Help
This topic is locked
Hi pwgib,
The MBAM quick scan ran successfully in normal mode and came up clean. I wasn't prompted to delete anything.
TWillGA
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org
Database version: 8066
Windows 6.0.6001 Service Pack 1
Internet Explorer 8.0.6001.19088
11/2/2011 1:49:11 AM
mbam-log-2011-11-02 (01-49-11).txt
Scan type: Quick scan
Objects scanned: 167490
Time elapsed: 22 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
(No malicious items detected)
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Forum Guidelines
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help
Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient. DO NOT RUN ComboFix unless requested to. Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
Google Re-direct / Possible Root-Kit
Back to top
#32
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 02 November 2011 - 07:44 PM
Hi TWillGA,
Just for kicks let's try aswMBR again.
Step 1.
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
Do not download the Avast definitions
On completion of the scan click save log, save it to your desktop and post in your next reply.
Thanks!!
Just for kicks let's try aswMBR again.
Step 1.
Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
Click the "Scan" button to start scan
Do not download the Avast definitions
On completion of the scan click save log, save it to your desktop and post in your next reply.
Thanks!!
PW
#33
- Member
-
- Group: Members
- Posts: 21
- Joined: 08-October 11
Posted 02 November 2011 - 07:49 PM
Hi pwgib,
The aswMBR log is below.
TWillGA
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-02 20:47:39
-----------------------------
20:47:39.386 OS Version: Windows 6.0.6001 Service Pack 1
20:47:39.386 Number of processors: 2 586 0xF0D
20:47:39.386 ComputerName: MOONLIGHT UserName: Toni
20:47:43.146 Initialize success
20:48:07.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:48:07.192 Disk 0 Vendor: FUJITSU_ 0085 Size: 114473MB BusType: 3
20:48:07.629 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
20:48:07.629 Disk 1 Vendor: ( Size: 3780MB BusType: 12
20:48:07.785 Disk 0 MBR read successfully
20:48:07.785 Disk 0 MBR scan
20:48:07.785 Disk 0 Windows VISTA default MBR code
20:48:07.926 Disk 0 scanning sectors +234438656
20:48:08.035 Disk 0 scanning C:\Windows\system32\drivers
20:48:21.373 Service scanning
20:48:24.009 Modules scanning
20:48:34.898 Disk 0 trace - called modules:
20:48:34.929 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:48:34.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866bdac8]
20:48:34.945 3 CLASSPNP.SYS[891aa745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85c61030]
20:48:34.960 Scan finished successfully
20:48:50.046 Disk 0 MBR has been saved successfully to "C:\Users\Toni\Desktop\MBR.dat"
20:48:50.046 The log file has been saved successfully to "C:\Users\Toni\Desktop\aswMBR.txt"
The aswMBR log is below.
TWillGA
aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-11-02 20:47:39
-----------------------------
20:47:39.386 OS Version: Windows 6.0.6001 Service Pack 1
20:47:39.386 Number of processors: 2 586 0xF0D
20:47:39.386 ComputerName: MOONLIGHT UserName: Toni
20:47:43.146 Initialize success
20:48:07.192 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
20:48:07.192 Disk 0 Vendor: FUJITSU_ 0085 Size: 114473MB BusType: 3
20:48:07.629 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0
20:48:07.629 Disk 1 Vendor: ( Size: 3780MB BusType: 12
20:48:07.785 Disk 0 MBR read successfully
20:48:07.785 Disk 0 MBR scan
20:48:07.785 Disk 0 Windows VISTA default MBR code
20:48:07.926 Disk 0 scanning sectors +234438656
20:48:08.035 Disk 0 scanning C:\Windows\system32\drivers
20:48:21.373 Service scanning
20:48:24.009 Modules scanning
20:48:34.898 Disk 0 trace - called modules:
20:48:34.929 ntkrnlpa.exe CLASSPNP.SYS disk.sys iastor.sys hal.dll
20:48:34.929 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x866bdac8]
20:48:34.945 3 CLASSPNP.SYS[891aa745] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85c61030]
20:48:34.960 Scan finished successfully
20:48:50.046 Disk 0 MBR has been saved successfully to "C:\Users\Toni\Desktop\MBR.dat"
20:48:50.046 The log file has been saved successfully to "C:\Users\Toni\Desktop\aswMBR.txt"
#34
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 02 November 2011 - 09:19 PM
Hi TWillGA,
We might as well try ESET again also.
Step 1.
If no log is generated that means nothing was found. Please let me know if this happens.
Thanks!!
We might as well try ESET again also.
Step 1.
- Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan - Click the
button. - For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
- Click on
to download the ESET Smart Installer. Save it to your desktop. - Double click on the
icon on your desktop.
- Click on
- Check
- Click the
button. - Accept any security warnings from your browser.
- Under scan settings, check
and check Remove found threats - Click Advanced settings and select the following:
- Scan potentially unwanted applications
- Scan for potentially unsafe applications
- Enable Anti-Stealth technology
- Scan potentially unwanted applications
- ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
- Copy and paste the resulting log in your next reply
If no log is generated that means nothing was found. Please let me know if this happens.
Thanks!!
PW
#35
- Member
-
- Group: Members
- Posts: 21
- Joined: 08-October 11
Posted 02 November 2011 - 10:51 PM
Hi pwgib,
I tried to run ESET twice; the pc crashed/rebooted both times. I don't have a log to post.
TWillGA
I tried to run ESET twice; the pc crashed/rebooted both times. I don't have a log to post.
TWillGA
#36
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 03 November 2011 - 06:30 AM
Hi TWillGA,
Let's try a different scanner. ESET crashing is not that unusual. It's when all the tools crash like they were that it is worrisome.
Please run a BitDefender QuickScan
When the scan has finished, it should take about a minute, click View Log and copy and paste the log into your next reply.
Thanks!!
Let's try a different scanner. ESET crashing is not that unusual. It's when all the tools crash like they were that it is worrisome.
Please run a BitDefender QuickScan
- Click Start Scanner
- Click Start Scan
If you are running Firefox you should accept the installation of the Plug-in and restart Firefox
If you are running Internet Explorer then allow the ActiveX control to install when prompted.
- Click Start Scan
- Check the I ACCEPT box on the EULA and click OK
When the scan has finished, it should take about a minute, click View Log and copy and paste the log into your next reply.
Thanks!!
PW
#37
- Member
-
- Group: Members
- Posts: 21
- Joined: 08-October 11
Posted 03 November 2011 - 08:21 AM
Hi pwgib,
Here ya go!
TWillGA
QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Nov 03 09:19:24 2011
Machine ID: F2A86AFD
No infection found.
