Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Digital protection..i need help


  • Please log in to reply
7 replies to this topic

#1 kooshykins

kooshykins

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:19 AM

Posted 25 April 2010 - 01:47 AM

My Laptop is infected with digital protection. I already use the Malware bytes antimalware program following the instruction at the spy ware removal sectionbut it's still controlling my computer.

I badly need help ..Thanks in advance.


Kooshy

BC AdBot (Login to Remove)

 


#2 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 25 April 2010 - 11:09 AM

Hi kooshykins,

Could you provide some more clues please such as any other symptoms that you might be experiencing? What version of windows are you using? Also, would you mind posting your Malwarebytes scanning log? If you open MBAM, then go to logs, and then click on the bottom most log file which should bring up notepad. You can then copy everything from there into the next post.

Also, have you tried any other scanning programs yet? SUPERAntispyware is also a great one to run and instructions on it can be found here.

#3 kooshykins

kooshykins
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:19 AM

Posted 25 April 2010 - 04:30 PM

Thanks for the prompt reply.

I am using windows vista. Digital protection popping up , on the right bottom side it keeps saying "danger! A security threat detected on your computer. Trojan ASPX.JS.Win 32....... and Unauthorized person tries to steal your passwords and private i information ...." And then the computer will shut off by itself.

Here is my Malwarebytes result scan;

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Database version: 4030

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

4/24/2010 9:26:17 AM
mbam-log-2010-04-24 (09-26-17).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 347409
Time elapsed: 2 hour(s), 6 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 6
Registry Values Infected: 8
Registry Data Items Infected: 0
Folders Infected: 2
Files Infected: 44

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\Users\owner\AppData\Local\Temp\r71gloc.dll (Trojan.Ertfor) -> Delete on reboot.

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\YVIBBBHA8C (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\QZAIB7KITK (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mcexecwin (Trojan.Ertfor) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87efjhdsf87f3jfsdi7fhsujfd (Trojan.Clicker) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\hsf87sdhfush87fsufhuie3fddf (Trojan.Ertfor) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sjfkiear (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\digital protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\yvibbbha8c (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\winid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection (Rogue.DigitalProtection) -> Quarantined and deleted successfully.

Files Infected:
C:\Users\owner\AppData\Local\Temp\r71gloc.dll (Trojan.Ertfor) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\cmd.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\nycwt59h.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\dyryrwpui\buvmdootssd.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\8360835.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\acsrmnewxo.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\avp32.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\coanrwesmx.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\debug.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\Ex2.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\Exz.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\geurge.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\gmfrxpgv.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\k9gq0krh.exe (Trojan.Ertfor) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\mdm.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\rkmmoy.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\rmwxnoceas.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\uaufqma.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\v8htcyiv5xscc.exe (Trojan.Clicker) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\RarSFX0\hor0410e.exe (Adware.Adrotator) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\VirtualStore\Windows\SysWOW64\net.net (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\8E5C13097DA106641A474F3AEA66F1AB\newupdate1142C.exe (Malware.Packer.Gen) -> Quarantined and deleted successfully.
C:\cleansweep.exe\cleansweep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\cleansweep.exe\config.bin (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\About.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Activate.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Buy.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection Support.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Digital Protection.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Scan.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Settings.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Digital Protection\Update.lnk (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\PRAGMA7b6f.tmp (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\Desktop\Digital Protection.LNK (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\Digital Protection\digprot.exe (Rogue.DigitalProtection) -> Quarantined and deleted successfully.
C:\Users\owner\Favorites\_favdata.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\Ex1.exe (Trojan.FakeAlert) -> Delete on reboot.
C:\Users\owner\AppData\Local\Temp\dhdhtrdhdrtr5y (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\Temp\jisfije9fjoiee.tmp (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Users\owner\Local Settings\Application Data\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.
C:\Users\owner\AppData\Local\ave.exe (Rogue.MultipleAV) -> Quarantined and deleted successfully.




