b4409f186da70fcf2bcc60d5f05489 C:\Program Files\GoldenDict\libgcc_s_dw2-1.dll
MD5: fd1dc6c680299a2ed1eedcc3eabda601 C:\Program Files\GoldenDict\libiconv2.dll
MD5: dbda60d92e774b4acb3b1cd71f909426 C:\Program Files\GoldenDict\mingwm10.dll
MD5: df73cd37abce9dff192e9f5d813f0efa C:\Program Files\GoldenDict\phonon4.dll
MD5: 209cc188ab1e4595e5642224f7453f6f C:\Program Files\GoldenDict\QtCore4.dll
MD5: 44cb41cd7d1da6561e901ff0ef6ef99c C:\Program Files\GoldenDict\QtGui4.dll
MD5: 2269f24b150c2d30a6b860338f54c176 C:\Program Files\GoldenDict\QtNetwork4.dll
MD5: baf55ed841c3f9ea2e947feb02f706c4 C:\Program Files\GoldenDict\QtWebKit4.dll
MD5: f6ee315f9be79f614c2b5b5cc15ccaa9 C:\Program Files\GoldenDict\QtXml4.dll
MD5: c7d4d685a0af2a09cbc21cb474358595 C:\Program Files\GoldenDict\zlib1.dll
MD5: e98cfb0c92e3a8e5c6f530d28d3dbd80 C:\Program Files\HP\Dfawep\bin\hpbdfawep.exe
MD5: 58d4765ab87347db835d5693adf652c1 c:\program files\hp\digital imaging\bin\hpqcxs08.dll
MD5: 9af5ea601c06e5c64f9f006e050b931e c:\program files\hp\digital imaging\bin\hpqddcmn.dll
MD5: 99ed733f614660eb32199bf889dfb7e2 c:\program files\hp\digital imaging\bin\hpqddsvc.dll
MD5: 5b6748dfa56a0be54c45b989378293e1 C:\Program Files\HP\Digital Imaging\bin\hpqusg.dll
MD5: 7af5a466cf4aeca28e3dcbcf5b6fd220 C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
MD5: 8621c46f5ba088b4bc61d01e053799c6 C:\Program Files\HP\HP UT\bin\Enumeration.dll
MD5: 676b8eafbbf50d404527d461b28ee9fa C:\Program Files\HP\HP UT\bin\hppusg.exe
MD5: a5408669c55d268a3a7b4805fdf0efe7 C:\Program Files\HP\HP UT\bin\HPToolkit.dll
MD5: ba8db79766b8c7b84d557e3c97b7f0ac C:\Program Files\HP\HP UT\bin\HPTools.dll
MD5: 2052cc7c18923a88f67d9ded11d04058 C:\Program Files\HP\HP UT\bin\HPUsageTracking.dll
MD5: f7585c6f1b7d813fc60c0c150b7868e5 C:\Program Files\HP\ToolboxFX\bin\Alerts.dll
MD5: c314cda134602b4bba86596423263cbe C:\Program Files\HP\ToolboxFX\bin\AppConstants.dll
MD5: 4c6de30665dd88dcf36206b86c97e919 C:\Program Files\HP\ToolboxFX\bin\Enumeration.dll
MD5: 41e9d827a260d506dffdac2a899d5353 C:\Program Files\HP\ToolboxFX\bin\HPAppTools.dll
MD5: f2e13c160cca46e861d10863ecdef524 C:\Program Files\HP\ToolboxFX\bin\HPFaxUtilities.dll
MD5: 6277d740a2a2fa6adc2ff3e0c6f5246b C:\Program Files\HP\ToolboxFX\bin\HPTLBXFX.exe
MD5: eb44fb2fd05ba20c2a69693aaf6a4099 C:\Program Files\HP\ToolboxFX\bin\HPToolkit.dll
MD5: 213a53fa33116513722b0f2f7ce17297 C:\Program Files\HP\ToolboxFX\bin\HPTools.dll
MD5: 9828caf511808cc853628090ff4f6992 C:\Program Files\HP\ToolboxFX\bin\NamedPipeChannel.dll
MD5: 29536b6e08358d4956dc3df2b2416e66 C:\Program Files\HP\ToolboxFX\bin\nativeutils.dll
MD5: 48cf488a23577d1bc5d73a2102baf4e5 C:\Program Files\Internet Download Manager\IDMan.exe
MD5: caf705aa1a7810fd81b50b08e2415dd4 C:\Program Files\Internet Download Manager\idmcchandler2.dll
MD5: ea1a320b897268bd6accfeddb31b9cab C:\Program Files\Internet Download Manager\idmftype.dll
MD5: eec9fc5fded72f65c609a720750d6a3b c:\program files\internet download manager\idmiecc.dll
MD5: f3d66d5aff658162d93edbcda2da35dc C:\Program Files\Internet Download Manager\idmmkb.dll
MD5: fc9f5c1efbf339cc00ef33587570f86c C:\Program Files\Internet Download Manager\IDMNetMon.DLL
MD5: 1d3910b356bbdebf096cad12e4f04103 C:\Program Files\Internet Download Manager\IDMShellExt.dll