-------------------
Processes
---------
CyberLink MediaLibray Service 3668 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
Firefox 5572 C:\Program Files\Mozilla Firefox\firefox.exe
IDT Audio 3608 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
Microsoft® Windows® Operating System 1764 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 336 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 3476 C:\Windows\System32\wbem\unsecapp.exe
Monitor Application 3760 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
Symantec AntiVirus 3600 C:\Program Files\Symantec AntiVirus\VPTray.exe
Symantec Security Technologies 3592 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Windows® Internet Explorer 156 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 500 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3040 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Microsoft® Windows® Operating System 3828 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 3972 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 3776 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 1696 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 3792 C:\Windows\System32\wuauclt.exe
Network activity
----------------
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.86.64.162
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.125.157.101
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 443 (HTTP over SSL) --> 74.125.65.120
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 80 (HTTP) --> 69.63.190.14
Process firefox.exe (5572) connected on port 80 (HTTP) --> 69.63.190.14
Process firefox.exe (5572) connected on port 443 (HTTP over SSL) --> 74.125.65.120
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.33.175
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.125.159.101
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.17
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.11
Process firefox.exe (5572) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5572) connected on port 80 (HTTP) --> 66.235.142.57
Autoruns and critical files
---------------------------
CyberLink MediaLibray Service C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
IDT Audio C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
LG Firmware Autoupdate C:\Program Files\lg_fwupdate\fwupdate.exe
Monitor Application C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MUI StartMenu Application C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Symantec AntiVirus C:\Program Files\Symantec AntiVirus\VPTray.exe
Symantec Security Technologies C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer C:\Windows\System32\webcheck.dll
Browser plugins
---------------
20-20 3D Viewer C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
ArcSoft Video Downloader C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll
BitDefender QuickScan C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Browser Address Error Redirector C:\Program Files\Dell\BAE\BAE.dll
CouponNetwork Coupon Activator Netscape C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
DoggieDash.1.0.0.10 C:\Windows\Downloaded Program Files\DoggieDash.1.0.0.10.dll
HP Smart Web Printing c:\program files\hp\smart web printing\hpswp_framework.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Macrovision FLEXnet Connect C:\Windows\Downloaded Program Files\isusweb.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Missing files
-------------
File not found: C:\Program Files\Bonjour\mdnsNSP.dll
--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\"LibraryPath"
Scan
----
MD5: 6d8304f4f91d3ad6f360af7169daee22 C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll
MD5: 2463c6dcfff79e69dbb6544b74bfa232 C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\PluginUI.dll
MD5: 08d8fa119f2ad6ac0377fb667523482e C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: c55c71d48c43d55b3eb6dd34d64d1376 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MD5: 7cfc00b4501a14cf369f869ab8e79e68 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
MD5: ebcde8b48fadc6479d96a56d0a432160 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
MD5: ab2b1de1c8f31efce2384b14b3dc4260 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
MD5: 51778fd315c9882f1cbd932743e62a72 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
MD5: 416acce24888703a2eccb5de31b51cf7 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
MD5: 7afdc3c713253451cd1f3c809903018b C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MD5: 205a365bd0d26637189af931dc37b79a C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
MD5: 1ad0f8346fec3337834d6b5a19db9291 C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
MD5: dc5fb71c1fd81198f77961fcdb41fafc C:\Program Files\Common Files\Symantec Shared\ccL60.dll
MD5: c84a3e2a295d6a0c7d46bcb17b0be295 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
MD5: 50dcd40a177e6c84f36d555d7f727655 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
MD5: 1170c75a713a38622709dd56307ea754 C:\Program Files\Common Files\Symantec Shared\ccSet.dll
MD5: 132c031b41b0e5786e9fea5b0fe50ea8 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
MD5: 7d33f2009086256d21e4408d8ab4f2ce C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
MD5: 47312a6af7d84f99ea9eb7b0de5440bc C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
MD5: 9c167bb694823e91663268b9f903d2ca C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
MD5: 8f7dbc4be48f5388a6fe1f285e7948ef C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
MD5: 3ee14d400e0fdd0d214275a4a20b7022 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: a7c5909466be1f685596ae0ae9939a2c C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll
MD5: 905782bcf15b6e5af9905b77923c7fa2 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
MD5: ea4dac53650dc65e7d56d9f28d98c64e C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL
MD5: a9206960c92f5377e453ea4f32ab3346 c:\program files\common files\symantec shared\ssc\ScsComms.dll
MD5: 749aba9c6e9d5cd0fbcba8820f0b8b5c C:\Program Files\Common Files\Symantec Shared\SymNeti.dll
MD5: 3cc5076730cf551242eb8182998a4e85 C:\Program Files\Common Files\Symantec Shared\SymRedir.dll
MD5: 11efb7a1ed0a4432ef4bacf3fab37881 C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MD5: 572024f59132bc3a2ac5e60a6c48d31e C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
MD5: dfc8583f77ae7cb4c03cb1c9b34f6ba8 C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MD5: d069be6bd1daaf53c55e9c78fdce712b C:\Program Files\CyberLink\Power2Go\MSVCP71.dll
MD5: c861657ff753f4a6fa97c7adff4f3347 C:\Program Files\CyberLink\Power2Go\MSVCR71.dll
MD5: 5c5d40ddde89190b2b3a19edac1ccf55 C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
MD5: 1a4f60ef6da38621f1091b0cb0fa2c09 C:\Program Files\Dell\BAE\BAE.dll
MD5: ef501a60c5de659c02ef1fa8ee8b3998 C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
MD5: 245f62a2aa67f4a61f10174bf1017327 C:\Program Files\DellSupport\brkrsvc.exe
MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
MD5: 6827ca29d7ad3595660271f3f05c79b5 C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
MD5: 58d4765ab87347db835d5693adf652c1 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 99ed733f614660eb32199bf889dfb7e2 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: a40456de4ef7e318104955361c72ac9d c:\program files\hp\smart web printing\hpswp_framework.dll
MD5: ee60cc0f6da08452ea145ef828a76b4f C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 919f9fae1f962299cd117923beb67246 C:\Program Files\Internet Explorer\IEShims.dll
MD5: ed65737d70fdeac29f738e77d2496ee5 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 4da979e6a3269922a16d4653aef26d7f C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 3f59ede1444c14cfbaa15c7ebbfe6196 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: b25c71018bdba3e1e0e64917f7af50a7 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
