Infection: Rootkit.Win32.tdss.c

February 6, 2010 at 06:13:35
Specs: Windows XP, 2.6 /1.2

A quick scan on Kaspersky Internet Security says the desktop is infected with Tookit.win32.tdss.c. Furthermore the internet explorer browser is always redirected.

The Malwarebytes cant find anything. After the combofix, the problem still exist. Also the application by Enigma group that i since deleted found ntoskrnl.exe

LOGS:
http://rapidshare.com/files/3467471...


See More: Infection: Rootkit.Win32.tdss.c

Report •


#1
February 6, 2010 at 06:35:52

Download, burn and run Avira AntiVir Rescue System ISO file.
Reboot system from CD, update Avira, configure what to do on found viruses and start scanning.
http://www.avira.com/en/support/sup...

Report •

#2
February 6, 2010 at 06:49:52

If the other posters suggestion does not work try the following.

You may need to download these to a cd, external drive, or usb drive and run it on the infected computer but first try to run it from the infected computer.

Please download Rkill from the following link.

Rkill

Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. This link will help you disable them:

Click on This Link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)

A black screen will appear and then disappear. Please do not worry, that is normal.

If you get a message that rkill is an infection, do not be concerned. This message is just a fake warning given by Total PC Defender when it terminates programs that may potentially remove it. If you run into these infections warnings that close Rkill, a trick is to leave the warning on the screen and then run Rkill again. By not closing the warning, this typically will allow you to bypass the malware trying to protect itself so that rkill can terminate Total PC Defender . So, please try running Rkill until malware is no longer running. You will then be able to proceed with the rest of the guide.

Do not reboot your computer after running rkill as the malware programs will start again.

Please download Malwarebytes' Anti-Malware from one of these sites:

MalwareBytes1

MalwareBytes2

Rename the setup file, mbam-setup.exe, before you download it. To do that once the "enter name of file to save to" box appears as the download begins in the filename box rename mbam-setup.exe to tool.exe> click save.

1. Double Click tool.exe to install the application.
2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
3. If an update is found, it will download and install the latest version.
4. Once the program has loaded, select "Perform Quick Scan", then click Scan. The scan may take some time to finish,so please be patient.
5. When the scan is complete, click OK, then Show Results to view the results.
6. Make sure that everything found is checked, and click Remove Selected.
7. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.
8. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
9. Copy&Paste the entire report in your next reply.


Report •

#3
February 6, 2010 at 08:59:37

Use TDSSKiller too; from Kaspersky. Read here how to use it:
<a href="http://support.kaspersky.com/viruse...</b>" target="_blank">http://support.kaspersky.com/viruse... Nothing Found


16:52:57:718 3232 TDSS rootkit removing tool 2.2.2 Jan 13 2010 08:42:25
16:52:57:718 3232 ================================================================================
16:52:57:718 3232 SystemInfo:

16:52:57:718 3232 OS Version: 5.1.2600 ServicePack: 3.0
16:52:57:718 3232 Product type: Workstation
16:52:57:734 3232 ComputerName: BOYLEBO
16:52:57:734 3232 UserName: Limakatso
16:52:57:734 3232 Windows directory: C:\WINDOWS
16:52:57:734 3232 Processor architecture: Intel x86
16:52:57:734 3232 Number of processors: 1
16:52:57:734 3232 Page size: 0x1000
16:52:57:734 3232 Boot type: Normal boot
16:52:57:734 3232 ================================================================================
16:52:57:765 3232 UnloadDriverW: NtUnloadDriver error 2
16:52:57:765 3232 ForceUnloadDriverW: UnloadDriverW(klmd21) error 2
16:52:57:765 3232 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:52:58:265 3232 UtilityInit: KLMD drop and load success
16:52:58:265 3232 KLMD_OpenDevice: Trying to open KLMD Device(KLMD201000)
16:52:58:265 3232 UtilityInit: KLMD open success
16:52:58:265 3232 UtilityInit: Initialize success
16:52:58:265 3232
16:52:58:265 3232 Scanning Services ...
16:52:58:281 3232 CreateRegParser: Registry parser init started
16:52:58:281 3232 DisableWow64Redirection: GetProcAddress(Wow64DisableWow64FsRedirection) error 127
16:52:58:281 3232 CreateRegParser: DisableWow64Redirection error
16:52:58:281 3232 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\system
16:52:58:281 3232 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\system) returned status C0000043
16:52:58:281 3232 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:52:58:281 3232 wfopen_ex: Trying to KLMD file open
16:52:58:281 3232 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\system
16:52:58:281 3232 wfopen_ex: File opened ok (Flags 2)
16:52:58:281 3232 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\system) init success: B84948
16:52:58:281 3232 wfopen_ex: Trying to open file C:\WINDOWS\system32\config\software
16:52:58:281 3232 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\config\software) returned status C0000043
16:52:58:281 3232 wfopen_ex: MyNtCreateFileW error 32 (C0000043)
16:52:58:281 3232 wfopen_ex: Trying to KLMD file open
16:52:58:281 3232 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\config\software
16:52:58:281 3232 wfopen_ex: File opened ok (Flags 2)
16:52:58:281 3232 CreateRegParser: HIVE_ADAPTER(C:\WINDOWS\system32\config\software) init success: B849F0
16:52:58:281 3232 EnableWow64Redirection: GetProcAddress(Wow64RevertWow64FsRedirection) error 127
16:52:58:281 3232 CreateRegParser: EnableWow64Redirection error
16:52:58:281 3232 CreateRegParser: RegParser init completed
16:52:58:375 3232 GetAdvancedServicesInfo: Raw services enum returned 367 services
16:52:58:375 3232 fclose_ex: Trying to close file C:\WINDOWS\system32\config\system
16:52:58:390 3232 fclose_ex: Trying to close file C:\WINDOWS\system32\config\software
16:52:58:390 3232
16:52:58:390 3232 Scanning Kernel memory ...
16:52:58:390 3232 KLMD_GetSystemObjectAddressByNameW: Trying to get system object address by name \Driver\Disk
16:52:58:390 3232 DetectCureTDL3: \Driver\Disk PDRIVER_OBJECT: 89DECC00
16:52:58:390 3232 DetectCureTDL3: KLMD_GetDeviceObjectList returned 3 DevObjects
16:52:58:390 3232
16:52:58:390 3232 DetectCureTDL3: DEVICE_OBJECT: 89DE6C68
16:52:58:390 3232 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DE6C68
16:52:58:390 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DE6C68[0x38]
16:52:58:390 3232 DetectCureTDL3: DRIVER_OBJECT: 89DECC00
16:52:58:390 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DECC00[0xA8]
16:52:58:390 3232 KLMD_ReadMem: Trying to ReadMemory 0xE1909850[0x18]
16:52:58:390 3232 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:52:58:390 3232 DetectCureTDL3: IrpHandler (0) addr: F76CDBB0
16:52:58:390 3232 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (2) addr: F76CDBB0
16:52:58:390 3232 DetectCureTDL3: IrpHandler (3) addr: F76C7D1F
16:52:58:390 3232 DetectCureTDL3: IrpHandler (4) addr: F76C7D1F
16:52:58:390 3232 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (9) addr: F76C82E2
16:52:58:390 3232 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (14) addr: F76C83BB
16:52:58:390 3232 DetectCureTDL3: IrpHandler (15) addr: F76CBF28
16:52:58:390 3232 DetectCureTDL3: IrpHandler (16) addr: F76C82E2
16:52:58:390 3232 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (22) addr: F76C9C82
16:52:58:390 3232 DetectCureTDL3: IrpHandler (23) addr: F76CE99E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
16:52:58:390 3232 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
16:52:58:390 3232 TDL3_FileDetect: Processing driver: Disk
16:52:58:406 3232 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:58:406 3232 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:58:421 3232 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:52:58:421 3232
16:52:58:421 3232 DetectCureTDL3: DEVICE_OBJECT: 89DBC9F0
16:52:58:421 3232 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DBC9F0
16:52:58:421 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DBC9F0[0x38]
16:52:58:421 3232 DetectCureTDL3: DRIVER_OBJECT: 89DECC00
16:52:58:421 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DECC00[0xA8]
16:52:58:421 3232 KLMD_ReadMem: Trying to ReadMemory 0xE1909850[0x18]
16:52:58:421 3232 DetectCureTDL3: DRIVER_OBJECT name: \Driver\Disk, Driver Name: Disk
16:52:58:421 3232 DetectCureTDL3: IrpHandler (0) addr: F76CDBB0
16:52:58:421 3232 DetectCureTDL3: IrpHandler (1) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (2) addr: F76CDBB0
16:52:58:421 3232 DetectCureTDL3: IrpHandler (3) addr: F76C7D1F
16:52:58:421 3232 DetectCureTDL3: IrpHandler (4) addr: F76C7D1F
16:52:58:421 3232 DetectCureTDL3: IrpHandler (5) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (6) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (7) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (8) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (9) addr: F76C82E2
16:52:58:421 3232 DetectCureTDL3: IrpHandler (10) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (11) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (12) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (13) addr: 804FA87E
16:52:58:421 3232 DetectCureTDL3: IrpHandler (14) addr: F76C83BB
16:52:58:437 3232 DetectCureTDL3: IrpHandler (15) addr: F76CBF28
16:52:58:437 3232 DetectCureTDL3: IrpHandler (16) addr: F76C82E2
16:52:58:437 3232 DetectCureTDL3: IrpHandler (17) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (18) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (19) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (20) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (21) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (22) addr: F76C9C82
16:52:58:437 3232 DetectCureTDL3: IrpHandler (23) addr: F76CE99E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (24) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (25) addr: 804FA87E
16:52:58:437 3232 DetectCureTDL3: IrpHandler (26) addr: 804FA87E
16:52:58:437 3232 TDL3_FileDetect: Processing driver: Disk
16:52:58:437 3232 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:58:437 3232 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\disk.sys
16:52:58:453 3232 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\disk.sys - Verdict: Clean
16:52:58:453 3232
16:52:58:453 3232 DetectCureTDL3: DEVICE_OBJECT: 89DD3AB8
16:52:58:453 3232 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DD3AB8
16:52:58:453 3232 DetectCureTDL3: DEVICE_OBJECT: 89E044C0
16:52:58:453 3232 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89E044C0
16:52:58:453 3232 DetectCureTDL3: DEVICE_OBJECT: 89DDFD98
16:52:58:453 3232 KLMD_GetLowerDeviceObject: Trying to get lower device object for 89DDFD98
16:52:58:453 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DDFD98[0x38]
16:52:58:453 3232 DetectCureTDL3: DRIVER_OBJECT: 89DE0F38
16:52:58:453 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DE0F38[0xA8]
16:52:58:453 3232 KLMD_ReadMem: Trying to ReadMemory 0xE1909630[0x1A]
16:52:58:453 3232 DetectCureTDL3: DRIVER_OBJECT name: \Driver\atapi, Driver Name: atapi
16:52:58:453 3232 DetectCureTDL3: IrpHandler (0) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (1) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (2) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (3) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (4) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (5) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (6) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (7) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (8) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (9) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (10) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (11) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (12) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (13) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (14) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (15) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (16) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (17) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (18) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (19) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (20) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (21) addr: F74B1B3A
16:52:58:453 3232 DetectCureTDL3: IrpHandler (22) addr: F74B1B3A
16:52:58:468 3232 DetectCureTDL3: IrpHandler (23) addr: F74B1B3A
16:52:58:468 3232 DetectCureTDL3: IrpHandler (24) addr: F74B1B3A
16:52:58:468 3232 DetectCureTDL3: IrpHandler (25) addr: F74B1B3A
16:52:58:468 3232 DetectCureTDL3: IrpHandler (26) addr: F74B1B3A
16:52:58:468 3232 DetectCureTDL3: All IRP handlers pointed to one addr: F74B1B3A
16:52:58:468 3232 KLMD_ReadMem: Trying to ReadMemory 0xF74B1B3A[0x400]
16:52:58:468 3232 TDL3_IrpHookDetect: TDL3 Stub signature found, trying to get hook true addr
16:52:58:468 3232 KLMD_ReadMem: Trying to ReadMemory 0xFFDF0308[0x4]
16:52:58:468 3232 KLMD_ReadMem: Trying to ReadMemory 0x89DE090C[0x4]
16:52:58:468 3232 TDL3_IrpHookDetect: New IrpHandler addr: 89D968C8
16:52:58:468 3232 KLMD_ReadMem: Trying to ReadMemory 0x89D968C8[0x400]
16:52:58:468 3232 TDL3_IrpHookDetect: TDL3 is already cured
16:52:58:468 3232 KLMD_ReadMem: Trying to ReadMemory 0xF74AF864[0x400]
16:52:58:468 3232 TDL3_StartIoHookDetect: CheckParameters: 0, 00000000, 0
16:52:58:468 3232 TDL3_FileDetect: Processing driver: atapi
16:52:58:468 3232 TDL3_FileDetect: Processing driver file: C:\WINDOWS\system32\DRIVERS\atapi.sys
16:52:58:468 3232 KLMD_CreateFileW: Trying to open file C:\WINDOWS\system32\DRIVERS\atapi.sys
16:52:58:484 3232 TDL3_FileDetect: C:\WINDOWS\system32\DRIVERS\atapi.sys - Verdict: Clean
16:52:58:484 3232
16:52:58:484 3232 Completed
16:52:58:484 3232
16:52:58:484 3232 Results:
16:52:58:484 3232 Memory objects infected / cured / cured on reboot: 0 / 0 / 0
16:52:58:484 3232 Registry objects infected / cured / cured on reboot: 0 / 0 / 0
16:52:58:484 3232 File objects infected / cured / cured on reboot: 0 / 0 / 0
16:52:58:484 3232
16:52:58:500 3232 MyNtCreateFileW: NtCreateFile(\??\C:\WINDOWS\system32\drivers\klmd.sys) returned status 00000000
16:52:58:500 3232 UtilityDeinit: KLMD(ARK) unloaded successfully