MD5: 4ddc46c5feecf9eb92ad554d6ed37e0c C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 09ebabefff3e96123fa4e649b714a203 C:\Program Files\Internet Explorer\plugins\LV80ActiveXControl.dll
MD5: 53a348aa51fdd7c2ba7a807a1c4e00ba C:\Program Files\Internet Explorer\plugins\LV82ActiveXControl.dll
MD5: 04af8bc83a89d9b71f7e0bcaf9fdd768 C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 1d2a28be7ee00aaddde21b0f384f20a8 c:\program files\java\jre7\bin\jp2ssv.dll
MD5: 0edfc83fad9ef12df0801d0927c3cbb8 C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
MD5: 8d7fbdeceeb7339212d15224817870bd C:\Program Files\JetAudio\JetFlExt.dll
MD5: fb665485b6c8ee16fed0619adff8b27a C:\Program Files\Malwarebytes' Anti-Malware\mbam.dll
MD5: 8f233c5bc68e34d18d38257b283ce96c C:\Program Files\Malwarebytes' Anti-Malware\mbamcore.dll
MD5: 05d6b219b8279e928ecddb11df8d5934 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 84db35f319e5b67838a4877c11748866 C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 24744f14e76174927aa2bd4600709192 C:\Program Files\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 43683e970f008c93c9429ef428147a54 C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: 5abc507ead0a15a3c07c17dfb3e510ae C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
MD5: bd4c601a0c7c2b5e06753c77b0f15cec C:\Program Files\Mozilla Firefox\components\browsercomps.dll
MD5: 25532414a7a088553527a75b31df0592 C:\Program Files\Mozilla Firefox\firefox.exe
MD5: acdda9608d9e9374227ae3981305da74 C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 8bb7bee59f0287a0ead64957db67b532 C:\Program Files\Mozilla Firefox\mozalloc.dll
MD5: 54e853f7cbb2a7114da3763bf9abd4d5 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 37ef3bb68aea271b600a1d2eec58cd2a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 3a5236be0bc729a077a80e2e5a716843 C:\Program Files\Mozilla Firefox\mozjs.dll
MD5: 3481a993bbbcef7f83938d3bbcba53c3 C:\Program Files\Mozilla Firefox\mozsqlite3.dll
MD5: b18ac873044816fcd21f6c742eea4556 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 3c840551b5baafc45b3f02c789d4fc77 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 15032e6af825451b861f0f941c344932 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: c45c19f159f02a7a050c840dfccac489 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 4585bff270a7f0bac15c15f131012578 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 3a6b10e1d909da39716dfbb921a4842c C:\Program Files\Mozilla Firefox\plc4.dll
MD5: f9375875aa40bf4756d66ff692393aac C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 1cd878ffa3b97d9008fa0e723ed996cb C:\Program Files\Mozilla Firefox\plugin-container.exe
MD5: 3cf277c305780ffeb8be2f80276a9e37 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: c30f05f0faa9c826b8578d0159fa7c83 C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: eda70aba6202a5a152c6d8b5c5874ce9 C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 49f6273082e0341ddd4af0be02394da9 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: d2f353297cdf9197dc322f4c930009c0 C:\Program Files\Mozilla Firefox\xul.dll
MD5: b17093b9a2c5f874975c732c1a8ba771 C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe
MD5: 5fbbc10263154d72cc85166a4547e21d C:\Program Files\National Instruments\Shared\Security\nidm_client_thinauth.dll