MD5: 83e6863163364e7b7a7bc3d14e0c9cbe C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeaptopDeviceHook.dll
MD5: e9739b0b8920a242faacdf7b33bf346f C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\TagJrDeviceHook.dll
MD5: afd2eb48fed500b8e6a39ee1e5f8e33f C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MD5: ee38d216a4b807a2af0f28b3f2fa1090 C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MD5: bda2e5ad18629ee393cb86b7ed0dacec C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MD5: fdaddea50790d895d56455c78016e058 C:\Program Files\lg_fwupdate\fwupdate.exe
MD5: 27fd37a85511a50e913e9b3fb8249c41 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
MD5: 7f45b20a1d921f5246ac9b62c96ebb26 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
MD5: b6fdddab3a8c94cc5b47b6f6c596f9fc C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 444965ea23187b113161e0df3b8a7cff C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0a093adfc938a4dc1fbe4f33e821aeba C:\Program Files\Mozilla Firefox\js3250.dll
MD5: d52a48b57d1499594e5cc214aa672bf1 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 1b983b717f924648fd13be572356963a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 41f6ce355d59011672e924c7d6843a49 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 313943a1eb6b49be59200778686b36f3 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 5f52f4ab0c24feff8417beb9d09feaf1 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: b531b6933e64af2f5062105811313db3 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 3621cf0e150a0b4e5d4be9da810d5c70 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 3c9ed583ba25c2c4c3ac5f86f6ae1505 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 77ad486ab85913e5282911f4cf039f11 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 1c821d2aa3213ad4eccd479dec3f67b4 C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
MD5: c62d44164113cd26378382747fd3ce78 C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
MD5: c953747215143628d3724340faf73bd4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 39c4fddc44de555514bd765b567939e3 C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
MD5: 724614b3363c3377ceac6dc8a1986c14 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 4da979e6a3269922a16d4653aef26d7f C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: 39119c89449fc3764498f4ed78426bd3 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: ddcb1183aa86739ad66c6f24b9f4f04e C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: a16f5ea841760336b62ea64ae9291198 C:\Program Files\Mozilla Firefox\sqlite3.dll
MD5: a374c695629aa8002364e418d24496ab C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 2b8b81d15fa69ba228bd9c970c6a5c88 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 85f7e8f9e031edd951c9fce6d325008d C:\Program Files\Mozilla Firefox\xul.dll
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f c:\program files\real\realplayer\Netscape6\nprpjplug.dll
MD5: 4356f21fb6d547f22bfbc91164a597a6 C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
MD5: f2b4a9d0d0e1fbf6cca824ea0a76ffc0 C:\Program Files\Sigmatel\C-Major Audio\WDM\STLang.dll
MD5: 485a4912b2d639694f836451a2b30435 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
MD5: 4d7603d34fad7c1226b7c2302556584a C:\Program Files\Symantec AntiVirus\Cliproxy.dll
MD5: fb937277e87f8468603f4e2d8cf9db4a C:\Program Files\Symantec AntiVirus\DefWatch.exe
MD5: 38feaf71f0dacc4dbe3df9ef347bea60 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
MD5: a548acf535d81a96e1b38f76a2de658f C:\Program Files\Symantec AntiVirus\Rtvscan.exe
MD5: 00ff924142d90a147bcee8975e39d9c0 C:\Program Files\Symantec AntiVirus\SavEmail.dll
MD5: 3d6ab454353a7834a0919e4cdc77b566 C:\Program Files\Symantec AntiVirus\SavRoam.exe
MD5: 62f305095a75fb319d1d91da9d4083e6 C:\Program Files\Symantec AntiVirus\VPTray.exe
MD5: d8b83790f45403b83d24fc63310e3bc7 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 94a85e956a065e23e0010a6a7826243b C:\Program Files\Windows Live\installer\WLSetupSvc.exe
MD5: 9d19b042a4fd5c02195071ea2fe0c821 C:\Program Files\Windows Live\Messenger\usnsvc.exe
MD5: 33e87713c7fe08c5f861e2819ed33a0e C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 3c7fcbbc35e0a52ce9b12e9cc4f5b991 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
MD5: 031992bc140364d2269349669a6979cb C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 4403dc87cd47c803ab8c9814f95e4d9c C:\Windows\AppPatch\AcGenral.DLL
MD5: 436f1d40b9729a38a7a6a4e9576aa62c C:\Windows\Downloaded Program Files\DoggieDash.1.0.0.10.dll
MD5: 11ebc1ef713a878a14be8d5923cd355f C:\Windows\Downloaded Program Files\isusweb.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: ac47b55b38d626b678897f195793ecab C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: ef1142512bec12f1c2c87735da1755be C:\Windows\system32\aestsrv.exe
MD5: aab386da22268b3f4b1b98b77d324126 C:\Windows\system32\cba.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 5665120753fce7123c4deace241ee715 C:\Windows\system32\DNSAPI.dll
MD5: 4805d9a6d281c7a7defd9094dec6af7d C:\Windows\System32\dnsrslvr.dll
MD5: 48eb99503533c27ac6135648e5474457 C:\Windows\system32\drivers\afd.sys
MD5: 8b10ce1c1f9f1d47e4deb1a547a00cd4 C:\Windows\system32\drivers\agp440.sys
MD5: dc67a153fdb8105b25d05334b5e1d8e2 C:\Windows\system32\drivers\aliide.sys
MD5: 848f27e5b27c1c253f6cefdc1a5d8f21 C:\Windows\system32\drivers\amdagp.sys
MD5: 835c4c3355088298a5ebd818fa31430f C:\Windows\system32\drivers\amdide.sys
MD5: cd4646067cc7dcba1907fa0acf7e3966 C:\Windows\system32\DRIVERS\bcm4sbxp.sys
MD5: 6aae1042c0a572b24d2a4d6088f03392 C:\Windows\system32\DRIVERS\bcmwl6.sys
MD5: 8153396d5551276227fa146900f734e6 C:\Windows\system32\DRIVERS\bowser.sys
MD5: a0b1aeb65397adcae5a199bd152c107d C:\Windows\system32\drivers\BVRPMPR5.SYS
MD5: 96540c491b68d14c2a01eb2e61fad130 C:\Windows\system32\DRIVERS\CdpPacket.sys
MD5: e79cbb2195e965f6e3256e2c1b23fd1c C:\Windows\system32\drivers\cmdide.sys
MD5: b5ecadf7708960f1818c7fa015f4c239 C:\Windows\system32\DRIVERS\CVirtA.sys
MD5: 1c2999966f0f36aa44eaecbee70cf770 C:\Windows\system32\Drivers\CVPNDRVA.sys
MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\Windows\system32\DRIVERS\datunidr.sys
MD5: a3e9fa213f443ac77c7746119d13feec C:\Windows\System32\Drivers\dfsc.sys
MD5: 7b4fdfbe97c047175e613aa96f3de987 C:\Windows\system32\DRIVERS\dne2000.sys
MD5: 4f59c172c094e1a1d46463a8dc061cbd C:\Windows\system32\DRIVERS\Dot4.sys
MD5: 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 C:\Windows\system32\DRIVERS\Dot4Prt.sys
MD5: c55004ca6b419b6695970dfe849b122f C:\Windows\system32\DRIVERS\dot4usb.sys
MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\Windows\system32\DRIVERS\dsunidrv.sys
MD5: 7505290504c8e2d172fa378cc0497bcc C:\Windows\system32\DRIVERS\e1e6032.sys
MD5: 85e5ad3a9d56fd6f92db5fc9ca62e2e4 C:\Windows\system32\DRIVERS\FlyUsb.sys
MD5: 4daca8f07537d4d7e3534bb99294aa26 C:\Windows\system32\DRIVERS\HSX_CNXT.sys
MD5: e9e589c9ab799f52e18f057635a2b362 C:\Windows\system32\DRIVERS\HSX_DPV.sys
MD5: 7845d2385f4dc7dfb3ccaf0c2fa4948e C:\Windows\system32\DRIVERS\HSXHWAZL.sys
MD5: fd7f9d74c2b35dbda400804a3f5ed5d8 C:\Windows\system32\drivers\iastor.sys
MD5: bbace0293b73bf8c7cb591f2d06f26fa C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 0084046c084d68e494f8cf36bcf08186 C:\Windows\system32\DRIVERS\intelide.sys
MD5: 2f8ece2699e7e2070545e9b0960a8ed2 C:\Windows\system32\drivers\isapnp.sys
MD5: 5353218b3265e3b8190335059f697a11 C:\Windows\system32\DRIVERS\lgusbbus.sys
MD5: bc8b39fc8782a954af119bfbe8a77414 C:\Windows\system32\DRIVERS\lgusbdiag.sys
MD5: 083031a78822eccbd7510bccd3e20d4c C:\Windows\system32\DRIVERS\lgusbmodem.sys