Report •

Related Solutions

#4
February 6, 2010 at 09:55:06

Found some infections but dont want to die

Malwarebytes' Anti-Malware 1.44
Database version: 3697
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2010 17:35:28
mbam-log-2010-02-06 (17-35-20).txt

Scan type: Quick Scan
Objects scanned: 127096
Time elapsed: 15 minute(s), 8 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\F5JMWNZTHI (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{72ec0b66-5c21-45f9-9287-3d0abbc8c729}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.187,93.188.161.76 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ef382ea0-1528-4134-893c-7b74b4f6f04b}\NameServer (Trojan.DNSChanger) -> Data: 93.188.165.187,93.188.161.76 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#5
February 6, 2010 at 10:09:17

30 minutes later another scan shows nothing.

Malwarebytes' Anti-Malware 1.44
Database version: 3697
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06/02/2010 18:07:33
mbam-log-2010-02-06 (18-07-33).txt

Scan type: Quick Scan
Objects scanned: 127229
Time elapsed: 17 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


Report •

#6
February 6, 2010 at 10:20:10

Logfile of Spyware Terminator v2.6.6.196 (db:4.002.005.000)


Scan Time: 06/02/2010 18:12:28 length: 295 s
Platform: WXP (5.1.0.2600)
User: Admin
Boot Mode: Normal
Scan type: Fast_Spyware_Scan
Scanned Objects: 35775 (Critical:0)
Filter: No System items, No Safe items, No Invalid items

Running Processes
AppleMobileDeviceService.exe [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
avp.exe [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
slserv.exe [ ] : C:\WINDOWS\system32\slserv.exe
ABoard.exe [NEC Computers International] : C:\apps\ABoard\ABoard.exe
AOLSoftware.exe [America Online, Inc.] : C:\Program Files\Common Files\AOL\1219424927\ee\AOLSoftware.exe
dslstat.exe [GlobespanVirata, Inc.] : C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
dslagent.exe : C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
AOSD.exe [NEC Computers International] : C:\apps\ABoard\AOSD.exe
brccMCtl.exe [Brother Industries, Ltd.] : C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
AsUsbSw.exe : C:\WINDOWS\system32\AsusUSBSwitch\AsUsbSw.exe
avp.exe [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
btdna.exe [BitTorrent, Inc.] : C:\Program Files\DNA\btdna.exe
WG111v3.exe : C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
em_exec.exe [Logitech Inc.] : C:\Program Files\MouseWare\system\em_exec.exe
iPodService.exe [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe

Internet Settings
R - HKLM\Software\Microsoft\Internet Explorer\Main, Start Page = http://go.microsoft.com/fwlink/?Lin...
R - HKLM\Software\Microsoft\Internet Explorer\Search, SearchAssistant = http://ie.search.msn.com/{SUB_RFC17...
R - HKLM\Software\Microsoft\Internet Explorer\Search, CustomizeSearch = http://ie.search.msn.com/{SUB_RFC17...
R - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings, ProxyOverride = *.local
R - HKLM\System\CurrentControlSet\Services\Tcpip\Parameters, Domain =
R - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Telephony, DomainName =

BHO
02 - BHO: IEVkbdBHO Class - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\ievkbd.dll
02 - BHO: FilterBHO Class - {E33CF602-D945-461A-83F0-819F76A199F8} - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
02 - BHO: VirtualKeyboardButtonHandler Class - {4248FE82-7FCB-46AC-B270-339F08212110} - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll
02 - BHO: FilterButtonHandler Class - {CCF151D8-D089-449F-A5A4-D9909053F20F} - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\klwtbbho.dll