MD5: ab886a4e9f00a251d96f8958f2fc94d7 C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe
MD5: d639e877eca1cd4591d74a2281a9ba1a C:\Program Files\Nero\Nero 10\Nero BackItUp\NBRes_en-US.nls
MD5: af016aceb82fc1ecedb773a4693ca5a0 C:\Program Files\Nero\Nero 10\Nero BackItUp\NBShell.dll
MD5: b605f7c971b7e5f69dc124e039bcf14f C:\Program Files\Nokia\Nokia Home Media Server\Media Server\TwonkyMedia.exe
MD5: 3ec8de67b1c78c31e54c0f030e6bd7d5 C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe
MD5: 7c4e1a22b7f7ed30e134a7a6c0075daa C:\Program Files\PANDORA.TV\PanService\avcodec-53.dll
MD5: 8b6a4dfd617c1a851386005b58bb717d C:\Program Files\PANDORA.TV\PanService\avformat-53.dll
MD5: da4207a57b76170725d5405943843722 C:\Program Files\PANDORA.TV\PanService\avutil-51.dll
MD5: d5b69fdd9cda438179a9a72da388f673 C:\Program Files\PANDORA.TV\PanService\libupnp.dll
MD5: bc83108b18756547013ed443b8cdb31b C:\Program Files\PANDORA.TV\PanService\MSVCP100.dll
MD5: 0e37fbfa79d349d672456923ec5fbbe3 C:\Program Files\PANDORA.TV\PanService\MSVCR100.dll
MD5: 01907300eb52206b06facb9608f369a9 C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
MD5: ba540c8386c71eea7746cef1255a469e C:\Program Files\PANDORA.TV\PanService\PanStreamer.dll
MD5: f481bde7b3d8439d882d51543d8f6305 C:\Program Files\PANDORA.TV\PanService\proxy.dll
MD5: 0ab7d0e87f3843f8104b3670f5a9af62 C:\Program Files\PANDORA.TV\PanService\pthreadVC2.dll
MD5: 40d5d8eebe614f115b81e677587f1007 C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
MD5: 4a84526076717f87f3e1ad24ab28fb5a C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
MD5: 089b5f924e96ba9c40e4e4522bf43770 c:\program files\windows defender\mprtp.dll
MD5: 77fbd400984cf72ba0fc4b3489d65f74 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 8da7de8b3ac78c784be73dd9c20c786c C:\Program Files\WinRAR\rarext.dll
MD5: 8dee907802dc058c8ac582addeb0f38d C:\Program Files\Your Freedom\freedom.exe
MD5: 8aacba4e800a99a22686f5ad4512f60a C:\Program Files\Your Freedom\LatteLibWin-3.0.0.dll
MD5: 17f5315b31675c3514d1bea382e24e0b C:\Program Files\Your Freedom\rt\bin\awt.dll
MD5: 1abe76d4671f3b4c001d1f43731f0e32 C:\Program Files\Your Freedom\rt\bin\dcpr.dll
MD5: 73cf2f3e0bc7f989c30c7dac9489651e C:\Program Files\Your Freedom\rt\bin\fontmanager.dll
MD5: a18786237fe5b876d7d0adec6221ffd1 C:\Program Files\Your Freedom\rt\bin\hpi.dll
MD5: cf2330250a2beeeca97dd6d23e495d6a C:\Program Files\Your Freedom\rt\bin\java.dll
MD5: fa743e3746d09dae00f59a0e7ff9cd28 C:\Program Files\Your Freedom\rt\bin\jetvm\jvm.dll
MD5: a04d799147fd29b1c856f8a06879b220 C:\Program Files\Your Freedom\rt\bin\jpeg.dll
MD5: f93a02a2652d7b50f5b64f70c925c70d C:\Program Files\Your Freedom\rt\bin\net.dll
MD5: 841621e6657363e8f1c606baa39b726d C:\Program Files\Your Freedom\rt\bin\nio.dll
MD5: 116b2223bd7c740e0b0f5fc56f1c7d41 C:\Program Files\Your Freedom\rt\bin\sunmscapi.dll
MD5: 1ae1ef87eea87306388a93142abbdb96 C:\Program Files\Your Freedom\rt\bin\zip.dll
MD5: e370ed8bfe2ebcb506f1544772ceec2f C:\Program Files\Your Freedom\rt\jetrt\baseline760.dll
MD5: f4dd9e29cab8110c976b9200e8067bc2 C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BD3E12DC-3561-4344-A175-3D9A1E12F3C7}\mpengine.dll
MD5: 0dd42a8cef1a562927264f4164710535 C:\Users\Clinic 123\AppData\Roaming\IDM\idmmzcc5\components8\idmmzcc.dll