MD5: 5734a0f2be7e495f7d3ed6efd4b9f5a1 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6b5fa5adfacac9dbbe0991f4566d7d55 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 5c80d8159181c7abf1b14ba703b01e0b C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: d420bc42a637ac3cc4f411220549c0dc C:\Windows\system32\drivers\msahci.sys
MD5: 055081fd5076401c1ee1bcab08d81911 C:\Windows\system32\drivers\nv_agp.sys
MD5: 9d20fa5d8875f6063aa5e1c44446f698 C:\Windows\system32\DRIVERS\OEM02Dev.sys
MD5: 86326062a90494bdd79ce383511d7d69 C:\Windows\system32\DRIVERS\OEM02Vfx.sys
MD5: 1962166e0ceb740704f30fa55ad3d509 C:\Windows\System32\Drivers\PxHelp20.sys
MD5: 0245418224cfa77bf4b41c2fe0622258 C:\Windows\system32\drivers\rdpdr.sys
MD5: d85e3fa9f5b1f29bb4ed185c450d1470 C:\Windows\system32\DRIVERS\rimmptsk.sys
MD5: db8eb01c58c9fada00c70b1775278ae0 C:\Windows\system32\DRIVERS\rimsptsk.sys
MD5: 6c1f93c0760c9f79a1869d07233df39d C:\Windows\system32\DRIVERS\rixdptsk.sys
MD5: 126ea89bcc413ee45e3004fb0764888f C:\Windows\system32\DRIVERS\sdbus.sys
MD5: 96ded8b20c734ac41641ce275250e55d C:\Windows\system32\drivers\sffp_mmc.sys
MD5: 08072b2fb92477fc813271a84b3a8698 C:\Windows\system32\drivers\sisagp.sys
MD5: d15da1ba189770d93eea2d7e18f95af9 C:\Windows\System32\Drivers\sptd.sys
MD5: 1b2a1c6bc76e1ebe8bc2f4a4f3d43e23 C:\Windows\System32\Drivers\SRTSP.SYS
MD5: f01a7f6e60e95fe83345cf92728a32d4 C:\Windows\System32\Drivers\SRTSPL.SYS
MD5: d02812f89e18c6fb32f901be1e10bc17 C:\Windows\System32\Drivers\SRTSPX.SYS
MD5: 2252aef839b1093d16761189f45af885 C:\Windows\System32\DRIVERS\srv.sys
MD5: b7ff59408034119476b00a81bb53d5d1 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 2accc9b12af02030f531e6cca6f8b76e C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 751e66eb32efa80633b80f5d7ff0a1d8 C:\Windows\system32\DRIVERS\sscdserd.sys
MD5: 5af135b2e2097d4494b9067ce84e2665 C:\Windows\system32\drivers\stwrt.sys
MD5: 9d98270b5f10a4c84e8da417c30756e1 C:\Windows\system32\Drivers\SYMEVENT.SYS
MD5: 7f4011a719bf30e3dbd84d3a0a45c91c C:\Windows\System32\Drivers\SYMREDRV.SYS
MD5: 2f03cbdb0f22278d05d5d616c993ab58 C:\Windows\System32\Drivers\SYMTDI.SYS
MD5: dd17b63f26430e179ef6bdef5ac735bd C:\Windows\system32\DRIVERS\SynTP.sys
MD5: 6d72ef05921abdf59fc45c7ebfe7e8dd C:\Windows\system32\drivers\uliagpkx.sys
MD5: d5929a28bdff4367a12caf06af901971 C:\Windows\system32\drivers\viaagp.sys
MD5: f3b4762eb85a2aff4999401f14c3262b C:\Windows\system32\drivers\viaide.sys
MD5: 0cec23084b51b8288099eb710224e955 C:\Windows\system32\DRIVERS\wpdusb.sys
MD5: 28dc5d626e036a75a572556f0a6eb1f6 C:\Windows\system32\DRIVERS\xaudio.exe
MD5: 5a7ff9a18ff6d7e0527fe3abf9204ef8 C:\Windows\system32\DRIVERS\xaudio.sys
MD5: b7bf68e1fee5fbc360fabdf8c4f4540a C:\Windows\system32\fdproxy.dll
MD5: d547391c463e4b329b597a3bc07ea29d C:\Windows\system32\FunDisc.dll
MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\Windows\system32\HPZinw12.dll
MD5: 79834aa2fbf9fe81eebb229024f6f7fc C:\Windows\system32\HPZipm12.dll
MD5: 5bb1b169530e1d48ab302ed086f5ecf9 C:\Windows\system32\IEFRAME.dll
MD5: 9f439371530a3e7b76c6851260ae4fb0 C:\Windows\system32\iepeers.dll
MD5: b86cb6276da2518d3501b4991e9ad4ce C:\Windows\system32\iertutil.dll
MD5: b2aa9fde39074713ed3bc9e523b470c7 C:\Windows\system32\IEUI.dll
MD5: 7be97f43723dc53b65a6de5fca76e4c2 C:\Windows\system32\igdumd32.dll
MD5: 2309320e453a7004b65c4d4075c1e7d6 C:\Windows\system32\igfxdev.dll
MD5: f530a7b2408a8d95518cc68057504bca C:\Windows\system32\igfxsrvc.dll
MD5: 109f6c42b99f746e4963f252768667ac C:\Windows\system32\igfxTMM.dll
MD5: 812b78d537e5ba9d8d25a66e20a37c35 C:\Windows\system32\jscript.dll
MD5: 306835d4e74e49a5d10f0fca0b422eb1 C:\Windows\system32\kernel32.dll
MD5: c09b9238479d17274a8cfb9216bcca09 C:\Windows\system32\Macromed\Flash\Flash10v.ocx
MD5: 4b381e429a2982dde8c0aeaae75a65e9 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: f2dc1ce3a91c87e7995500e989a5d2f1 C:\Windows\system32\MFC42u.DLL
MD5: 7db516326ef135dc100f198f6ec341b3 C:\Windows\system32\msfeeds.dll
MD5: e045c58e45895065cc2763239460ecdb C:\Windows\system32\MsgSys.dll
MD5: 6d1e32a3c964baf06b7973e7b18e3212 C:\Windows\system32\mshtml.dll
MD5: 365fef29b22f626c5756ac0dee91c249 C:\Windows\System32\msshsq.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Windows\system32\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Windows\system32\MSVCR100.dll
MD5: 5a0b0235899ec846fc914458d5cb5332 C:\Windows\System32\NLSLexicons0009.dll
MD5: 89d0e06d6165c98e47065722ce703fad C:\Windows\system32\ntdll.dll
MD5: 2e7b56837cde8b1a875df870e5200a2f C:\Windows\system32\nts.dll
MD5: cabe68b4ad2fec8c18e18f73303eb26f C:\Windows\system32\ODBC32.dll
MD5: aa406846dd60e3a4536dbaab4037b685 C:\Windows\system32\ole32.dll
MD5: fa6bd25a5a65a6ff5be4385098e3bdef C:\Windows\system32\OLEAUT32.dll
MD5: 1a58834e9c2aeccb3bd2a5801a9cdfe9 C:\Windows\system32\PDS.DLL
MD5: 9de05ce950e4bc8820464f137029b358 C:\Windows\system32\RPCRT4.dll
MD5: 301ae00e12408650baddc04dbc832830 C:\Windows\system32\rpcss.dll
MD5: 6528ee11efa77f8c8b1c6ead401f907f C:\Windows\system32\schannel.dll
MD5: 7b587b8a6d4a99f79d2902d0385f29bd C:\Windows\system32\schedsvc.dll
MD5: 048b65ec931a39a5f42016be04775274 C:\Windows\system32\SHELL32.dll
MD5: 44338cab70f1db264d2f3f9f86a5d281 C:\Windows\system32\SHLWAPI.dll
MD5: 1e3fdb80e40a3ce645f229dfbdfb7694 C:\Windows\System32\shsvcs.dll
MD5: 3665f79026a3f91fbca63f2c65a09b19 C:\Windows\System32\spoolsv.exe
MD5: 234cb691fba69e8c1be489a341586252 C:\Windows\System32\srchadmin.dll
MD5: 1925e63c91cf1610ae41bfd539062079 C:\Windows\system32\srvsvc.dll
MD5: 799aa3e04879b3fed31ecea02b1caa9a C:\Windows\system32\STacSV.exe
MD5: bf47ed87eadbf5e31f7e95d7cd2369d7 C:\Windows\system32\stapi32.dll
MD5: ed0f7e497b69b6b0fb375c283e2b44be C:\Windows\system32\t2embed.dll
MD5: eafb5897ac9cd84890171ac38862320f C:\Windows\System32\taskeng.exe
MD5: 45f40b53ec32daf51aabad4e0cd1fa0b C:\Windows\system32\urlmon.dll
MD5: a23e4692716c25e5aea300ed74e73a1c C:\Windows\system32\USP10.dll
MD5: 52a53bcccf489d4097191b7b78dffa58 C:\Windows\system32\wbem\fastprox.dll
MD5: 25873356e52849c3f5b3f1b02317e8c8 C:\Windows\System32\wbem\unsecapp.exe
MD5: da39b480239feb2cc0f4be7b185b63db C:\Windows\system32\wbem\wbemprox.dll
MD5: de4685de5130039fa63da66c0f72f787 C:\Windows\system32\WININET.dll
MD5: 801027f97983d22ab6f177c658f70c02 C:\Windows\system32\wmp.dll
MD5: 0c47181269a2e16aedd0ff4b6dbcfba9 C:\Windows\system32\wmploc.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: e402a6e79d1e4dbfeba8b364c67a3158 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.dll
MD5: d702b4e30b31bfcab7bd4e5965c1a5dc C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MD5: 81e199bfe82c106d38f989674d0dec1f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.92 KB recvd
Scanned 727 files and modules - 73 seconds
==============================================================================
Here ya go!
TWillGA
QuickScan Beta 32-bit v0.9.9.99
-------------------------------
Scan date: Thu Nov 03 09:19:24 2011
Machine ID: F2A86AFD
No infection found.
-------------------
Processes
---------
CyberLink MediaLibray Service 3668 C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
Firefox 5572 C:\Program Files\Mozilla Firefox\firefox.exe
IDT Audio 3608 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
Microsoft® Windows® Operating System 1764 C:\Windows\explorer.exe
Microsoft® Windows® Operating System 336 C:\Windows\System32\taskeng.exe
Microsoft® Windows® Operating System 3476 C:\Windows\System32\wbem\unsecapp.exe
Monitor Application 3760 C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
Symantec AntiVirus 3600 C:\Program Files\Symantec AntiVirus\VPTray.exe
Symantec Security Technologies 3592 C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Windows® Internet Explorer 156 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 500 C:\Program Files\Internet Explorer\iexplore.exe
Windows® Internet Explorer 3040 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Microsoft® Windows® Operating System 3828 C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System 3972 C:\Windows\ehome\ehmsas.exe