StartUps
04 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BitTorrent DNA : [BitTorrent, Inc.] : C:\Program Files\DNA\btdna.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ACTIVBOARD : [NEC Computers International] : C:\apps\ABoard\ABoard.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, HostManager : [America Online, Inc.] : C:\Program Files\Common Files\AOL\1219424927\ee\AOLSoftware.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DSLSTATEXE : [GlobespanVirata, Inc.] : C:\Program Files\BT Voyager 105 ADSL Modem\dslstat.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, DSLAGENTEXE : : C:\Program Files\BT Voyager 105 ADSL Modem\dslagent.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AppleSyncNotifier : [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, SSBkgdUpdate : [Nuance Communications, Inc.] : C:\Program Files\Common Files\SCANSOFT SHARED\SSBKGDUPDATE\SSBKGDUPDATE.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, PPort11reminder : [Nuance Communications, Inc.] : C:\Program Files\SCANSOFT\PAPERPORT\EREG\EREG.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, MSPY2002 : : C:\WINDOWS\system32\IME\PINTLGNT\IMSCINST.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, BrMfcWnd : [Brother Industries, Ltd.] : C:\Program Files\BROTHER\BRMFCMON\BRMFCWND.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, ControlCenter3 : [Brother Industries, Ltd.] : C:\Program Files\BROTHER\CONTROLCENTER3\BRCTRCEN.EXE
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, Asus USB Switch : : C:\WINDOWS\system32\AsusUSBSwitch\AsUsbSw.exe
04 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, AVP : [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
04 - HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, AppInit_DLLs : [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\kloehk.dll
04 - Startup: %STARTUP%\setup_9.0.0.722_06.02.2010_15-25[1].lnk : C:\Program Files\AVG\Virus Removal Tool\setup_9.0.0.722_06.02.2010_15-25[1]\startup.exe
04 - Startup: %STARTUPALL%\NETGEAR WG111v3 Smart Wizard.lnk : C:\Program Files\NETGEAR\WG111v3\WG111v3.exe

Shell Extensions
Multimedia File Property Sheet - {00022613-0000-0000-C000-000000000046} - [Microsoft Corporation] : C:\WINDOWS\system32\mmsys.cpl
Shell Scrap DataHandler - {56117100-C0CD-101B-81E2-00AA004AE837} - [Microsoft Corporation] : C:\WINDOWS\system32\shscrap.dll
Microsoft OLE DB Service Component Data Links - {2206CDB2-19C1-11D1-89E0-00C04FD7A829} - [Microsoft Corporation] : C:\Program Files\Common Files\System\Ole DB\oledb32.dll
Scheduling UI icon handler - {DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Scheduling UI property sheet handler - {797F1E90-9EDD-11cf-8D8E-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
Scheduled Tasks - {D6277990-4C6A-11CF-8D87-00AA0060F5BF} - [Microsoft Corporation] : C:\WINDOWS\system32\mstask.dll
CompressedFolder - {E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder Right Drag Handler - {BD472F60-27FA-11cf-B8B4-444553540000} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Compressed (zipped) Folder SendTo Target - {888DCA60-FC0A-11CF-8F0F-00C04FD7D062} - [Microsoft Corporation] : C:\WINDOWS\system32\zipfldr.dll
Microsoft Agent Character Property Sheet Handler - {143A62C8-C33B-11D1-84FE-00C04FA34A14} - [Microsoft Corporation] : C:\WINDOWS\msagent\agentpsh.dll
RealOne Player Context Menu Class - {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} - [RealNetworks, Inc.] : C:\Program Files\real\realone player\rpshell.dll
Web Folders - {BDEADF00-C265-11D0-BCED-00A0C90AB50F} - [Microsoft Corporation] : C:\Program Files\Common Files\Microsoft Shared\Web Folders\MSONSEXT.DLL
Portable Media Devices - {640167b4-59b0-47a6-b335-a6b3c0695aea} - [Microsoft Corporation] : C:\WINDOWS\system32\Audiodev.dll
Wildcard Select context menu - {cb004f18-1fd5-431a-9dbb-62db408a1104} - [All Your Software] : C:\Program Files\DSMP3Converter\w2m.dll
Shell Autoplay for Slideshow - {00E7B358-F65B-4dcf-83DF-CD026B94BFD4} - [Microsoft Corporation] : C:\WINDOWS\system32\RUNDLL32.EXE

Shell Service Objects
- {WPDShServiceObj} - [Microsoft Corporation] : C:\WINDOWS\system32\WPDShServiceObj.dll

Protocol Handler
WiaProtocol Class - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - [Microsoft Corporation] : C:\WINDOWS\system32\wiascr.dll

Services
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\96410071.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\96410072.sys
23 - [An Chen Computer Co., Ltd.] : C:\WINDOWS\system32\Drivers\Achernar.sys
23 - [Meetinghouse Data Communications] : C:\WINDOWS\system32\DRIVERS\AegisP.sys
23 - [An Chen Computer Co., Ltd.] : C:\WINDOWS\system32\Drivers\Aldebaran.sys
23 - [Apple Inc.] : C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
23 - [Kaspersky Lab] : C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\disk.sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\flpydisk.sys
23 - [GEAR Software Inc.] : C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
23 - [Apple Inc.] : C:\Program Files\iPod\bin\iPodService.exe
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\klmouflt.sys
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\L8042pr2.Sys
23 - [Logitech, Inc.] : C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
23 - [Microsoft Corporation] : C:\WINDOWS\system32\DRIVERS\mssmbios.sys
23 - : C:\WINDOWS\system32\DRIVERS\Mtlmnt5.sys
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\R8139n51.SYS
23 - [Realtek Semiconductor Corporation] : C:\WINDOWS\system32\DRIVERS\wg111v3.sys
23 - [Kaspersky Lab] : C:\WINDOWS\system32\DRIVERS\9641007.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\sisgrp.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\DRIVERS\SISAGPX.sys
23 - [Silicon Integrated Systems Corp.] : C:\WINDOWS\system32\DRIVERS\siside.sys
23 - [Windows (R) 2000 DDK provider] : C:\WINDOWS\system32\drivers\sisidex.sys
23 - [Silicon Integrated Systems Corporation] : C:\WINDOWS\system32\drivers\srvkp.sys
23 - [Silicon Integrated Systems Corp.] : C:\WINDOWS\system32\drivers\sisperf.sys
23 - : C:\WINDOWS\system32\DRIVERS\slntamr.sys
23 - : C:\WINDOWS\system32\slserv.exe
23 - [Vireo Software] : C:\WINDOWS\system32\DRIVERS\SlWdmSup.sys
23 - [SigmaTel, Inc.] : C:\WINDOWS\system32\drivers\STAC97.sys
23 - [H+H Software GmbH] : C:\WINDOWS\system32\DRIVERS\vcsmpdrv.sys
23 - [America Online, Inc.] : C:\WINDOWS\system32\DRIVERS\wanatw4.sys