MD5: c9e3864fb9cbfa93d9010bcfe18a5697 C:\Users\Clinic 123\AppData\Roaming\Mozilla\Firefox\Profiles\2yxm0cjs.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: ff885a5a7af62f47a5b97f385cfd4fbf C:\Windows\assembly\GAC\Interop.hpqusg\3.0.0.0__a53cf5803f4c3827\Interop.hpqusg.dll
MD5: b1b4d14cefa7d1c0e1fd1b4ecb5ddce2 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8c1770d45c63cf5c462eeb945ef9aa5d\mscorlib.ni.dll
MD5: 0de5baeec29ecb3a7c0a40f1d1b02362 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\4b1350e31ff09cc583b34854816d8036\System.Configuration.ni.dll
MD5: 1d8d7a6ad401e267b217c9d609eb2b82 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\ebb1a98d5d55d13bbe33034416ee5a1f\System.Deployment.ni.dll
MD5: e5fc214de61ac769cdc8fa6a61c7578d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ead6be8b410d56b5576b10e56af2c180\System.Drawing.ni.dll
MD5: d3e94342eedebf9b61f3ca1254598ec4 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\4bdeb88758dccd625f4703ed77aaf348\System.Runtime.Remoting.ni.dll
MD5: 13cf544d751bf3cffa10c0971ff10f50 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\d57d865568209a71d63739fa448ed6df\System.Runtime.Serialization.Formatters.Soap.ni.dll
MD5: 0424ea7eb0c419756a502567231e1866 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\3871fc2b96345aa6f3be81d9e3c97160\System.Web.ni.dll
MD5: 9ec43eeadd6a4139934a9ccb43c23063 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\fedf1ba58dced4f0b3f8c457648ceed9\System.Windows.Forms.ni.dll
MD5: 6b285819c2d8648837743b57fd449939 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\5dd9f783008543df3e642ff1e99de4e8\System.Xml.ni.dll
MD5: 61b193f8e187bada79d8330e3de35d29 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\5ba3bf5367fc012300c6566f20cb7f54\System.ni.dll
MD5: 15bc38a7492befe831966adb477cf76f C:\Windows\explorer.exe
MD5: f475daa3cf6d19da49be7bac0a966db3 C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: 8b794ae6d5c7d42092804bc39a2eb8f6 c:\windows\system32\AEPIC.dll
MD5: c5e3c0a164e792549b0e44f531a56f3b C:\Windows\system32\atiadlxx.dll
MD5: 90bf2c95ff63ea8cd6a2c1c85d00076d C:\Windows\system32\aticfx32.dll
MD5: 610ef4722272b9a6571ade15269f16bc C:\Windows\system32\atidxx32.dll
MD5: 23d643acee70cf354aa612641d15d800 C:\Windows\System32\atieclxx.exe
MD5: 369fc70bdbaa2d13e0e66647e14cecef C:\Windows\System32\atiesrxx.exe
MD5: ce0fbbf22322d49eef4ebcbd0b870414 C:\Windows\system32\atipdlxx.dll
MD5: b858095e6f354c3c2f002a429b17897e C:\Windows\system32\atiu9pag.dll
MD5: 2a342d6a9b46ac5923ad5ecbf5c5558c C:\Windows\system32\atiumdag.dll
MD5: 52e53dd1510d1ceaffea4a5be291dbd5 C:\Windows\system32\atiumdva.dll
MD5: 07a37df1d8e90dc97c6c4118cdee0bc1 C:\Windows\system32\atiuxpag.dll
MD5: fabfc817547eabb19b74849cef410622 C:\Windows\system32\authui.dll
MD5: 3e9aad82823c3ef21de2e73b494d8aa2 C:\Windows\system32\AVIFIL32.dll
MD5: 9a595df601070da78c40481120dd2c06 C:\Windows\system32\basesrv.DLL
MD5: 420d4c7b1f783a8a03197e04054b2e68 C:\Windows\System32\bdaplgin.ax
MD5: 65c2f2a191905da1baada9804e4c2c3c C:\Windows\system32\chsbrkr.dll
MD5: fb798295e0483218be8b4f6f17b5cdfe C:\Windows\system32\chtbrkr.dll
MD5: 9092668daf4061898fd3f2c19d8c7f85 C:\Windows\system32\CLUSAPI.DLL
MD5: 50ba656134f78af64e4dd3c8b6fefd7e C:\Windows\system32\cngaudit.dll
MD5: 10de24cccd418c31107813682eb73542 C:\Windows\system32\CSRSRV.dll
MD5: 342271f6142e7c70805b8a81e1ba5f5c C:\Windows\System32\csrss.exe