(verified) Microsoft® Windows® Operating System 3776 C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System 1696 C:\Windows\System32\dwm.exe
(verified) Microsoft® Windows® Operating System 3792 C:\Windows\System32\wuauclt.exe
Network activity
----------------
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.86.64.162
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.125.157.101
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 443 (HTTP over SSL) --> 74.125.65.120
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 80 (HTTP) --> 184.28.61.55
Process firefox.exe (5572) connected on port 80 (HTTP) --> 69.63.190.14
Process firefox.exe (5572) connected on port 80 (HTTP) --> 69.63.190.14
Process firefox.exe (5572) connected on port 443 (HTTP over SSL) --> 74.125.65.120
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.128
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.33.175
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 216.137.47.12
Process firefox.exe (5572) connected on port 80 (HTTP) --> 74.125.159.101
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.17
Process firefox.exe (5572) connected on port 80 (HTTP) --> 96.17.75.11
Process firefox.exe (5572) connected on port 80 (HTTP) --> 66.235.142.57
Process firefox.exe (5572) connected on port 80 (HTTP) --> 66.235.142.57
Autoruns and critical files
---------------------------
CyberLink MediaLibray Service C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
IDT Audio C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
Intel® Common User Interface C:\Windows\system32\igfxdev.dll
LG Firmware Autoupdate C:\Program Files\lg_fwupdate\fwupdate.exe
Monitor Application C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MUI StartMenu Application C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe
MUI StartMenu Application C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
Symantec AntiVirus C:\Program Files\Symantec AntiVirus\VPTray.exe
Symantec Security Technologies C:\Program Files\Common Files\Symantec Shared\ccApp.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(verified) Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
(verified) Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
(verified) Microsoft® Windows® Operating System C:\Windows\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
(verified) Windows® Internet Explorer C:\Windows\System32\webcheck.dll
Browser plugins
---------------
20-20 3D Viewer C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
ArcSoft Video Downloader C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll
BitDefender QuickScan C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
Browser Address Error Redirector C:\Program Files\Dell\BAE\BAE.dll
CouponNetwork Coupon Activator Netscape C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
DivX Web Player C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
DoggieDash.1.0.0.10 C:\Windows\Downloaded Program Files\DoggieDash.1.0.0.10.dll
HP Smart Web Printing c:\program files\hp\smart web printing\hpswp_framework.dll
Java Deployment Toolkit 6.0.220.4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U22 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Macrovision FLEXnet Connect C:\Windows\Downloaded Program Files\isusweb.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
RealJukebox NS Plugin c:\program files\real\realplayer\Netscape6\nprjplug.dll
RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
RealPlayer Version Plugin c:\program files\real\realplayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
RealPlayer™ G2 LiveConnect-Enabled P c:\program files\real\realplayer\Netscape6\nppl3260.dll
RealPlayer™ HTML5VideoShim Plug-In ( C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
Windows Presentation Foundation C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\Windows\system32\IEFRAME.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows Live Login Helper C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Missing files
-------------
File not found: C:\Program Files\Bonjour\mdnsNSP.dll
--> HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007\"LibraryPath"
Scan
----
MD5: 6d8304f4f91d3ad6f360af7169daee22 C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\ArcURLRecord.dll
MD5: 2463c6dcfff79e69dbb6544b74bfa232 C:\Program Files\ArcSoft\Media Converter for Philips\Internet Video Downloader\PluginUI.dll
MD5: 08d8fa119f2ad6ac0377fb667523482e C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: c55c71d48c43d55b3eb6dd34d64d1376 C:\Program Files\Common Files\microsoft shared\ink\tiptsf.dll
MD5: 7cfc00b4501a14cf369f869ab8e79e68 C:\Program Files\Common Files\Microsoft Shared\Windows Live\msidcrl40.dll
MD5: ebcde8b48fadc6479d96a56d0a432160 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
MD5: ab2b1de1c8f31efce2384b14b3dc4260 C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
MD5: 51778fd315c9882f1cbd932743e62a72 C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
MD5: 416acce24888703a2eccb5de31b51cf7 C:\Program Files\Common Files\Symantec Shared\ccAlert.dll
MD5: 7afdc3c713253451cd1f3c809903018b C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MD5: 205a365bd0d26637189af931dc37b79a C:\Program Files\Common Files\Symantec Shared\ccEmlPxy.dll
MD5: 1ad0f8346fec3337834d6b5a19db9291 C:\Program Files\Common Files\Symantec Shared\ccEvtCli.dll
MD5: dc5fb71c1fd81198f77961fcdb41fafc C:\Program Files\Common Files\Symantec Shared\ccL60.dll
MD5: c84a3e2a295d6a0c7d46bcb17b0be295 C:\Program Files\Common Files\Symantec Shared\ccL60U.dll
MD5: 50dcd40a177e6c84f36d555d7f727655 C:\Program Files\Common Files\Symantec Shared\ccProSub.dll
MD5: 1170c75a713a38622709dd56307ea754 C:\Program Files\Common Files\Symantec Shared\ccSet.dll
MD5: 132c031b41b0e5786e9fea5b0fe50ea8 C:\Program Files\Common Files\Symantec Shared\ccSetEvt.dll
MD5: 7d33f2009086256d21e4408d8ab4f2ce C:\Program Files\Common Files\Symantec Shared\ccSvc.dll
MD5: 47312a6af7d84f99ea9eb7b0de5440bc C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
MD5: 9c167bb694823e91663268b9f903d2ca C:\Program Files\Common Files\Symantec Shared\ccVrTrst.dll
MD5: 8f7dbc4be48f5388a6fe1f285e7948ef C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
MD5: 3ee14d400e0fdd0d214275a4a20b7022 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: a7c5909466be1f685596ae0ae9939a2c C:\Program Files\Common Files\Symantec Shared\rcEmlPxy.dll
MD5: 905782bcf15b6e5af9905b77923c7fa2 C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
MD5: ea4dac53650dc65e7d56d9f28d98c64e C:\Program Files\Common Files\Symantec Shared\SRTSP\SRTSP32.DLL
MD5: a9206960c92f5377e453ea4f32ab3346 c:\program files\common files\symantec shared\ssc\ScsComms.dll
MD5: 749aba9c6e9d5cd0fbcba8820f0b8b5c C:\Program Files\Common Files\Symantec Shared\SymNeti.dll
MD5: 3cc5076730cf551242eb8182998a4e85 C:\Program Files\Common Files\Symantec Shared\SymRedir.dll
MD5: 11efb7a1ed0a4432ef4bacf3fab37881 C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MD5: 572024f59132bc3a2ac5e60a6c48d31e C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
MD5: dfc8583f77ae7cb4c03cb1c9b34f6ba8 C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MD5: d069be6bd1daaf53c55e9c78fdce712b C:\Program Files\CyberLink\Power2Go\MSVCP71.dll
MD5: c861657ff753f4a6fa97c7adff4f3347 C:\Program Files\CyberLink\Power2Go\MSVCR71.dll
MD5: 5c5d40ddde89190b2b3a19edac1ccf55 C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe
MD5: 1a4f60ef6da38621f1091b0cb0fa2c09 C:\Program Files\Dell\BAE\BAE.dll
MD5: ef501a60c5de659c02ef1fa8ee8b3998 C:\Program Files\DellAutomatedPCTuneUp\brkrsvc.exe
MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellAutomatedPCTuneUp\GTAction\triggers\PTproct.sys
MD5: 245f62a2aa67f4a61f10174bf1017327 C:\Program Files\DellSupport\brkrsvc.exe
MD5: 413f2d5f9d802688242c23b38f767ecb C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