And here is the result of the Superantispyware scan log too;

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 04/24/2010 at 12:17 PM

Application Version : 4.35.1002

Core Rules Database Version : 4744
Trace Rules Database Version: 1978

Scan type : Complete Scan
Total Scan Time : 02:28:23

Memory items scanned : 174
Memory threats detected : 0
Registry items scanned : 6875
Registry threats detected : 0
File items scanned : 239423
File threats detected : 73

Adware.Tracking Cookie
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@doubleclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@content.yieldmanager[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@advertising[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@imrworldwide[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.redorbit[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adecn[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bs.serving-sys[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@questionmarket[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@advertise[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@media6degrees[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@burstbeacon[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@www.idealsexy[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@tacoda[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@crackle[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bluestreak[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@eas.apm.emediate[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.chikka[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@bannertgt[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@apmebf[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@fastclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adx.bidsystem[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@at.atwola[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@revsci[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@www.burstbeacon[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@atdmt[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@collective-media[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@pointroll[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@rotator.adjuggler[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@content.yieldmanager[3].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@content.yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adbrite[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@adinterax[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@burstnet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.pointroll[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@www.burstnet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ads.gossipcenter[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@ad.yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@serving-sys[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\owner@invitemedia[2].txt
C:\Users\owner\AppData\Local\Temp\Low\Cookies\owner@ad.wsod[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@a1.interclick[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.slutload[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad.wsod[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad2.clickhype[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ad2.doublepimp[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@adecn[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.bleepingcomputer[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.exgfnetwork[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.undertone[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@ads.whaleads[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@bluestreak[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@burstnet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@chitika[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@collective-media[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@content.yieldmanager[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@exaporn[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@imrworldwide[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@interclick[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@invitemedia[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@legolas-media[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@media.adfrontiers[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@naiadsystems[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@pornhub[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@revsci[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@richmedia.yahoo[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@specificmedia[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.burstnet[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.exaporn[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.mynortonaccount[2].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@www.myteenexgf[1].txt
C:\Users\owner\AppData\Roaming\Microsoft\Windows\Cookies\Low\owner@yieldmanager[1].txt

Adware.Vundo/Variant-MSE
C:\USERS\OWNER\APPDATA\LOCAL\TEMP\MSIXTCEJ.DLL

#4 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 25 April 2010 - 07:05 PM

Even after running both of those scans you are still having the same issue? Have you noticed anything different since you ran the scans?

Did you run Malwarebytes in normal mode or safe mode? Malwarebytes seems to do better running in normal mode, so if you haven't run Malwarebytes in normal mode yet, please do so.

And SUPERAntispyware should be run in safe mode without networking. If you have already done that too in safe mode, then I would try two other things.

First, I would run Dr.Web CureIt in either safe or normal mode, but make sure you do a complete scan.

Second, I would then run an online scanner such as Bitdefender.

#5 kooshykins

kooshykins
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:19 AM

Posted 26 April 2010 - 02:59 PM

It has 37 viruses found in Dr. Web Cureit some of it were deleted and moved but some of it cannnot be deleted. I also ran the Bitdefender and has found no viruses. I cannot copy and paste the result of the Dr. Webcureit.

QuickScan Beta 32-bit v0.9.9.18
-------------------------------

Scan date: Mon Apr 26 14:37:34 2010
Machine ID: 35A36C9D



No infection found.
-------------------



Processes
---------
<unsigned> hpwuSchd Application 4064 C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
<unsigned> Device Monitor Application 3740 C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
<unsigned> Kodak EasyShare Software 4020 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
<unsigned> ReminderApp.exe 4084 C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe

<verified> Ad-Aware Tray Application 4184 C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Firefox 4048 C:\Program Files (x86)\Mozilla Firefox\firefox.exe
<verified> hp digital imaging - hp all-in-one seri 4004 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
<verified> iTunes 3376 C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Microsoft Office OneNote 4040 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
<verified> RAID Event Monitor 3696 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
<verified> Search Protection 824 C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
<verified> Windows® Internet Explorer 3340 C:\Program Files (x86)\Internet Explorer\IELowutil.exe
<verified> Yahoo! Messenger 4272 C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe


Network activity
----------------
Process firefox.exe (4048) connected on port 80 (HTTP) --> iw-in-f139.1e100.net
Process firefox.exe (4048) connected on port 80 (HTTP) --> a184-50-229-115.deploy.akamaitechnologies.com

Process lxdcamon.exe (3740) listens on ports: 38188


Autoruns and critical files
---------------------------
<unsigned> hpwuSchd Application C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
<unsigned> CEEment C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
<unsigned> Kodak EasyShare Software C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
<unsigned> QuickTime C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> ReminderApp.exe C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
<unsigned> SuperAntiSpyware c:\program files (x86)\superantispyware\sasseh.dll
<unsigned> SUPERAntiSpyware WinLogon Processor C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll

<verified> Ad-Aware Tray Application C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
<verified> Adobe Acrobat C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> cdloader2 C:\Users\owner\AppData\Roaming\mjusbsp\cdloader2.exe
<verified> hp digital imaging - hp all-in-one seri C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
<verified> HP Health Check Scheduler c:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
<verified> iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
<verified> Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehTray.exe
<verified> Microsoft® Windows® Operating System c:\windows\system32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> OLYMPUS Master C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\FirstStart.exe
<verified> OLYMPUS Master C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
<verified> Pando Media Booster C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
<verified> Search Protection C:\Program Files (x86)\Yahoo!\Search Protection\SearchProtection.exe
<verified> Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
<verified> Windows® Internet Explorer c:\windows\syswow64\webcheck.dll
<verified> Yahoo! Messenger C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe


Browser plugins
---------------
<unsigned> Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> FFExternalAlert.dll C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\FFExternalAlert.dll
<unsigned> Google Earth Plugin C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MetaStream 3 Plugin C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> QuickTime Plug-in 7.6.5 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> RadioWMPCore.dll C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\RadioWMPCore.dll
<unsigned> Shockwave for Director C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> unagiuninst.exe C:\Windows\Downloaded Program Files\unagiuninst.exe

<verified> AcroIEHelperShim Library c:\program files (x86)\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
<verified> AOL Media Playback Control C:\Windows\Downloaded Program Files\ampAx3.0.84.2.dll
<verified> BitDefender QuickScan C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> Google Update C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll
<verified> Google Updater C:\Program Files (x86)\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
<verified> GoogleToolbarNotifier C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll
<verified> HP Smart Web Printing c:\program files (x86)\hp\digital imaging\smart web printing\hpswp_bho.dll
<verified> Java™ Platform SE 6 U2 c:\program files (x86)\java\jre1.6.0_02\bin\ssv.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\NLAapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Mozilla Default Plug-in C:\Program Files (x86)\Mozilla Firefox\plugins\npnul32.dll
<verified> Norton Confidential C:\Program Files (x86)\Norton Internet Security\Engine\17.6.0.32\CoIEPlg.dll
<verified> npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\system32\Macromed\Flash\NPSWF32.dll
<verified> Pando Web Installer C:\Program Files (x86)\Mozilla Firefox\plugins\npPandoWebInst.dll
<verified> Symantec Intrusion Detection c:\program files (x86)\norton internet security\engine\17.6.0.32\ipsbho.dll
<verified> Unity Player C:\Program Files (x86)\Unity\WebPlayer\loader\npUnity3D32.dll
<verified> Windows C:\Windows\system32\wpclsp.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer c:\windows\syswow64\ieframe.dll
<verified> Yahoo Application State Plugin C:\Program Files (x86)\Yahoo!\Shared\npYState.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files (x86)\Mozilla Firefox\plugins\npyaxmpb.dll
<verified> Yahoo! Single Instance for Mail c:\program files (x86)\yahoo!\companion\installs\cpn2\ytsingleinstance.dll
<verified> Yahoo! Toolbar c:\program files (x86)\yahoo!\companion\installs\cpn2\yt.dll


Missing files
-------------
File not found: C:\Program Files (x86)\AWS\WeatherBug\Weather.exe 1
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Weather"