MD5: 990a58a0b01720e419b55efc5ff387f8 C:\Windows\System32\dhcpcore6.dll
MD5: 100103c6535c66265267f5eea5f5846e C:\Windows\System32\dnsext.dll
MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\Windows\system32\drivers\Afc.sys
MD5: 76bab0c824e2d05b940c4dd40a9b08bf C:\Windows\system32\DRIVERS\athr.sys
MD5: 7b4342936a3885cfe18e5d1df6d55bc5 C:\Windows\system32\drivers\AtihdW73.sys
MD5: da3cf5b94ad09290896e2b73df6d4173 C:\Windows\system32\DRIVERS\atikmdag.sys
MD5: 46a3f55772fd2d1526994693ae352579 C:\Windows\system32\DRIVERS\atikmpag.sys
MD5: 72bc628af75c4c3250f2a3bac260265a C:\Windows\system32\DRIVERS\atksgt.sys
MD5: 77361d72a04f18809d0efb6cceb74d4b C:\Windows\system32\DRIVERS\bridge.sys
MD5: 9a908a9bb857c2cceb2907eb9dcaeb8b C:\Windows\system32\drivers\ccdcmb.sys
MD5: 68ec3ee2348e475ea62c66e6aafcfc9b C:\Windows\system32\drivers\ccdcmbo.sys
MD5: c2eb4539a4f6ab6edd01bdc191619975 C:\Windows\system32\drivers\cpuz135_x32.sys
MD5: 687af6bb383885ff6a64071b189a7f3e C:\Windows\system32\DRIVERS\dtsoftbus01.sys
MD5: 73ce42907cf42bfb91bcd27fe7c7a7af C:\Windows\system32\DRIVERS\eamonm.sys
MD5: 7d300a43a7bd8769e0f901bf9e1ae367 C:\Windows\system32\DRIVERS\ehdrv.sys
MD5: 178cc9403816c082d22a1d47fa1f9c85 C:\Windows\System32\Drivers\ElbyCDIO.sys
MD5: 15bfe00f030ea20955117bb0677e9668 C:\Windows\system32\DRIVERS\epfw.sys
MD5: 52310e0e603d7da79ecca7d764937a91 C:\Windows\system32\DRIVERS\Epfwndis.sys
MD5: 235250a79cf1e16a5a42407cfe3f6a4c C:\Windows\system32\DRIVERS\epfwwfp.sys
MD5: 275be7a9a72f95d69b5c560c81542016 C:\Windows\system32\DRIVERS\fmsg.sys
MD5: 8dc6f8a868b06f7b21c5683053509c8f C:\Windows\system32\DRIVERS\idmwfp.sys
MD5: 532f4655db4c3f702f420722350b6022 C:\Windows\System32\Drivers\IT9135BDA.sys
MD5: 4127e8b6ddb4090e815c1f8852c277d3 C:\Windows\system32\DRIVERS\lirsgt.sys
MD5: 6dfe7f2e8e8a337263aa5c92a215f161 C:\Windows\system32\drivers\mbam.sys
MD5: 0db7527db188c7d967a37bb51bbf3963 C:\Windows\system32\drivers\mbamswissarmy.sys
MD5: fd2041e9ba03db7764b2248f02475079 C:\Windows\system32\DRIVERS\pccsmcfd.sys
MD5: e099d23ee1bbce0cf5745f811f3b1882 C:\Windows\system32\DRIVERS\Rt86win7.sys
MD5: f42f2f88017a2e2b6f783acef6c2c149 C:\Windows\system32\drivers\RTKVHDA.sys
MD5: f2fec929e9fa9902f0bb52a4522068d4 C:\Windows\system32\DRIVERS\RtNdPt60.sys
MD5: c8a7202fd20479ecf5788605806cfc9b C:\Windows\system32\DRIVERS\RtTeam60.sys
MD5: e6472a4007fb17d27d4091abd657a291 C:\Windows\system32\DRIVERS\RtVlan60.sys
MD5: b5665baa2120b8a54e22e9cd07c05106 C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 1d6a4fa75af0400d3f99642c271f3255 C:\Windows\System32\Drivers\UsbFltr.sys
MD5: 88701eca76145e2c011c0eeff0f7b70e C:\Windows\system32\drivers\usbser.sys
MD5: a34560a5d516a2f5240180370866b99d C:\Windows\system32\DRIVERS\usbser_lowerflt.sys
MD5: 6410eebd6e0427466812858ee84c8467 C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys
MD5: 2cc2660b3ec3434c88d2c808dd7937d4 C:\Windows\system32\DRIVERS\VClone.sys
MD5: 60cc965a89e2072ebd26d63d5e1e1d18 C:\Windows\system32\dwmcore.dll
MD5: 496c56361f57c2ca54931ebbc7d6c2cf C:\Windows\system32\eapphost.dll
MD5: 61933976cfb6f3f2a0e14a1da704adf6 C:\Windows\system32\EFSCORE.dll
MD5: 91f434ff6606ed9bdc6a05d651b69553 C:\Windows\system32\efslsaext.dll
MD5: 00a99da54c14969a899ed316d16e9a9e C:\Windows\system32\efssvc.dll