MD5: 6827ca29d7ad3595660271f3f05c79b5 C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 7d2fe33d9de614dcd473c4407df89d0f C:\Program Files\FileZilla FTP Client\fzshellext.dll
MD5: 58d4765ab87347db835d5693adf652c1 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: 99ed733f614660eb32199bf889dfb7e2 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: a40456de4ef7e318104955361c72ac9d c:\program files\hp\smart web printing\hpswp_framework.dll
MD5: ee60cc0f6da08452ea145ef828a76b4f C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 919f9fae1f962299cd117923beb67246 C:\Program Files\Internet Explorer\IEShims.dll
MD5: ed65737d70fdeac29f738e77d2496ee5 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 4da979e6a3269922a16d4653aef26d7f C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 3f59ede1444c14cfbaa15c7ebbfe6196 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 3ed8e561044723c6039a8a20a3ae60cc C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: b25c71018bdba3e1e0e64917f7af50a7 C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
MD5: 83e6863163364e7b7a7bc3d14e0c9cbe C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\LeaptopDeviceHook.dll
MD5: e9739b0b8920a242faacdf7b33bf346f C:\Program Files\LeapFrog\LeapFrog Connect\DeviceHooks\TagJrDeviceHook.dll
MD5: afd2eb48fed500b8e6a39ee1e5f8e33f C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
MD5: ee38d216a4b807a2af0f28b3f2fa1090 C:\Program Files\LeapFrog\LeapFrog Connect\QtCore4.dll
MD5: bda2e5ad18629ee393cb86b7ed0dacec C:\Program Files\LeapFrog\LeapFrog Connect\QtGui4.dll
MD5: fdaddea50790d895d56455c78016e058 C:\Program Files\lg_fwupdate\fwupdate.exe
MD5: 27fd37a85511a50e913e9b3fb8249c41 C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
MD5: 7f45b20a1d921f5246ac9b62c96ebb26 C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
MD5: b6fdddab3a8c94cc5b47b6f6c596f9fc C:\Program Files\Mozilla Firefox\firefox.exe
MD5: 444965ea23187b113161e0df3b8a7cff C:\Program Files\Mozilla Firefox\freebl3.dll
MD5: 0a093adfc938a4dc1fbe4f33e821aeba C:\Program Files\Mozilla Firefox\js3250.dll
MD5: d52a48b57d1499594e5cc214aa672bf1 C:\Program Files\Mozilla Firefox\MOZCPP19.dll
MD5: 1b983b717f924648fd13be572356963a C:\Program Files\Mozilla Firefox\MOZCRT19.dll
MD5: 41f6ce355d59011672e924c7d6843a49 C:\Program Files\Mozilla Firefox\nspr4.dll
MD5: 313943a1eb6b49be59200778686b36f3 C:\Program Files\Mozilla Firefox\nss3.dll
MD5: 5f52f4ab0c24feff8417beb9d09feaf1 C:\Program Files\Mozilla Firefox\nssckbi.dll
MD5: b531b6933e64af2f5062105811313db3 C:\Program Files\Mozilla Firefox\nssdbm3.dll
MD5: 3621cf0e150a0b4e5d4be9da810d5c70 C:\Program Files\Mozilla Firefox\nssutil3.dll
MD5: 3c9ed583ba25c2c4c3ac5f86f6ae1505 C:\Program Files\Mozilla Firefox\plc4.dll
MD5: 77ad486ab85913e5282911f4cf039f11 C:\Program Files\Mozilla Firefox\plds4.dll
MD5: 1c821d2aa3213ad4eccd479dec3f67b4 C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
MD5: c62d44164113cd26378382747fd3ce78 C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
MD5: c953747215143628d3724340faf73bd4 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 39c4fddc44de555514bd765b567939e3 C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
MD5: 724614b3363c3377ceac6dc8a1986c14 C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 4da979e6a3269922a16d4653aef26d7f C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
MD5: 39119c89449fc3764498f4ed78426bd3 C:\Program Files\Mozilla Firefox\smime3.dll
MD5: ddcb1183aa86739ad66c6f24b9f4f04e C:\Program Files\Mozilla Firefox\softokn3.dll
MD5: a16f5ea841760336b62ea64ae9291198 C:\Program Files\Mozilla Firefox\sqlite3.dll
MD5: a374c695629aa8002364e418d24496ab C:\Program Files\Mozilla Firefox\ssl3.dll
MD5: 2b8b81d15fa69ba228bd9c970c6a5c88 C:\Program Files\Mozilla Firefox\xpcom.dll
MD5: 85f7e8f9e031edd951c9fce6d325008d C:\Program Files\Mozilla Firefox\xul.dll
MD5: ae6e41e603ec3bec8afa2c7fec7f6a62 c:\program files\real\realplayer\Netscape6\nprjplug.dll
MD5: bf7fddf686d4d8f5ca9409222309632f c:\program files\real\realplayer\Netscape6\nprpjplug.dll
MD5: 4356f21fb6d547f22bfbc91164a597a6 C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
MD5: f2b4a9d0d0e1fbf6cca824ea0a76ffc0 C:\Program Files\Sigmatel\C-Major Audio\WDM\STLang.dll
MD5: 485a4912b2d639694f836451a2b30435 C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
MD5: 4d7603d34fad7c1226b7c2302556584a C:\Program Files\Symantec AntiVirus\Cliproxy.dll
MD5: fb937277e87f8468603f4e2d8cf9db4a C:\Program Files\Symantec AntiVirus\DefWatch.exe
MD5: 38feaf71f0dacc4dbe3df9ef347bea60 C:\Program Files\Symantec AntiVirus\NAVNTUTL.DLL
MD5: a548acf535d81a96e1b38f76a2de658f C:\Program Files\Symantec AntiVirus\Rtvscan.exe
MD5: 00ff924142d90a147bcee8975e39d9c0 C:\Program Files\Symantec AntiVirus\SavEmail.dll
MD5: 3d6ab454353a7834a0919e4cdc77b566 C:\Program Files\Symantec AntiVirus\SavRoam.exe
MD5: 62f305095a75fb319d1d91da9d4083e6 C:\Program Files\Symantec AntiVirus\VPTray.exe
MD5: d8b83790f45403b83d24fc63310e3bc7 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 94a85e956a065e23e0010a6a7826243b C:\Program Files\Windows Live\installer\WLSetupSvc.exe
MD5: 9d19b042a4fd5c02195071ea2fe0c821 C:\Program Files\Windows Live\Messenger\usnsvc.exe
MD5: 33e87713c7fe08c5f861e2819ed33a0e C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
MD5: 3c7fcbbc35e0a52ce9b12e9cc4f5b991 C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
MD5: 031992bc140364d2269349669a6979cb C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\2020Player@2020Technologies.com\plugins\NP2020Player.dll
MD5: f4a569f89a90205a095965ae628625e1 C:\Users\Toni\AppData\Roaming\Mozilla\Firefox\Profiles\c5k9xmk9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: 4403dc87cd47c803ab8c9814f95e4d9c C:\Windows\AppPatch\AcGenral.DLL
MD5: 436f1d40b9729a38a7a6a4e9576aa62c C:\Windows\Downloaded Program Files\DoggieDash.1.0.0.10.dll
MD5: 11ebc1ef713a878a14be8d5923cd355f C:\Windows\Downloaded Program Files\isusweb.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: ac47b55b38d626b678897f195793ecab C:\Windows\system32\Adobe\Director\np32dsw.dll
MD5: ef1142512bec12f1c2c87735da1755be C:\Windows\system32\aestsrv.exe
MD5: aab386da22268b3f4b1b98b77d324126 C:\Windows\system32\cba.dll
MD5: 74f26fc01b180d4a99a168ed69c30a53 C:\Windows\system32\cmd.exe
MD5: 5665120753fce7123c4deace241ee715 C:\Windows\system32\DNSAPI.dll
MD5: 4805d9a6d281c7a7defd9094dec6af7d C:\Windows\System32\dnsrslvr.dll
MD5: 48eb99503533c27ac6135648e5474457 C:\Windows\system32\drivers\afd.sys
MD5: 8b10ce1c1f9f1d47e4deb1a547a00cd4 C:\Windows\system32\drivers\agp440.sys
MD5: dc67a153fdb8105b25d05334b5e1d8e2 C:\Windows\system32\drivers\aliide.sys
MD5: 848f27e5b27c1c253f6cefdc1a5d8f21 C:\Windows\system32\drivers\amdagp.sys
MD5: 835c4c3355088298a5ebd818fa31430f C:\Windows\system32\drivers\amdide.sys
MD5: cd4646067cc7dcba1907fa0acf7e3966 C:\Windows\system32\DRIVERS\bcm4sbxp.sys
MD5: 6aae1042c0a572b24d2a4d6088f03392 C:\Windows\system32\DRIVERS\bcmwl6.sys
MD5: 8153396d5551276227fa146900f734e6 C:\Windows\system32\DRIVERS\bowser.sys
MD5: a0b1aeb65397adcae5a199bd152c107d C:\Windows\system32\drivers\BVRPMPR5.SYS
MD5: 96540c491b68d14c2a01eb2e61fad130 C:\Windows\system32\DRIVERS\CdpPacket.sys
MD5: e79cbb2195e965f6e3256e2c1b23fd1c C:\Windows\system32\drivers\cmdide.sys
MD5: b5ecadf7708960f1818c7fa015f4c239 C:\Windows\system32\DRIVERS\CVirtA.sys
MD5: 1c2999966f0f36aa44eaecbee70cf770 C:\Windows\system32\Drivers\CVPNDRVA.sys
MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\Windows\system32\DRIVERS\datunidr.sys
MD5: a3e9fa213f443ac77c7746119d13feec C:\Windows\System32\Drivers\dfsc.sys
MD5: 7b4fdfbe97c047175e613aa96f3de987 C:\Windows\system32\DRIVERS\dne2000.sys
MD5: 4f59c172c094e1a1d46463a8dc061cbd C:\Windows\system32\DRIVERS\Dot4.sys
MD5: 80bf3ba09f6f2523c8f6b7cc6dbf7bd5 C:\Windows\system32\DRIVERS\Dot4Prt.sys