File not found: C:\Users\owner\AppData\Local\Temp\msixtcej.dll
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"lsgppb"


Scan
----
<unsigned> MD5: 292f92469efb2fd402e00742c06d539d C:\Program Files (x86)\Bonjour\mdnsNSP.dll
<unsigned> MD5: 1cf03c69b49acb70c722df92755c0c8c C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
<unsigned> MD5: d571c606e4391449293a706588cc4bdd C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
<unsigned> MD5: 73c8c1e57469ebb28fdd9412700d19c0 C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
<unsigned> MD5: a19b0bb5a7eb6df2dd4a0711d36955ee c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
<unsigned> MD5: d8774ace03b46c9b01a49818055f9ad4 C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
<unsigned> MD5: f8a72aaa21018bbfc334c421fec53f15 C:\Program Files (x86)\hewlett-packard\sdp\ceement\HPCEE.exe
<unsigned> MD5: 04c1dcbb226c6ae647b794833ce3ceb6 C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
<unsigned> MD5: 3bb05b7800554d34fd8c6c32619c1fb9 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.dll
<unsigned> MD5: 189e8fc6a3f77c72ed3479b3d1927b69 C:\Program Files (x86)\HP\Digital Imaging\bin\hpotra08.rsc
<unsigned> MD5: aacda5bd504567bf531dbe73d257e8bf C:\Program Files (x86)\HP\Digital Imaging\bin\hpotradd.dll
<unsigned> MD5: 187924625a55edc7b196b82777c5074a C:\Program Files (x86)\HP\Digital Imaging\bin\HpqCPTA.dll
<unsigned> MD5: 0a3c6aa4a9fc38c20ba4eac2c3351c05 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll
<unsigned> MD5: cfb58c9a53b56892817c3519e32c4502 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddcmn.dll
<unsigned> MD5: ee4c7a4cf2316701ffde90f404520265 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll
<unsigned> MD5: 15eed25cd325f6209bb109c1ce88576e C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddusr.dll
<unsigned> MD5: 4122925c28e461811c033276e25589e9 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqmif08.dll
<unsigned> MD5: 3c69ce161c7007e9ad53a325492d446a C:\Program Files (x86)\HP\Digital Imaging\bin\hpqrif08.dll
<unsigned> MD5: a5699775554de8897924a0f6eb5729c9 C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRTA.dll
<unsigned> MD5: 048ee50bb0bfefaae690fa3abc82e9c7 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtao08.dll
<unsigned> MD5: 2f72347a477a4a2f783a6aff58aad750 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.rsc
<unsigned> MD5: f0be01dc3881c402b0de6b9c918347da C:\Program Files (x86)\HP\Digital Imaging\bin\hpquio08.dll
<unsigned> MD5: 2ab5f9e7d0780364f8bfea5cf3180240 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusg.dll
<unsigned> MD5: eec6910d6da48e66390964735bc97b05 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqxml2.dll
<unsigned> MD5: 062f3db9afa9c3ce0da52f28595c0c6d C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
<unsigned> MD5: 3ca446212e92933f118041ae6a30e89e C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ENU\iaaMon_ENU.dll
<unsigned> MD5: c19087a83eaf9120ab4a48c994c1db15 C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\ISDI.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
<unsigned> MD5: 68eedccf7568cf9abf31b35f389fec04 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Acqmod.esx
<unsigned> MD5: 141290dbb2489d475e1ee64d14aed8fe C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AddressBook.esx
<unsigned> MD5: 1e4258e30ae5ac2f776efd2ee6bdcfb7 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\AppCore.dll
<unsigned> MD5: 825eace276b9366d96d8cbf465cbc6dd C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\areaifdll.dll
<unsigned> MD5: 27c4cec2f1d7b3e329dfb123580db88b C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Atlas.dll
<unsigned> MD5: 6e90723575f3968846b2afdf1af350b2 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CameraCollection.esx
<unsigned> MD5: 4294717a05d898998b7a837d5cde84f3 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\CreativeProjects.esx
<unsigned> MD5: f6ae534e577381d0a804e21a33c5d42f C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\dbghelp.dll
<unsigned> MD5: bf25368736ff2b9e5a01b02370112b0b C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DibLibIP.dll
<unsigned> MD5: 8abf751babc56e174f08e8299714c1ed C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\DXRawFormatHandler.esx