MD5: 359c3ac547aa1d24eed35be3ab3759dc C:\Windows\system32\EFSUTIL.dll
MD5: d86657285ff0dedb3531100cd6289ffe C:\Windows\system32\ElbyCDIO.dll
MD5: b68388f16859f6607cbd6379b0519a2f C:\Windows\system32\ElbyVCD.dll
MD5: 8444a7364d6877922049e99bf4b78c5c C:\Windows\system32\elscore.dll
MD5: 02a2ed8497f437ea200df3aced255afe C:\Windows\system32\ElsLad.dll
MD5: f34cfada6c48daa41b996d24c7d8d3ca C:\Windows\system32\fdPnp.dll
MD5: c87f28a34b3840f4b40011d170b1a159 C:\Windows\system32\FVECERTS.dll
MD5: db603d3fd090c66f9709ef6493c26ba3 c:\windows\system32\FwRemoteSvr.DLL
MD5: d5cc5113671ac70993a5b46923212f16 C:\Windows\System32\FXSMON.DLL
MD5: e2f6cc0d191361ee94fea3957653f531 C:\Windows\system32\hidphone.tsp
MD5: dd3a01e5017cb298136415b13337db72 C:\Windows\System32\hptcpmib.dll
MD5: 4a4ac3a786937b51cb19c708045cb930 C:\Windows\System32\HpTcpMon.dll
MD5: 982a03d52d67f4401e83c37d34008cd7 C:\Windows\System32\HPTcpMUI.dll
MD5: 3584a093e8778c9e5f80ced99f0b7f35 C:\Windows\System32\hpzjrd01.dll
MD5: 258a532cffaad910b5b14f27dcd7bfb3 C:\Windows\System32\inetpp.dll
MD5: 4605f7ee9805f7e1c98d6c959dd2949c C:\Windows\system32\kernel32.dll
MD5: af75dba674e55221b7a055b0a4345f16 C:\Windows\system32\keyiso.dll
MD5: f3fb146cdbdd26fcd0cf7941c547bee4 C:\Windows\system32\kmddsp.tsp
MD5: 4d835f31269d000f68ab10471e404461 C:\Windows\system32\korwbrkr.dll
MD5: c1585eaa67c37a05bf6f93726fafc069 c:\windows\system32\l2gpstore.dll
MD5: c3e0622e21b721ac955be6bcdbeaa7e5 C:\Windows\System32\lkads.exe
MD5: 47a111a4dc0d67da431df9f91ee09682 C:\Windows\System32\lkcitdl.exe
MD5: b258cdce34729f2dea3b3a73ece43ee4 C:\Windows\system32\LKDYNAM.dll
MD5: 0c7abf038f8a8bb2d55973c304e90851 C:\Windows\system32\LKOBENV.dll
MD5: 8ae8961f376974e9170905fc6332047e C:\Windows\system32\LKSEC.dll
MD5: c1b6d29fc8a9293fdb4a049ea8e3d1ce C:\Windows\system32\LKSOCK.dll
MD5: 4ebaa6cb622ee573732d36350ff3ae60 C:\Windows\system32\LKSTIME.dll
MD5: 3e04e2168c28adea88c05bcdee696a4a C:\Windows\System32\lktsrv.exe
MD5: 55ca01ba19d0006c8f2639b6c045e08b c:\windows\system32\lmhsvc.dll
MD5: 724a74ba9b5832a91562d2ac393e540b C:\Windows\System32\localspl.dll
MD5: 4bc5b6d0b7ba1b92c9610a7eb1bad8ab C:\Windows\system32\lsasrv.dll
MD5: 398dc10274c0cb861338cfc56e727c9f C:\Windows\System32\lsm.exe
MD5: 4209095c1923d84eeaad3798b8869d15 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: f3f571288cde445881102e385bf3471f C:\Windows\system32\Magnification.dll
MD5: 3809706eb1866f53abd0b1621b307cc0 C:\Windows\System32\mfds.dll
MD5: ba54a966f873b043fdfcda0b77937855 C:\Windows\System32\mgmtapi.dll
MD5: f5777c29e38e4bf12c6f93a0b2f1b2d7 C:\Windows\system32\MSASN1.dll
MD5: e3477a3942d12e7aa29f65d9e69a4ed4 C:\Windows\System32\MSDvbNP.ax
MD5: 25fc9e3237d9dc8f7511af13e70c49bc C:\Windows\System32\msmpeg2enc.dll
MD5: 3de43bfdaf3f8979699650202aa18b12 C:\Windows\System32\msmpeg2vdec.dll
MD5: 387a8a473ecc5ba02cf453277c1f3274 c:\windows\system32\mspatcha.dll
MD5: c90878913df3dc504790282043db5f4c C:\Windows\system32\msprivs.DLL
MD5: 0ce7a0ffbba93810384b6794c6901f4c C:\Windows\system32\MSSRCH.DLL
MD5: f40388a19f3be3cec25656ce07392877 C:\Windows\system32\msv1_0.DLL
MD5: 126b75d50756fe204283d418ae1a66df C:\Windows\system32\MSVCIRT.dll
MD5: be21c5c05e5e8536f1385100cc8eafa5 C:\Windows\System32\msvidctl.dll
MD5: 5f610783fbf01f9885d80a1db1a2f220 C:\Windows\system32\NCI.dll