Advanced Files Report
%COMMONFILES%\Logitech\Scrolling\LgMsgHk.dll [Logitech Inc.] [Productivity Software Common Files] MD5=2FC323A0D188E2D02B19B49608CD972E SIZE=23552
%PROGRAMFILES%\MouseWare\System\LgWndHk.dll [Logitech Inc.] [MouseWare] MD5=152DF9F48740468901DCABEEC13C6078 SIZE=6144
%PROGRAMFILES%\DSMP3Converter\w2m.dll [All Your Software] [Wildcard Select] MD5=D1186EF8B86B21C5860E3F60005F7A7D SIZE=135168
%PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 2010\shellex.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=AB9A55DA17DB4F406F82E26A37696C5C SIZE=109072
%PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 2010\prremote.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=CCC0C157AB7D1E729A6D6511934ADE4A SIZE=96784
%PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 2010\prloader.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=E733AF47C144099C11FD73F9B1E99868 SIZE=170512
%SYSDIR%\CmdLineExt.dll [Sony DADC Austria AG.] MD5=8C5A17843C447801FE857C66A623052F SIZE=107888
%SYSDIR%\EBPMON2.DLL [SEIKO EPSON CORPORATION] [EPSON Bidirectional Printer] MD5=C7FD9098F7CBD77EFA28CF05073BB510 SIZE=73676
%COMMONFILES%\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [Apple Inc.] [Apple Mobile Device Service] MD5=4B5AE15E5C73EB4DC8DBEC2788230D41 SIZE=144672
%SYSDIR%\slserv.exe [Modem] MD5=687217654134680371EF23FAFC5EC96D SIZE=45056
%SystemDiskRoot%\apps\ABoard\AHook.dll [NEC Computers International] [ActivHook Dynamic Link Library] MD5=C7BA367161A56BD7A80CA5FBD654D359 SIZE=53248
%COMMONFILES%\AOL\1219424927\ee\xprt5.dll [AOL LLC] [XPRT Runtime Library] MD5=F6C4A32176E848AA714C5E03D574F83A SIZE=241664
%COMMONFILES%\AOL\1219424927\ee\AOLSvcMgr.dll [America Online, Inc.] [AOL Runtime Libraries] MD5=41A8998FCC2F57A4FEDC42071CD2E47C SIZE=300544
%COMMONFILES%\AOL\AOLDiag\tbdiag.dll [AOL LLC] [AOL Diagnostics] MD5=15B9CC21717F3CD0F660AF315521E3C0 SIZE=106496
%COMMONFILES%\AOL\1219424927\ee\AOLHostMgr.dll [America Online, Inc.] [AOL Service Libraries] MD5=2BCD9DBD5A86367417CB09AE74AD08A0 SIZE=126976
%COMMONFILES%\aol\1219424927\ee\services\os\ver5_2_1_1\OS.dll [AOL LLC] [AOL OS service] MD5=483302397A9A1334FB9D44DD16638898 SIZE=180736
%COMMONFILES%\aol\1219424927\ee\services\os\ver5_2_1_1\AOLIdleMon.dll [AOL LLC] [AOL OS service] MD5=1337EF044854F38B9DFD085E56EBC3A2 SIZE=5632
%COMMONFILES%\aol\1219424927\ee\services\basics\ver8_0_4_1\basics.dll [America Online, Inc.] [Basics Service] MD5=40DCCDAE78237AF1F20ACBBAF474A2A3 SIZE=385024
%COMMONFILES%\aol\1219424927\ee\services\notification\ver6_2_6_1\Notify.dll [America Online, Inc.] [Notification Service] MD5=DA8CFF2E849BB7C09BF4A6E170615E35 SIZE=145920
%COMMONFILES%\aol\1219424927\ee\services\localStorage\ver7_1_6_1\clsSvc.dll [AOL LLC] [Common Local Store] MD5=8AA0F6018B3B52DBE74CE77A9A7E85AA SIZE=334848
%COMMONFILES%\aol\1219424927\ee\services\metrics\ver3_6_16_1\cmls.dll [AOL LLC] [Client Metrics Service] MD5=7204F76E069854A2785796A0911AFB27 SIZE=262144
%COMMONFILES%\aol\1219424927\ee\services\aolsystrayservice\ver3_0_16_1\AOLSysTrayService.dll [AOL LLC] [AOL Service Libraries] MD5=2856C172401B665FB7451B4B4CC5D657 SIZE=180224
%COMMONFILES%\aol\1219424927\ee\services\suiteFramework\ver4_1_6_1\suiteFramework.dll [AOL LLC.] [SuiteFramework Service] MD5=4A9476E8EF7051BCF06D33A746339E9C SIZE=292864
%PROGRAMFILES%\BT Voyager 105 ADSL Modem\DbgMode.dll [DebugMode Dynamic Link Library] MD5=AD4970CD90248DBCF5B424987AB7E8C2 SIZE=1757278
%PROGRAMFILES%\BT Voyager 105 ADSL Modem\CplEng.dll [GlobespanVirata] [DSL Status] MD5=A3AC6B836B8A8412E1A055219E068002 SIZE=12288
%PROGRAMFILES%\ScanSoft\PaperPort\PPRecDiag.dll [Nuance Communications, Inc.] [PaperPort] MD5=2B0E427B72911C570FEA1FD38E035BB2 SIZE=30248
%PROGRAMFILES%\ScanSoft\PaperPort\XMAXUTIL.dll [Nuance Communications, Inc.] [PaperPort] MD5=7557BF3AEFD0703D5C7388E80494853E SIZE=58920
%PROGRAMFILES%\ScanSoft\PaperPort\blicectr.dll [Black Ice Software, Inc.] [Black Ice Software, Inc. blicectr] MD5=E2BF206E5164569500742637B5459402 SIZE=36864