<unsigned> MD5: ad0ba83dffcc8af2838b043b58680a1d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EasyShare.exe
<unsigned> MD5: d1efda05d86b777b88989ab5837126ec C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\EGCreatives.esx
<unsigned> MD5: 456a2621769879573e574676adc81266 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESApp.dll
<unsigned> MD5: a0b5c72328a35545a86a84a70e58b459 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
<unsigned> MD5: 862cae458c2beea5f0a81424051ac379 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESColl.esx
<unsigned> MD5: bcf46fb398076282491573cd52fc2d07 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCom.dll
<unsigned> MD5: 77cb50431b1998d5fc340257da5d05ef C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESDeviceSetup.esx
<unsigned> MD5: 25e82fc4fab716cef9e14652b2b3365d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
<unsigned> MD5: 1ae237be2f6e4a7da5ac9c0ac8b11257 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx
<unsigned> MD5: f2c5829ce0000f14f1b5667dc9dd55d5 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.dll
<unsigned> MD5: 4c536b2f3c4d14bec2dfa387438749ad C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESShastaEditPipe.esx
<unsigned> MD5: 0c61ed640b784f4be2c106187b7ec586 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSkin.esx
<unsigned> MD5: 6adcb7eaf76e9ee25bb9bc0226096b4f C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESSlideShow.esx
<unsigned> MD5: 1a750cc5f238fc9d515582e4f401d64d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESUIWireless.esx
<unsigned> MD5: af66f0b443a07898eae106ea7a9560f8 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESWireless.esx
<unsigned> MD5: d4910326c6adc92aac3d0115e957e0ae C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\IStorageMediaStore.esx
<unsigned> MD5: bcdd1d3032d696bc362300cbbffb3da2 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll
<unsigned> MD5: 5bfb8fe8b436b4c8110715bf69ca95e6 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kcor40.dll
<unsigned> MD5: 6d335a2315b2b00ca90d8fc5ec0a7c00 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KDCImagePath.esx
<unsigned> MD5: 1d0e08b12e4e773c20f6859d929967d4 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\keml40.dll
<unsigned> MD5: 247f1604377e47414348c80a2a92c736 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KFx.dll
<unsigned> MD5: d3ce31e897b959e8de8925f87348e912 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KPCDInterface.dll
<unsigned> MD5: 6e0a96a211ac109ed23f2946c2b97fcd C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\kpries40.dll
<unsigned> MD5: a34d7b9c9e458958b66d7fe9d0e63ace C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
<unsigned> MD5: a7ea25b87480ffdeff3466b5ac077f41 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocCamBack.dll
<unsigned> MD5: f66d4b69890b03f0cb54e2ab0f6931fe C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll
<unsigned> MD5: a5800ead1a61e5f1a5c209e0e3a08d66 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESApp.dll
<unsigned> MD5: a6f941b5fbe85a306e4b8e67689e5dd6 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEsColl.dll
<unsigned> MD5: 44b51d0c6a325a1a89e98637c87c4129 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll
<unsigned> MD5: 9b5ce832355652aaf67eee99548f9d4a C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
<unsigned> MD5: aa33fc3dc20a2c111f41502087e902a4 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll
<unsigned> MD5: d4e26389620495bafc44cc11e1de2cdf C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll
<unsigned> MD5: ed240915e8a88da6a3631802c634e350 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\locPcd.dll
<unsigned> MD5: d1a43391fa5726da97ee444c4ece546a C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
<unsigned> MD5: 8cfbaefbdb1877bea88eeac29109c39c C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
<unsigned> MD5: b35fd5341b84bbcee89786d6ea8cf413 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll
<unsigned> MD5: adeda019e481d891774e592c71ed5e32 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll
<unsigned> MD5: 213db16cf3a686172a7854e6dd49d9be C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