MD5: a4cc7227a452c4909f9499d91b184364 C:\Windows\system32\NCObjAPI.DLL
MD5: 3f2deafc463d75611cb9c5e36a8ccf15 c:\windows\system32\ncsi.dll
MD5: aa11a26692e0db2996caefe9ec61f61f C:\Windows\system32\ndptsp.tsp
MD5: 6dcfaec6d1334aa6cdf8961db4633cbf C:\Windows\system32\negoexts.DLL
MD5: c5b5ccdbf8ed1475240313ed88234e3f C:\Windows\system32\netcfgx.dll
MD5: c1ae600c554a0ebc6cd211541fa6815f C:\Windows\system32\netjoin.dll
MD5: eaa75d9000b71f10eec04d2ae6c60e81 C:\Windows\system32\netlogon.DLL
MD5: 8e6f26523af128dc3b56b89be0aef698 C:\Windows\system32\nidscmem.dll
MD5: ab4b4cf9b3cad76d71ed44b144e1484a C:\Windows\system32\nisvcloc.dll
MD5: fb381d34299c626f00d9231822c3aa87 C:\Windows\System32\nisvcloc.exe
MD5: 16707ec5fd029a4415b138796f0981ce c:\windows\system32\nrpsrv.DLL
MD5: ba387e955e890c8a88306d9b8d06bf17 c:\windows\system32\nsisvc.dll
MD5: 7e82616bee76bf5eaa5b30f681414e21 C:\Windows\system32\perftrack.dll
MD5: 37cc990d4e2cdfae12ac47f6b620fc13 C:\Windows\system32\pku2u.DLL
MD5: 2862a3819bbc9757dd27bac41a4e0a3e C:\Windows\System32\pnidui.dll
MD5: c693e642acfbdd76433af6be3c3eee6f C:\Windows\System32\portabledeviceconnectapi.dll
MD5: dda6cfd632dcb8d9c72ada58799bf776 C:\Windows\System32\PrintIsolationProxy.dll
MD5: 7ffd52d73352806969d424ef327d10a7 C:\Windows\system32\radardt.dll
MD5: 75dd1448b57d1f9382a8b59ed8e3790b C:\Windows\System32\raschap.dll
MD5: 98963bd29723a373009b017e87be9ce8 C:\Windows\system32\rasppp.dll
MD5: b5c452baf3a3914ef87628252ea12feb C:\Windows\system32\rastapi.DLL
MD5: 9015ee5171bcb15653da27024bd27128 C:\Windows\system32\RESUTILS.DLL
MD5: 469e4f31ac0eebb876fd58ea2dc65ff6 C:\Windows\system32\RTCOM\RtkCfg.dll
MD5: de326c5e0891ddeb6c076e0af7210967 C:\Windows\system32\RtkAPO.dll
MD5: 4bef53964dc519550ee030253fc1e25e C:\Windows\system32\SAMSRV.dll
MD5: 26073302daea83cc5b944c546d6b47d2 C:\Windows\system32\scecli.DLL
MD5: 1c9cdbdf895a556e66aebfd93a36b536 C:\Windows\system32\SCESRV.dll
MD5: 3369d021265e369d57317d61fa86dd79 C:\Windows\system32\scext.dll
MD5: 5f1b6a9c35d3d5ca72d6d6fdef9747d6 C:\Windows\System32\services.exe
MD5: 16742790895960690237a5143cedec8b C:\Windows\System32\smss.exe
MD5: c2a44c942ec023cf2d5cf144b0f5d146 C:\Windows\system32\spool\PRTPROCS\W32X86\hpzppwn7.dll
MD5: dbd10464e7246c9e722025debc093d01 C:\Windows\system32\spool\PRTPROCS\W32X86\winprint.dll
MD5: 629181c26a78eb66b0b4e774e5ac2882 C:\Windows\System32\SPOOLSS.DLL
MD5: 4c287f9069fedbd791178876ee9de536 C:\Windows\system32\sppsvc.exe
MD5: 2f94e3709f029512a1bd8f6c108d7b62 C:\Windows\system32\SSCORE.DLL
MD5: 54c5eb1fd11027fb23bc4f79146ce159 C:\Windows\system32\SspiSrv.dll
MD5: 364455805e64882844ee9acb72522830 C:\Windows\system32\sxssrv.DLL
MD5: 8c7fe6b9559204765849bff308764fa5 C:\Windows\System32\SyncCenter.dll
MD5: 04105c8da62353589c29bdaeb8d88bd8 c:\windows\system32\sysmain.dll
MD5: ba51ffe170c5b3ae8ec4f5bd2581a29e C:\Windows\system32\SYSNTFY.dll
MD5: 0d4e8439ad3159a335fa720e043ea22e C:\Windows\system32\taskcomp.dll
MD5: eafc149cd3bd78c443e31bb157841197 C:\Windows\system32\tbs.dll
MD5: b390c1d825c7687493bede237c6c2f25 C:\Windows\System32\tcpmon.dll
MD5: a739793f1a4f04b66e2444e90ae9e694 C:\Windows\system32\tspkg.DLL
MD5: 7222995615bf93b628dcea4bd6ccacf7 C:\Windows\system32\UBPM.dll
MD5: 91da0906b27adc98b7cc9d17f6f8227c C:\Windows\system32\umb.dll
MD5: f45330f0364bc8223ef835ea5e3ebb8e C:\Windows\system32\unimdm.tsp