MD5: c55004ca6b419b6695970dfe849b122f C:\Windows\system32\DRIVERS\dot4usb.sys
MD5: dfeabb7cfffadea4a912ab95bdc3177a C:\Windows\system32\DRIVERS\dsunidrv.sys
MD5: 7505290504c8e2d172fa378cc0497bcc C:\Windows\system32\DRIVERS\e1e6032.sys
MD5: 85e5ad3a9d56fd6f92db5fc9ca62e2e4 C:\Windows\system32\DRIVERS\FlyUsb.sys
MD5: 4daca8f07537d4d7e3534bb99294aa26 C:\Windows\system32\DRIVERS\HSX_CNXT.sys
MD5: e9e589c9ab799f52e18f057635a2b362 C:\Windows\system32\DRIVERS\HSX_DPV.sys
MD5: 7845d2385f4dc7dfb3ccaf0c2fa4948e C:\Windows\system32\DRIVERS\HSXHWAZL.sys
MD5: fd7f9d74c2b35dbda400804a3f5ed5d8 C:\Windows\system32\drivers\iastor.sys
MD5: bbace0293b73bf8c7cb591f2d06f26fa C:\Windows\system32\DRIVERS\igdkmd32.sys
MD5: 0084046c084d68e494f8cf36bcf08186 C:\Windows\system32\DRIVERS\intelide.sys
MD5: 2f8ece2699e7e2070545e9b0960a8ed2 C:\Windows\system32\drivers\isapnp.sys
MD5: 5353218b3265e3b8190335059f697a11 C:\Windows\system32\DRIVERS\lgusbbus.sys
MD5: bc8b39fc8782a954af119bfbe8a77414 C:\Windows\system32\DRIVERS\lgusbdiag.sys
MD5: 083031a78822eccbd7510bccd3e20d4c C:\Windows\system32\DRIVERS\lgusbmodem.sys
MD5: 5734a0f2be7e495f7d3ed6efd4b9f5a1 C:\Windows\system32\DRIVERS\mrxsmb.sys
MD5: 6b5fa5adfacac9dbbe0991f4566d7d55 C:\Windows\system32\DRIVERS\mrxsmb10.sys
MD5: 5c80d8159181c7abf1b14ba703b01e0b C:\Windows\system32\DRIVERS\mrxsmb20.sys
MD5: d420bc42a637ac3cc4f411220549c0dc C:\Windows\system32\drivers\msahci.sys
MD5: 055081fd5076401c1ee1bcab08d81911 C:\Windows\system32\drivers\nv_agp.sys
MD5: 9d20fa5d8875f6063aa5e1c44446f698 C:\Windows\system32\DRIVERS\OEM02Dev.sys
MD5: 86326062a90494bdd79ce383511d7d69 C:\Windows\system32\DRIVERS\OEM02Vfx.sys
MD5: 1962166e0ceb740704f30fa55ad3d509 C:\Windows\System32\Drivers\PxHelp20.sys
MD5: 0245418224cfa77bf4b41c2fe0622258 C:\Windows\system32\drivers\rdpdr.sys
MD5: d85e3fa9f5b1f29bb4ed185c450d1470 C:\Windows\system32\DRIVERS\rimmptsk.sys
MD5: db8eb01c58c9fada00c70b1775278ae0 C:\Windows\system32\DRIVERS\rimsptsk.sys
MD5: 6c1f93c0760c9f79a1869d07233df39d C:\Windows\system32\DRIVERS\rixdptsk.sys
MD5: 126ea89bcc413ee45e3004fb0764888f C:\Windows\system32\DRIVERS\sdbus.sys
MD5: 96ded8b20c734ac41641ce275250e55d C:\Windows\system32\drivers\sffp_mmc.sys
MD5: 08072b2fb92477fc813271a84b3a8698 C:\Windows\system32\drivers\sisagp.sys
MD5: d15da1ba189770d93eea2d7e18f95af9 C:\Windows\System32\Drivers\sptd.sys
MD5: 1b2a1c6bc76e1ebe8bc2f4a4f3d43e23 C:\Windows\System32\Drivers\SRTSP.SYS
MD5: f01a7f6e60e95fe83345cf92728a32d4 C:\Windows\System32\Drivers\SRTSPL.SYS
MD5: d02812f89e18c6fb32f901be1e10bc17 C:\Windows\System32\Drivers\SRTSPX.SYS
MD5: 2252aef839b1093d16761189f45af885 C:\Windows\System32\DRIVERS\srv.sys
MD5: b7ff59408034119476b00a81bb53d5d1 C:\Windows\System32\DRIVERS\srv2.sys
MD5: 2accc9b12af02030f531e6cca6f8b76e C:\Windows\System32\DRIVERS\srvnet.sys
MD5: 751e66eb32efa80633b80f5d7ff0a1d8 C:\Windows\system32\DRIVERS\sscdserd.sys
MD5: 5af135b2e2097d4494b9067ce84e2665 C:\Windows\system32\drivers\stwrt.sys
MD5: 9d98270b5f10a4c84e8da417c30756e1 C:\Windows\system32\Drivers\SYMEVENT.SYS
MD5: 7f4011a719bf30e3dbd84d3a0a45c91c C:\Windows\System32\Drivers\SYMREDRV.SYS
MD5: 2f03cbdb0f22278d05d5d616c993ab58 C:\Windows\System32\Drivers\SYMTDI.SYS
MD5: dd17b63f26430e179ef6bdef5ac735bd C:\Windows\system32\DRIVERS\SynTP.sys
MD5: 6d72ef05921abdf59fc45c7ebfe7e8dd C:\Windows\system32\drivers\uliagpkx.sys
MD5: d5929a28bdff4367a12caf06af901971 C:\Windows\system32\drivers\viaagp.sys
MD5: f3b4762eb85a2aff4999401f14c3262b C:\Windows\system32\drivers\viaide.sys
MD5: 0cec23084b51b8288099eb710224e955 C:\Windows\system32\DRIVERS\wpdusb.sys
MD5: 28dc5d626e036a75a572556f0a6eb1f6 C:\Windows\system32\DRIVERS\xaudio.exe
MD5: 5a7ff9a18ff6d7e0527fe3abf9204ef8 C:\Windows\system32\DRIVERS\xaudio.sys
MD5: b7bf68e1fee5fbc360fabdf8c4f4540a C:\Windows\system32\fdproxy.dll
MD5: d547391c463e4b329b597a3bc07ea29d C:\Windows\system32\FunDisc.dll
MD5: 51c6d8bfbd4ea5b62a1ba7f4469250d3 C:\Windows\system32\HPZinw12.dll
MD5: 79834aa2fbf9fe81eebb229024f6f7fc C:\Windows\system32\HPZipm12.dll
MD5: 5bb1b169530e1d48ab302ed086f5ecf9 C:\Windows\system32\IEFRAME.dll
MD5: 9f439371530a3e7b76c6851260ae4fb0 C:\Windows\system32\iepeers.dll
MD5: b86cb6276da2518d3501b4991e9ad4ce C:\Windows\system32\iertutil.dll
MD5: b2aa9fde39074713ed3bc9e523b470c7 C:\Windows\system32\IEUI.dll
MD5: 7be97f43723dc53b65a6de5fca76e4c2 C:\Windows\system32\igdumd32.dll
MD5: 2309320e453a7004b65c4d4075c1e7d6 C:\Windows\system32\igfxdev.dll
MD5: f530a7b2408a8d95518cc68057504bca C:\Windows\system32\igfxsrvc.dll
MD5: 109f6c42b99f746e4963f252768667ac C:\Windows\system32\igfxTMM.dll
MD5: 812b78d537e5ba9d8d25a66e20a37c35 C:\Windows\system32\jscript.dll
MD5: 306835d4e74e49a5d10f0fca0b422eb1 C:\Windows\system32\kernel32.dll
MD5: c09b9238479d17274a8cfb9216bcca09 C:\Windows\system32\Macromed\Flash\Flash10v.ocx
MD5: 4b381e429a2982dde8c0aeaae75a65e9 C:\Windows\system32\Macromed\Flash\NPSWF32.dll
MD5: f2dc1ce3a91c87e7995500e989a5d2f1 C:\Windows\system32\MFC42u.DLL
MD5: 7db516326ef135dc100f198f6ec341b3 C:\Windows\system32\msfeeds.dll
MD5: e045c58e45895065cc2763239460ecdb C:\Windows\system32\MsgSys.dll
MD5: 6d1e32a3c964baf06b7973e7b18e3212 C:\Windows\system32\mshtml.dll
MD5: 365fef29b22f626c5756ac0dee91c249 C:\Windows\System32\msshsq.dll
MD5: 03e9314004f504a14a61c3d364b62f66 C:\Windows\system32\MSVCP100.dll
MD5: 67ec459e42d3081dd8fd34356f7cafc1 C:\Windows\system32\MSVCR100.dll
MD5: 5a0b0235899ec846fc914458d5cb5332 C:\Windows\System32\NLSLexicons0009.dll
MD5: 89d0e06d6165c98e47065722ce703fad C:\Windows\system32\ntdll.dll
MD5: 2e7b56837cde8b1a875df870e5200a2f C:\Windows\system32\nts.dll
MD5: cabe68b4ad2fec8c18e18f73303eb26f C:\Windows\system32\ODBC32.dll
MD5: aa406846dd60e3a4536dbaab4037b685 C:\Windows\system32\ole32.dll
MD5: fa6bd25a5a65a6ff5be4385098e3bdef C:\Windows\system32\OLEAUT32.dll
MD5: 1a58834e9c2aeccb3bd2a5801a9cdfe9 C:\Windows\system32\PDS.DLL
MD5: 9de05ce950e4bc8820464f137029b358 C:\Windows\system32\RPCRT4.dll
MD5: 301ae00e12408650baddc04dbc832830 C:\Windows\system32\rpcss.dll
MD5: 6528ee11efa77f8c8b1c6ead401f907f C:\Windows\system32\schannel.dll
MD5: 7b587b8a6d4a99f79d2902d0385f29bd C:\Windows\system32\schedsvc.dll
MD5: 048b65ec931a39a5f42016be04775274 C:\Windows\system32\SHELL32.dll
MD5: 44338cab70f1db264d2f3f9f86a5d281 C:\Windows\system32\SHLWAPI.dll
MD5: 1e3fdb80e40a3ce645f229dfbdfb7694 C:\Windows\System32\shsvcs.dll
MD5: 3665f79026a3f91fbca63f2c65a09b19 C:\Windows\System32\spoolsv.exe
MD5: 234cb691fba69e8c1be489a341586252 C:\Windows\System32\srchadmin.dll
MD5: 1925e63c91cf1610ae41bfd539062079 C:\Windows\system32\srvsvc.dll
MD5: 799aa3e04879b3fed31ecea02b1caa9a C:\Windows\system32\STacSV.exe
MD5: bf47ed87eadbf5e31f7e95d7cd2369d7 C:\Windows\system32\stapi32.dll
MD5: ed0f7e497b69b6b0fb375c283e2b44be C:\Windows\system32\t2embed.dll
MD5: eafb5897ac9cd84890171ac38862320f C:\Windows\System32\taskeng.exe
MD5: 45f40b53ec32daf51aabad4e0cd1fa0b C:\Windows\system32\urlmon.dll
MD5: a23e4692716c25e5aea300ed74e73a1c C:\Windows\system32\USP10.dll
MD5: 52a53bcccf489d4097191b7b78dffa58 C:\Windows\system32\wbem\fastprox.dll
MD5: 25873356e52849c3f5b3f1b02317e8c8 C:\Windows\System32\wbem\unsecapp.exe
MD5: da39b480239feb2cc0f4be7b185b63db C:\Windows\system32\wbem\wbemprox.dll
MD5: de4685de5130039fa63da66c0f72f787 C:\Windows\system32\WININET.dll
MD5: 801027f97983d22ab6f177c658f70c02 C:\Windows\system32\wmp.dll
MD5: 0c47181269a2e16aedd0ff4b6dbcfba9 C:\Windows\system32\wmploc.dll
MD5: a9662bcf218bc76869a8d91635d5f93a C:\Windows\System32\Wpc.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: e402a6e79d1e4dbfeba8b364c67a3158 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.6001.18523_none_886c608850a2f36f\COMCTL32.dll
MD5: d702b4e30b31bfcab7bd4e5965c1a5dc C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6001.18523_none_5cdd65e20837faf2\comctl32.dll
MD5: 81e199bfe82c106d38f989674d0dec1f C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll
No file uploaded.