%PROGRAMFILES%\ScanSoft\PaperPort\MaxRes.dll [Nuance Communications, Inc.] [PaperPort] MD5=F0FD7D437DD5FE0E91876C6BC389DF25 SIZE=2967080
%PROGRAMFILES%\ScanSoft\PaperPort\BindRes.dll [Nuance Communications, Inc.] [PaperPort] MD5=7E250A81F09C89F65750A07740D8CEAF SIZE=124456
%SystemDiskRoot%\apps\ABoard\AOSD.exe [NEC Computers International] [ActivOSD Application] MD5=66C31EC9B966A1D5FFC726A53DC1A137 SIZE=69632
%PROGRAMFILES%\QuickTime\QTSystem\QuickTime.qts [Apple Inc.] [QuickTime] MD5=E2177DFEFE6DBA82E13A66F1BCBCE56B SIZE=12124160
%PROGRAMFILES%\QuickTime\QTSystem\QTCF.dll MD5=295F3F6856B4E75444039227D001B9CD SIZE=180224
%COMMONFILES%\Apple\Apple Application Support\CoreFoundation.dll [Apple Inc.] [CoreFoundation] MD5=BBFA5347CA1168AE82D3BAB95669713B SIZE=824608
%COMMONFILES%\Apple\Apple Application Support\pthreadVC2.dll [Open Source Software community project] MD5=C9680F06E51DB8B9A0772C20F3E10DB6 SIZE=53024
%COMMONFILES%\Apple\Apple Application Support\objc.dll MD5=F7E5225F9655594FB62048D29D83E6D1 SIZE=120096
%COMMONFILES%\Apple\Apple Application Support\icuin40.dll [IBM Corporation and others] [International Components for Unicode] MD5=3EC960911C99E7F1FEF081AC188603B9 SIZE=1041696
%COMMONFILES%\Apple\Apple Application Support\icuuc40.dll [IBM Corporation and others] [International Components for Unicode] MD5=81B49CBEEE971E8EF87CF4FC67D92149 SIZE=922912
%COMMONFILES%\Apple\Apple Application Support\icudt40.dll [IBM Corporation and others] [International Components for Unicode] MD5=491D57C8C0567D5B9408FA5C7F8FFC03 SIZE=14009632
%COMMONFILES%\Apple\Apple Application Support\ASL.dll MD5=985195828E487517A0B56E21E03D687C SIZE=39712
%COMMONFILES%\Apple\Apple Application Support\CFNetwork.dll [Apple, Inc.] [CFNetwork] MD5=D35BF19DB6D307647959DFB670C4087C SIZE=603424
%COMMONFILES%\Apple\Apple Application Support\SQLite3.dll [Apple Inc.] [SQLite3] MD5=9F9541640695EFF246FF06A070A5D5D5 SIZE=406816
%COMMONFILES%\Apple\Apple Application Support\zlib1.dll [zlib] MD5=BAB1EA7BED98DEA85EA3FC44EB423654 SIZE=67872
%COMMONFILES%\Apple\Mobile Device Support\bin\iTunesMobileDevice.dll [Apple Inc.] [iTunesMobileDevice] MD5=B63A750AB385A44D4F888751DA6703AE SIZE=1352992
%PROGRAMFILES%\Brother\ControlCenter3\brccMCtl.exe [Brother Industries, Ltd.] [Control Center 3] MD5=47F73264CBAAC4981C3393BA8E4339CD SIZE=536576
%PROGRAMFILES%\Brother\ControlCenter3\brccDCtl.dll [Brother Industries, Ltd.] [ControlCenter] MD5=505C9D629E6DD529CC7D16979E1C1611 SIZE=598016
%PROGRAMFILES%\Brother\ControlCenter3\brcceng.dll [Brother Industries, Ltd.] [ControlCenter3] MD5=70381DA0B9FDA833742332C9C6050F5A SIZE=106496
%PROGRAMFILES%\Brother\ControlCenter3\brccimg.dll [Brother Industries, Ltd.] [ControlCenter] MD5=F14901379C055F8C7D6BCE25DD4E0C53 SIZE=5345280
%PROGRAMFILES%\Brother\ControlCenter3\brccFCtl.dll [Brother Industries, Ltd.] [ControlCenter] MD5=9F251108DA7FA8EC42240E8B4B9C9D63 SIZE=172032
%PROGRAMFILES%\Brother\ControlCenter3\LTDIS12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=77FB208063DA1322C2E3355466BB3FD4 SIZE=259584
%PROGRAMFILES%\Brother\ControlCenter3\LTKRN12n.dll [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32 - Japanese build] MD5=F122133B677E43C0A027F5F742822BEC SIZE=406016
%PROGRAMFILES%\Brother\ControlCenter3\LTFIL12n.DLL [LEAD Technologies, Inc.] [LEADTOOLS(r) DLL for Win32] MD5=3E673974AB50A2B8276DE3FDED15D56A SIZE=131584
%PROGRAMFILES%\Brother\ControlCenter3\BrImgPDF.dll [Brother Industries,LTD.] [Brother BrImgPDF] MD5=3BDD30688E578AD97E7432C455B0AE6A SIZE=61440
%SYSDIR%\Macromed\Flash\Flash10b.ocx [Adobe Systems, Inc.] [Shockwave Flash] MD5=8AFC17155ED5AB60B7C52D7F553D579C SIZE=3866528
%PROGRAMFILES%\Brother\ControlCenter3\BrDbgOut.dll [Brother Industries, Ltd.] [Brother MFC Windows Software Standard Debug Output Dll] MD5=4E70315D5EBECA70BCCA7EF1F436F701 SIZE=94208
%SYSDIR%\AsusUSBSwitch\AsMultiLang.dll MD5=5B3F48796FC5B99A64B96A66A99C4FA0 SIZE=50688
%PROGRAMFILES%\NETGEAR\WG111v3\WG111v3.exe [NetgearCUv2 Application] MD5=F6DF85F8384119EC6655CD407E493B44 SIZE=1527808