MD5: e675de8cf57d8814218733b3dae896d7 C:\Windows\system32\uniplat.dll
MD5: 923cdd30092db73ec4a0ebcddd16c686 C:\Windows\System32\usbmon.dll
MD5: a12829e9974f57e9b5dbfea7c93190f6 C:\Windows\system32\UXINIT.dll
MD5: 582c191f861d18b8c937fb9859b80e9c C:\Windows\system32\vpnike.dll
MD5: 5ae88135c6a86fcd67ba16afbb1c8389 C:\Windows\system32\wbem\esscli.dll
MD5: f148865e4ac4f715e322ea06e6e21d84 C:\Windows\system32\wbem\ncprov.dll
MD5: 371e3b05894549113d07cd3081ed55ef C:\Windows\system32\wbem\repdrvfs.dll
MD5: 801211dcfd6414ffa48bca661a76c6fa C:\Windows\system32\wbem\wbemcore.dll
MD5: b350509b6c9296529bc464c60feeaef1 C:\Windows\system32\wbem\wbemess.dll
MD5: 0e7441be4d8c31c7f94d4e09af8339c8 C:\Windows\system32\wbem\wmidcprv.dll
MD5: b8f4a6990a6295159792b4ad189d460d C:\Windows\system32\wbem\wmiprvsd.dll
MD5: 7790b77fe1e5ee47dcc66247095bb4c9 C:\Windows\system32\wbengine.exe
MD5: 23d5ae191d918bb82fd8027e1ba869d4 C:\Windows\system32\wdiasqmmodule.dll
MD5: 177df28315bf4300ecb5cbeeee961292 c:\windows\system32\webcheck.dll
MD5: 4262220b609ad082ce66914172597a96 C:\Windows\System32\webservices.dll
MD5: 2873dfe622f4a3929d93f7bc85ade13e c:\windows\system32\wevtsvc.dll
MD5: 019c372b1a9da73a22d0d35a4d40f5c9 C:\Windows\system32\wfapigp.dll
MD5: e0fe1259d88a89493098d9269144fd5f C:\Windows\system32\wiarpc.dll
MD5: 2f998e1fca7749e836fdfafe88de9237 C:\Windows\System32\win32spl.dll
MD5: b5c5dcad3899512020d135600129d665 C:\Windows\System32\wininit.exe
MD5: 8ec6a4ab12b8f3759e21f8e3a388f2cf C:\Windows\System32\winlogon.exe
MD5: 827e4f75901ca3f990b1487d3301841e C:\Windows\system32\winsrv.DLL
MD5: 81e1423a5d3f0f350307b537d33599fc c:\windows\system32\WLANMSM.DLL
MD5: 20c06a50dfc097e134bc6fa8444ca9bc c:\windows\system32\WLANSEC.dll
MD5: 749f9795f01c35eebe100a87d82b9681 c:\windows\system32\wlgpclnt.dll
MD5: 633c2c060cf857099f6c4f8d75c952b1 C:\Windows\system32\wls0wndh.dll
MD5: de76461d3e5ebe1c762967d21c17b8c0 C:\Windows\system32\wmdrmdev.dll
MD5: 3d7dd3c29daf738624de918f666f70fa C:\Windows\system32\wmp.dll
MD5: b315c62e9046bcb58137a49625b6e253 C:\Windows\system32\wmploc.dll
MD5: ab303e17cd72b3a65ae0e5cda80307f0 C:\Windows\system32\wmpmde.dll
MD5: d412b1b72c5ab020218e9a047d90ca05 C:\Windows\system32\WMsgAPI.dll
MD5: 206eccf79765e9f3fc6cca04114ee058 C:\Windows\System32\wsdapi.dll
MD5: a8eb761de499242becf153b2b34f020e C:\Windows\System32\WSDMon.dll
MD5: 596371a825c6abb55e436b6f0966a24f C:\Windows\System32\wsnmp32.dll
MD5: dd4400813589985677a363f8a589cd02 C:\Windows\system32\wuapi.dll
MD5: a33408cc036f9c08142b11be5e93f0a1 c:\windows\system32\wuaueng.dll
MD5: 688975cea9add749e339168a2841205a c:\windows\system32\WUDFPlatform.dll
MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\WinSxS\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\MFC80U.DLL

No file uploaded.

Scan finished - communication took 3 sec
Total traffic - 0.02 MB sent, 2.31 KB recvd
Scanned 1255 files and modules - 164 seconds

==============================================================================

Solved Sirefef.Fc Trojan!!!

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Attachments

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Attachments

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 56,041 +517

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Similar threads