Scan finished - communication took 1 sec
Total traffic - 0.01 MB sent, 0.92 KB recvd
Scanned 727 files and modules - 73 seconds
==============================================================================
#38
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 04 November 2011 - 08:12 AM
Hi TWillGA,
I didn't see any indication of a major malware infection in any of your logs. Combofix removed an unwanted program and other minor infections and we removed orphaned entries and reset some Internet Explorer settings with OTL.
I was concerned about the blue screens when running programs account that is sometimes an indicator of either rootkit activity or a hardware, software, or memory problem.
Your computer must have been hanging on a file or program that was taken care of with OTL since we were able to completely run scans afterwords.
Congratulations!! You appear to be all clean.
Step 1.
Update Programs
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
Please follow these steps to remove older version Java components and update:
Go to
> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
Your Adobe Reader is out of date. Please go here to update. Uncheck the McAfee scan option
You may need to manually delete older copies of Adobe Reader via Add/Remove Programs.
Step 2.
We need to do a little house cleaning.
Step 1.
Re-enable emulation
Double click DeFogger to run the tool.
The following two procedures need to be done in the order listed. If you can not do so please let me know.
Step 2.
Uninstall ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall Note the space between the X and the /U.
Please advise if this step is missed for any reason as it performs some important functions.
If ComboFix asks to update please allow it to do so.
Step 3.
Please open OTL
You can now uninstall any other programs we may have used and delete any logs that may have been generated.
Most can be deleted by right clicking and choosing Delete. Others, such as ESET online scan can be removed via Control Panel | Add/Remove Programs
Step 4.
Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.
Your Vista operating system is out of date. It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here
I recommend that you visit the link above and install Vista Service Pack 2 or either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.
Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes
If you have any questions please do not hesitate to ask.
Thanks!!
I didn't see any indication of a major malware infection in any of your logs. Combofix removed an unwanted program and other minor infections and we removed orphaned entries and reset some Internet Explorer settings with OTL.
I was concerned about the blue screens when running programs account that is sometimes an indicator of either rootkit activity or a hardware, software, or memory problem.
Your computer must have been hanging on a file or program that was taken care of with OTL since we were able to completely run scans afterwords.
Congratulations!! You appear to be all clean.
Step 1.
Update Programs
Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.
- Microsoft: ‘Unprecedented Wave of Java Exploitation’
- Drive-by Trojan preying on out-of-date Java installations
- Ghosts of Java Haunt Users
Please follow these steps to remove older version Java components and update:
- Download the latest version of Java Runtime Environment (JRE) Version 7 and save it to your desktop.
- Look for "Java Platform, Standard Edition".
- Click the "Download JRE" button to the right.
- Read the License Agreement, and then check the box that says: "Accept License Agreement".
- From the list, select your OS and Platform (32-bit or 64-bit).
- If a download for an Offline Installation is available, it is recommended to choose that and save the file to your desktop.
- Close any programs you may have running - especially your web browser.
Go to
> Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.- Check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
- Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
- Repeat as many times as necessary to remove each Java versions.
- Reboot your computer once all Java components are removed.
- Then from your desktop double-click on jre-7u1-windows-i586-s.exe (or jre-7u1-windows-x64.exe for 64-bit) to install the newest version.
- If using Windows 7 or Vista and the installer refuses to launch due to insufficient user permissions, then Run As Administrator.
- When the Java Setup - Welcome window opens, click the Install > button.
- If offered to install a Toolbar, just uncheck the box before continuing unless you want it.
- The McAfee Security Scan Plus tool is installed by default unless you uncheck the McAfee installation box when updating Java.
Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications but it's not necessary.
To disable the JQS service if you don't want to use it:
- Go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter.
- Click Ok and reboot your computer.
Your Adobe Reader is out of date. Please go here to update. Uncheck the McAfee scan option
You may need to manually delete older copies of Adobe Reader via Add/Remove Programs.
Step 2.
We need to do a little house cleaning.
Step 1.
Re-enable emulation
Double click DeFogger to run the tool.
- The application window will appear
- Click the Re-enable button to enable your CD Emulation drivers
- Click Yes to continue
- A 'Finished!' message will appear
- Click OK
- DeFogger might ask to reboot the machine - click OK
The following two procedures need to be done in the order listed. If you can not do so please let me know.
Step 2.
Uninstall ComboFix
The following will implement some cleanup procedures as well as reset System Restore points:
Click Start > Run and copy/paste the following bolded text into the Run box and click OK:
ComboFix /Uninstall Note the space between the X and the /U.
Please advise if this step is missed for any reason as it performs some important functions.
If ComboFix asks to update please allow it to do so.
Step 3.
Please open OTL
- Double click on the
icon on your desktop. - Click the "Cleanup" checkbox.
- You will be asked, "Begin Cleanup Process"
- Select Yes
- You will be prompted to restart your computer.
You can now uninstall any other programs we may have used and delete any logs that may have been generated.
Most can be deleted by right clicking and choosing Delete. Others, such as ESET online scan can be removed via Control Panel | Add/Remove Programs
Step 4.
Here are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of them, however, by following the rest of them you will reduce the risk of becoming re-infected.
Your Vista operating system is out of date. It is critical to stay up to date with the latest upgrades to your Operating System, as this can help prevent future problems. You can find microsoft updates here
I recommend that you visit the link above and install Vista Service Pack 2 or either enable 'Automatic Updates' under Start | Control Panel | Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.
New viruses come out every minute, so it is essential that you keep your antivirus program updated and have the latest signatures to provide you with the best possible protection from malicious software.
Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
Make sure you use a firewall. A tutorial on understanding and using firewalls may be found here. For most users the built in Windows Firewall is sufficient. Only use one firewall at a time though.
Malware Byte's Anti Malware is an excellent Anti-Spyware scanner. It's scan times are usually under ten minutes, and has excellent detection and removal rates.
SuperAntiSpyware is another good scanner with high detection and removal rates. Both programs are free for non commercial home use but provide
a resident and do not nag if you purchase the paid versions. I personally prefer and highly recommend the licensed version of MBAM.
Please read and follow How did I get infected?, With steps so it does not happen again! as well as How to prevent Malware by Miekiemoes
If you have any questions please do not hesitate to ask.
Thanks!!
PW
#39
- Member
-
- Group: Members
- Posts: 21
- Joined: 08-October 11
Posted 05 November 2011 - 09:59 AM
Hi pwgib,
Thanks so much! I'll complete these steps now and let you know of any issues.
TWillGA
Thanks so much! I'll complete these steps now and let you know of any issues.
TWillGA
#40
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 06 November 2011 - 05:43 PM
PW
#41
- Forum Addict
-
- Group: Malware Response Team
- Posts: 2,859
- Joined: 14-February 05
- Gender:Male
- Location:God's Country
Posted 11 November 2011 - 09:09 AM
It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
PW