%PROGRAMFILES%\NETGEAR\WG111v3\WlanDll.dll [WlanDll Dynamic Link Library] MD5=846F5D897A47AAD16120D14B39631100 SIZE=49152
%PROGRAMFILES%\NETGEAR\WG111v3\WG111v3Lib.dll [Realtek Semiconductor Corp.] [WG111v3Lib Dynamic Link Library] MD5=791792BE88E3A8F132A3E9B7F1CEF89A SIZE=262144
%PROGRAMFILES%\NETGEAR\WG111v3\acAuth.dll MD5=219F3E0553A8F681CAA386AF07517390 SIZE=966765
%PROGRAMFILES%\NETGEAR\WG111v3\LIBEAY32.dll [The OpenSSL Project, http://www.openssl.org/] [The OpenSSL Toolkit] MD5=1879686BD49E29251CB003E92BD1E8EC SIZE=1069056
%PROGRAMFILES%\NETGEAR\WG111v3\CheckSessions.dll [CheckSessions Dynamic Link Library] MD5=B0091083A92F5654DDE8746CA7C246EB SIZE=24576
%PROGRAMFILES%\MouseWare\system\em_exec.exe [Logitech Inc.] [MouseWare] MD5=441F3A863E276CEF74845F2FC542E095 SIZE=37888
%PROGRAMFILES%\MouseWare\system\EVENTEX.dll [Logitech Inc.] [MouseWare] MD5=6D546F071E7CAE2832E87F3DB594808C SIZE=229888
%SYSDIR%\COMNCTR.dll [Logitech Inc.] [MouseWare] MD5=BA3752A432A0B5981F3B8FE39BFE1EF6 SIZE=104960
%PROGRAMFILES%\MouseWare\system\ccresrce.dll [Logitech Inc.] [MouseWare] MD5=554FF6AF7CD7C031F0305BFE92D3613D SIZE=77312
%PROGRAMFILES%\MouseWare\system\GlbResLt.dll [Logitech Inc.] [MouseWare] MD5=15DDD3488DA565A54A04CDAB1FA22C8B SIZE=13312
%PROGRAMFILES%\MouseWare\System\devices.dll [Logitech Inc.] [MouseWare] MD5=DDACCAFA2D5BC516D27FD73BD199794E SIZE=135168
%PROGRAMFILES%\MouseWare\system\ccstmglb.dll [Logitech Inc.] [MouseWare] MD5=E6DF183224BC412E7E7C15E09EC99834 SIZE=184832
%PROGRAMFILES%\MouseWare\system\ccustom.dll [Logitech Inc.] [MouseWare] MD5=8847037A2D8AB7439B0E7FEF9D2A3656 SIZE=16384
%PROGRAMFILES%\MouseWare\system\ccmsghk.dll [Logitech Inc.] [MouseWare] MD5=CAECD50C3D001EB0A4D67F1704FB45F4 SIZE=42496
%PROGRAMFILES%\iPod\bin\iPodService.exe [Apple Inc.] [iTunes] MD5=6E0FAEA90E71C5F1B9F3BC71B4CCA2FA SIZE=545568
%PROGRAMFILES%\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL [Apple Inc.] [iTunes] MD5=875754AB791E7E0DEF5D2F6BD061428D SIZE=48928
%PROGRAMFILES%\iPod\bin\iPodService.Resources\iPodService.DLL [Apple Inc.] [iTunes] MD5=FC5AE4E71BFE1F6366A6B8F761BC8EC7 SIZE=47904
%PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 2010\scrchpg.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=0E4A7C0F383B04D31AC94A11B3F1F22C SIZE=154128
%PROGRAMFILES%\Kaspersky Lab\Kaspersky Internet Security 2010\klscav.dll [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=2BF2202EDACD6072C2A93365D87A1329 SIZE=33808
%PROGRAMFILES%\AVG\Virus Removal Tool\setup_9.0.0.722_06.02.2010_15-25[1]\startup.exe MD5=64FC2310EC8DEE43CD01CA610D4EBC24 SIZE=72208
%SYSDIR%\mmsys.cpl [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=0F93F0A941DC94B83BE820F51174695D SIZE=618496
%SYSDIR%\shscrap.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=BB6DF8EC2F2AAF61DE7CF7E721AF963A SIZE=27648
%COMMONFILES%\System\Ole DB\oledb32.dll [Microsoft Corporation] [Microsoft Data Access Components] MD5=DC095DB6D468CB5B653E05F865487E57 SIZE=487424
%SYSDIR%\mstask.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4044E880593FE1AC9942190FCE414BE7 SIZE=274944
%SYSDIR%\zipfldr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=C444B433A340C24B51A2DACE9D13FC70 SIZE=338432
%WINDIR%\msagent\agentpsh.dll [Microsoft Corporation] [Microsoft Agent Property Sheet Handler] MD5=909DB998F06E949C59558F1D420A169B SIZE=24064
%PROGRAMFILES%\real\realone player\rpshell.dll [RealNetworks, Inc.] [RealPlayer] MD5=FC769F8BF9DBF4952888D4D2D580EC5D SIZE=63016
%COMMONFILES%\Microsoft Shared\Web Folders\MSONSEXT.DLL [Microsoft Corporation] [Web folders and Rosebud Windows Redistributable Package] MD5=0F014081941E638D26CF049BC3481E13 SIZE=972632
%SYSDIR%\Audiodev.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=4C48F1B30A82583CAEE0DA02DD7259EE SIZE=276992
%SYSDIR%\RUNDLL32.EXE [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=037B1E7798960E0420003D05BB577EE6 SIZE=33280
%SYSDIR%\WPDShServiceObj.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=045E228F71C31901084B64BE59093499 SIZE=133632