<unsigned> MD5: 1ac750c4a60cf891537ff84c862b404f C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
<unsigned> MD5: 46c17fc7a262b779467371608696dc0e C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll
<unsigned> MD5: e961c69de8c7c0eabd248dacfc279076 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
<unsigned> MD5: a04ec33c3ade431eccd5ce5a64424355 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltdis10N.dll
<unsigned> MD5: f9eb456ba244d7ca041a3d6a6d6e74d5 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltefx10N.dll
<unsigned> MD5: 7f9be7c4d7a0e22dacf35e46e553d392 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltfil10N.dll
<unsigned> MD5: b7361861f5eccdb114623f5bf62104e4 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltimg10N.dll
<unsigned> MD5: 26c28af5e52700de35301218e1946a9d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltkrn10N.dll
<unsigned> MD5: 16218a3c5e296be54e2d8a4efdf4c27f C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\MediaEngine.dll
<unsigned> MD5: 94034f1c8dcd4f90b41750d1793698ec C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\msvcp71.dll
<unsigned> MD5: 0f42dd3262943ecd0cef3053c43219dd C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\msvcr71.dll
<unsigned> MD5: d074c4a383d9071afb99b68f82d36ea0 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\Pcd.esx
<unsigned> MD5: 7d72c97d0b1be3b14cfb49fb356f766d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx
<unsigned> MD5: 3e5052f906c8fc0ebd9673e580d76928 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ShastaPath.dll
<unsigned> MD5: 76fd957f62eb5e06a9293139d9f26b91 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxBaseV.dll
<unsigned> MD5: 1dd8de0742521ccf76560b9a2ffecda5 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCmpV.dll
<unsigned> MD5: 4840979decfb8280f7c4bfeb85cc31cc C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxCommonV.dll
<unsigned> MD5: bd092dd20813ab0916b53075ccf30626 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxFFV.dll
<unsigned> MD5: 848967d050e4a950f49393a4c731ffe5 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxImV.dll
<unsigned> MD5: 27e4b2aac85666f4472024d7a09701e7 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxProcV.dll
<unsigned> MD5: 1b921221a0c8f08d1d3280ac818ab99e C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxXML2V.dll
<unsigned> MD5: c549695e9b5b8b2ff77a9624cbcf9804 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SkinuxZipV.dll
<unsigned> MD5: 62ec2aa7eb9be46f42c300adb299c30a C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
<unsigned> MD5: bbcbeb0a0e607e65d55177267aadc32d C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll
<unsigned> MD5: 5376f8bb5f8fb5f6df73c35481b66d52 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UpdateChecker.esx
<unsigned> MD5: d31f0c1df973c06fd5cfa6b3c7830372 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaAdapter.esx
<unsigned> MD5: 214ef112d9ad7794550eccce8f9970ca C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBBook.esx
<unsigned> MD5: 52b2b3443b94785c53675bf0ae96757e C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaBrowser.esx
<unsigned> MD5: 4712632e7741642475546ac3963ef734 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDBackup.esx
<unsigned> MD5: bcaa447c9825e4c4d4091dbff2df9c68 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDR.dll
<unsigned> MD5: d5c52fcd0e6182c93a5c58abca0ef305 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaControls.esx
<unsigned> MD5: 9dd05f0be910238689b0e4bda769888b C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx
<unsigned> MD5: 56c88bf0d5c727a90e100a8027778571 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaEdit.esx
<unsigned> MD5: 6252c9a73d72a3e3280f723aa13d56c9 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll
<unsigned> MD5: 428ab2725d2d86bc2b4c240f4c75b969 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaPrintOnline.esx
<unsigned> MD5: 150644ab013057006b3f6d13826f687e C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll
<unsigned> MD5: 407ff5bb99ef60ab9d60f8ba6ce0a58a C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
<unsigned> MD5: c830ee9ec1f3276400c11623efc59736 C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx
<unsigned> MD5: 82696f34a604b65b4102ca96da153ef1 C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.AutoPlayUtil.dll
<unsigned> MD5: 65b0522086ef3d0ab4e01f5601041701 C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.MCMDevMon.dll
<unsigned> MD5: c7093a310b2dd6cfb0436938711ba409 C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.NetworkCardDevMon.dll
<unsigned> MD5: a8efd009143c7ab1731235524b54341d C:\Program Files (x86)\Lexmark 1300 Series\App4R.DevMons.ScanDevMon.dll
<unsigned> MD5: 2b1a2ce30b65e75746c7c753697bcb92 C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Common.dll
<unsigned> MD5: 5068e451bd71967a0d67ec2e3c1a6d6e C:\Program Files (x86)\Lexmark 1300 Series\App4R.Monitor.Core.dll
<unsigned> MD5: 7919769f265843bf3caac86ee69cd351 C:\Program Files (x86)\Lexmark 1300 Series\lxdcamon.exe
<unsigned> MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files (x86)\Lexmark 1300 Series\mfc71.dll
<unsigned> MD5: 86f1895ae8c5e8b17d99ece768a70732 C:\Program Files (x86)\Lexmark 1300 Series\msvcr71.dll
<unsigned> MD5: 62be2f433743cd6b5e7cf25cb6fe9079 C:\Program Files (x86)\Mozilla Firefox\freebl3.dll
<unsigned> MD5: fd681c2136ef9fe31e529693084b215e C:\Program Files (x86)\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
<unsigned> MD5: da548872c3126b09d7832b4abeb54116 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
<unsigned> MD5: d1b52536361ff56b6577dab14cb4324c C:\Program Files (x86)\Mozilla Firefox\softokn3.dll
<unsigned> MD5: d08a2ef6a92a60000e2837968337a6fb C:\Program Files (x86)\Nova Development\Greeting Card Factory Photo Card Maker\ReminderApp.exe
<unsigned> MD5: 84f6b3ae2bbbfc146a27ede853eccb6b C:\Program Files (x86)\QuickTime\QTSystem\QTCF.dll
<unsigned> MD5: 86d32bb043c88fd79194ff7ab2ab3434 C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.qts
<unsigned> MD5: eadfcaf6888b10183a0ef881453fa0ba C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\en.lproj\QuickTimeLocalized.dll
<unsigned> MD5: 239eadd6b5ab68051c3dad1e9403b33d C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.Resources\QuickTime.dll
<unsigned> MD5: 55d7a219ad8d0db8980528944152a6fd C:\Program Files (x86)\QuickTime\QTTask.exe
<unsigned> MD5: ecd5517a6633826057d4f050927ddf56 c:\program files (x86)\superantispyware\sasseh.dll
<unsigned> MD5: 482e8f6fd557d5a0df7363f72df145fe C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll
<unsigned> MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
<unsigned> MD5: 871e07916ee1bb038242c69725508cd9 C:\Program Files (x86)\Yahoo!\Messenger\resources\en-US\res_msgr.dll
<unsigned> MD5: 03115382e0b298de872f99abb417b867 C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
<unsigned> MD5: ebebdbf1df7621623bbc5af82b533542 C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\FFExternalAlert.dll
<unsigned> MD5: 696f6787818300362f15485d654f6887 C:\Users\owner\AppData\Roaming\Mozilla\Firefox\Profiles\w3lti7t7.default\extensions\{f2257711-226b-4529-8e1d-e82e1c55ebd8}\components\RadioWMPCore.dll
<unsigned> MD5: 3c97e7131026a968c69892a3002f4003 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
<unsigned> MD5: 44bc9fe94410a7165687d46774d1253d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
<unsigned> MD5: 31d759eb90cccadc5641b6461c8ae180 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
<unsigned> MD5: b49d32fba5f5670b45663145947f717a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
<unsigned> MD5: 4005c194272628cd1362a7ac88b50718 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
<unsigned> MD5: 5ed7722d11473666528dadc758e4edf1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
<unsigned> MD5: 96d9ccdfcbdab436bf49ad0ed15c18e3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
<unsigned> MD5: 6f678556a6fce04fc94f3435f6313705 C:\Windows\Downloaded Program Files\unagiuninst.exe
<unsigned> MD5: 07154b27860b999cc70eb6f7a1528794 C:\Windows\system32\Adobe\Director\np32dsw.dll
<unsigned> MD5: 215bf879658630bd79988849db396402 C:\Windows\SysWOW64\dnssd.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
<unsigned> MD5: 75f2a9b695ef3ef22d731f059920f636 C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d08d7da0442a985d\msvcm80.dll
<unsigned> MD5: 4928ab3a304ddf05c354de3807a4a66b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll

The following file(s) must be uploaded for server-side scanning:
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESRendezvousInfc.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBrowser.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\PTP.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\UIFx.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaDB.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEsColl.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaEdit.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\SpiffyExt.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaAdapter.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ltkrn10N.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESPrint.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocUpdateCheck.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESEmail.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESEmail.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\locPcd.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\KCat40.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESDeviceSetup.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\XMIApi.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaPrintOnLine.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaCDR.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaCDBackup.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnlineHelper40.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESUIWireless.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocESPrint.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocEGCreatives.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VistaImage.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaBBook.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocAcqMod.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\ESCliWicMDRW.esx
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\LocVistaControls.dll
C:\Program Files (x86)\Kodak\Kodak EasyShare software\bin\VPrintOnline.dll

Upload started - 31 file(s)
locPcd.dll (9728)
LocUpdateCheck.dll (10240)
LocVistaAdapter.dll (10752)
LocESUIWireless.dll (18944)
ESRendezvousInfc.dll (25600)
LocEGCreatives.dll (27136)
VistaCDR.dll (33280)
LocVistaBrowser.dll (73728)
LocVistaBBook.dll (73728)
LocAcqMod.dll (86016)
LocVistaPrintOnLine.dll (90112)
UIFx.dll (108032)
LocEsColl.dll (139264)
VPrintOnlineHelper40.dll (143360)
LocVistaCDBackup.dll (151552)
LocESEmail.dll (159744)
LocESPrint.dll (167936)
SpiffyExt.dll (233472)
ltkrn10N.dll (297984)
LocVistaEdit.dll (524288)
ESPrint.esx (593920)
VistaDB.esx (607744)
LocESDeviceSetup.dll (626688)
VistaImage.dll (664576)
ESEmail.esx (675840)
KCat40.dll (676864)
LocVistaControls.dll (688128)
VPrintOnline.dll (688128)
XMIApi.esx (749568)
ESCliWicMDRW.esx (757760)
PTP.esx (922112)
Upload speed - 41 KB/s
Upload finished - 31 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 240 sec
Total traffic - 9.65 MB sent, 1.61 KB recvd
Scanned 839 files and modules - 364 seconds

Edited by kooshykins, 26 April 2010 - 03:05 PM.


#6 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 26 April 2010 - 03:12 PM

Ok, it looks you have some rootkit activity going and are definitely infected which needs to be address by the experts over in a different part of the forum.

Please follow steps 6-9 in this guide.

That will require you to run some scanners which will produce some more advanced logs that will need to be posted in the new post.

Good luck and please let me know if I can be of any more help.

#7 kooshykins

kooshykins
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:USA
  • Local time:06:19 AM

Posted 27 April 2010 - 09:33 AM

Thanks a lot! I will do it on my day off since this needs time. Help is greatly appreciated.

#8 certifiedgeek

certifiedgeek

  • Members
  • 172 posts
  • OFFLINE
  •  
  • Local time:06:19 AM

Posted 27 April 2010 - 10:05 AM

Your welcome and don't get discouraged if you don't hear back as quickly as you do over here, especially in the beginning, as they are very busy and it might take a day or two for them to get back to your DDS/GMER logs.

Good luck and let me know what you find out or if I can help.

Of course, don't use the computer to do any secure online stuff until you get a final resolution in the other forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users