%SYSDIR%\DRIVERS\96410071.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=7DD41B7AC1FBB1DBF20BB1F4E4FBE58C SIZE=128016
%SYSDIR%\DRIVERS\96410072.sys [Kaspersky Lab] [Kaspersky Anti-Virus] MD5=A305FAD3719C5DB0C13D1C2BFD08A04D SIZE=37392
%SYSDIR%\Drivers\Achernar.sys [An Chen Computer Co., Ltd.] [Achernar] MD5=4848ABF6D2F38C8A1F2138D4FE8F9455 SIZE=16855
%SYSDIR%\DRIVERS\AegisP.sys [Meetinghouse Data Communications] [AEGIS Client 3.4.5.0] MD5=30BB1BDE595CA65FD5549462080D94E5 SIZE=21035
%SYSDIR%\Drivers\Aldebaran.sys [An Chen Computer Co., Ltd.] [Aldebaran] MD5=03A26904786D78552B93BB4D64F0B72F SIZE=21808
%SYSDIR%\svchost.exe -k netsvcs
%SYSDIR%\svchost -k DcomLaunch
%SYSDIR%\DRIVERS\disk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=044452051F3E02E7963599FC8F4F3E25 SIZE=36352
%SYSDIR%\svchost.exe -k NetworkService
%SYSDIR%\DRIVERS\flpydisk.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=9D27E7B80BFCDF1CDD9B555862D5E7F0 SIZE=20480
%SYSDIR%\Drivers\GEARAspiWDM.sys [GEAR Software Inc.] [CD DVD Filter] MD5=8182FF89C65E4D38B2DE4BB0FB18564E SIZE=26600
%SYSDIR%\DRIVERS\klmouflt.sys [Kaspersky Lab] [Kaspersky™ Anti-Virus ®] MD5=1F351C4BA53BFE58A1CA5FCDD11E1F81 SIZE=19472
%SYSDIR%\DRIVERS\L8042pr2.Sys [Logitech, Inc.] [Logitech MouseWare(TM)] MD5=A006D66EDB128FB9AB940A903FDF792E SIZE=53870
%SYSDIR%\svchost.exe -k LocalService
%SYSDIR%\DRIVERS\LMouFlt2.Sys [Logitech, Inc.] [Logitech MouseWare(TM)] MD5=03ABEF1A29ADDC98C32ED0F336B98E90 SIZE=73134
%SYSDIR%\DRIVERS\mssmbios.sys [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=AF5F4F3F14A8EA2C26DE30F7A1E17136 SIZE=15488
%SYSDIR%\DRIVERS\Mtlmnt5.sys [Modem] MD5=028975968AFC57E3D7D02BF7455D909D SIZE=210024
%SYSDIR%\svchost -k rpcss
%SYSDIR%\DRIVERS\R8139n51.SYS [Realtek Semiconductor Corporation] [Realtek RTL8139/810x Family Fast Ethernet NIC] MD5=D0AC0B0355A3FFB85EB77B083CD0627C SIZE=45568
%SYSDIR%\DRIVERS\wg111v3.sys [Realtek Semiconductor Corporation] [NETGEAR WG111v3 54Mbps Wireless USB 2.0 Adapter NDIS Driver] MD5=4E812AC89EEC95AAC9CACEA29A0F8DC8 SIZE=224896
%SYSDIR%\DRIVERS\9641007.sys [Kaspersky Lab] [Kaspersky™ Anti-Virus ®] MD5=66EF49622BAA18E4D4F1FE4BAE1D51B8 SIZE=315408
%SYSDIR%\DRIVERS\sisgrp.sys [Silicon Integrated Systems Corporation] [SiS (R) Compatible Super VGA Miniport Driver for Windows XP] MD5=8BC9D230915586FE664B33E6E7C41958 SIZE=425728
%SYSDIR%\DRIVERS\SISAGPX.sys [Silicon Integrated Systems Corporation] [SiS (R) NT AGP Filter for Windows XP] MD5=FCBB10EEBFBCE575CA48543F40DCF4BF SIZE=30720
%SYSDIR%\DRIVERS\siside.sys [Silicon Integrated Systems Corp.] [SiS PCI Mini IDE Driver] MD5=B4485881BD8AED9B157A2E6CF43C2D51 SIZE=4096
%SYSDIR%\drivers\sisidex.sys [Windows (R) 2000 DDK provider] [Windows (R) 2000 DDK driver] MD5=6225224B8E846AC230F8D9B343635910 SIZE=49024
%SYSDIR%\drivers\srvkp.sys [Silicon Integrated Systems Corporation] [SiS (R) WindowsXP Display Manager] MD5=9A65F28EBC11C37AE5BB646672083188 SIZE=11264
%SYSDIR%\drivers\sisperf.sys [Silicon Integrated Systems Corp.] [SiS Filer Driver] MD5=596D4A7052002D2BD344D8937DA6F66D SIZE=9472
%SYSDIR%\DRIVERS\slntamr.sys [Modem] MD5=55C45200E9724CA034AE65F145A7367D SIZE=507008
%SYSDIR%\DRIVERS\SlWdmSup.sys [Vireo Software] [Driver::Works] MD5=3B4A3B282F62FE5D75127D22B26909ED SIZE=39348
%SYSDIR%\drivers\STAC97.sys [SigmaTel, Inc.] [VIA Audio Controller with SigmaTel CODEC device driver.] MD5=CEBF089C55301138584D228893798732 SIZE=186288
%SYSDIR%\svchost.exe -k imgsvc
%SYSDIR%\DRIVERS\vcsmpdrv.sys [H+H Software GmbH] [Virtual CD] MD5=AEB8F420C711A1A1B64E1A289A3E6C36 SIZE=49024
%SYSDIR%\DRIVERS\wanatw4.sys [America Online, Inc.] [Wan Miniport (ATW)] MD5=0A716C08CB13C3A8F4F51E882DBF7416 SIZE=33588
%SYSDIR%\svchost.exe -k WudfServiceGroup
%SYSDIR%\mscoree.dll [Microsoft Corporation] [Microsoft® .NET Framework] MD5=C99248B969A799B771F484CD68BCB96E SIZE=282112
%SYSDIR%\wiascr.dll [Microsoft Corporation] [Microsoft® Windows® Operating System] MD5=477BB51076B926E1A68840C267540042 SIZE=75776

End of Report


Report •


Ask Question