Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Google redirects, IE blocked, missing program associations


  • This topic is locked This topic is locked
18 replies to this topic

#1 KyleJS

KyleJS

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 22 June 2010 - 05:04 PM

Alright I think my computers gotten pretty f'ed up as of late, all seemingly starting from one infection I got a month or so ago. I have a "Family" account on my computer and while browsing for free screen savers my brother downloaded a host of malicious files. I thought I got rid of the initial infection but since then Ive been having a variety of problems that Ive been ignoring up till now because they were fairly minor.

Google searches are redirected, I cant even access some sites like Malwarebytes.org occasionally

Computer sometimes starts up with half the desktop icons missing - cant run any of them with repeated "missing association" errors

Computer occasionally starts up with no background at all and again nothing can be run because of "missing associations"

Repeated scans using different trusted scans such as Malwarebytes, AVG Free Home, etc almost always find something and I click "delete infected" but problems have not ceased

Ive lost a couple items on my toolbar that I cant seem to get back, such as the sound volume meter. Half the time sound doesn't even work period after Ive started up my pc

Cant run some antispyware programs that have "Spyware" or "Malware" in their name. For example SuperAntiSpyware.exe was "missing an association" when I tried to run it but the portable version meant to circumvent malware that was blocking obviously named antispyware programs - with a random name of letters and numbers, started up fine, as usual, found many infections but didnt seem to help with my overall infection.

Im at a loss as to what I should do, Ive been browsing various topics with similar problems that I have and Ive gone through the steps but nothing seems to be working.
Many thanks to whoever can help me out with this!

Edited by KyleJS, 22 June 2010 - 05:08 PM.


BC AdBot (Login to Remove)

 


#2 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 22 June 2010 - 06:31 PM

BTW Using SUPERAntiSpyware Ive ran a scan a couple times and it keeps coming up with 6 occasions of Trojan.DNS-Changer (Hi-Jacked DNS.) Its tried deleting it multiple times complete with the reboot and everything but it doesnt seem to be working and it finds it again every scan. I have the log on hand if wanted.

#3 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 04:56 PM

Been a few days...still definitely am dealing with this problem. Sorry if this was too early to bump.

#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 27 June 2010 - 08:24 PM

Hello please post the last MBAM and SAS logs. Is this an XP machine?
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 09:09 PM

Vista premium x32 bit, ill get right on it thanks!

#6 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 09:58 PM

For some reason (guessing viruses fault) I cant run mbytes and I also cant get through to their website to try reinstalling it, however my SAS did work and found quite a bit.

UPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/27/2010 at 10:54 PM

Application Version : 4.39.1002

Core Rules Database Version : 5057
Trace Rules Database Version: 2869

Scan type : Complete Scan
Total Scan Time : 00:35:57

Memory items scanned : 815
Memory threats detected : 1
Registry items scanned : 11455
Registry threats detected : 6
File items scanned : 34673
File threats detected : 50

Trojan.Agent/Gen-Virut
C:\USERS\KYLE\APPDATA\LOCAL\WINDOWS SERVER\QJZEHR.DLL
C:\USERS\KYLE\APPDATA\LOCAL\WINDOWS SERVER\QJZEHR.DLL
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\LOCAL\WINDOWS SERVER\QJZEHR.DLL

Adware.Tracking Cookie
C:\Users\Kyle\AppData\Roaming\Microsoft\Windows\Cookies\kyle@msnportal.112.2o7[1].txt
cdn.insights.gravity.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
media.scanscout.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
vidii.hardsextube.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
www.alphaporno.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
www.naiadsystems.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
www.pornhub.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
www.pornkeeper.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
www.sunporno.com [ C:\Users\Kyle\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\EMDGAC4F ]
convoad.technoratimedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\56SVXFWD ]
media.scanscout.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\56SVXFWD ]
objects.tremormedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\56SVXFWD ]
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@clicksor[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@madethecut.112.2o7[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn4.specificclick[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@advertise[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificmedia[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adbrite[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@adstats[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@media6degrees[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@realmedia[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[3].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@myroitracking[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@ads.undertone[1].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@questionmarket[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@specificclick[2].txt
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\system@cdn.jemamedia[1].txt
.atdmt.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.atdmt.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.doubleclick.net [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
ad.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.content.yieldmanager.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.invitemedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.invitemedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.invitemedia.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.media6degrees.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.media6degrees.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.media6degrees.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.media6degrees.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.questionmarket.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]
.questionmarket.com [ C:\Windows\System32\config\systemprofile\AppData\Roaming\Mozilla\Firefox\Profiles\bl8zhmf1.default\cookies.sqlite ]

Trojan.DNS-Changer (Hi-Jacked DNS)
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS\INTERFACES\{4ED9E628-B36B-4015-8942-9FA5635DCB29}#NAMESERVER
HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS\INTERFACES\{4ED9E628-B36B-4015-8942-9FA5635DCB29}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{4ED9E628-B36B-4015-8942-9FA5635DCB29}#NAMESERVER
HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET003\SERVICES\TCPIP\PARAMETERS#NAMESERVER
HKLM\SYSTEM\CONTROLSET004\SERVICES\TCPIP\PARAMETERS#NAMESERVER

Rootkit.TDSS
C:\WINDOWS\SYSTEM32\ERNEL32.DLL

#7 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 27 June 2010 - 10:06 PM

Hello again ,, this is very serious Trojan.Agent/Gen-Virut if still active.
Rootkit.TDSS
b]Rootkits[/b], backdoor Trojans, Botnets, and IRC Bots are very dangerous because they compromise system integrity by making changes that allow it to by used by the attacker for malicious purposes. Rootkits are used by Trojans to conceal its presence (hide from view) in order to prevent detection of an attacker's software and make removal more difficult. Many rootkits can hook into the Windows 32-bit kernel, and patch several APIs to hide new registry keys and files they install. They can disable your anti-virus and security tools to prevent detection and removal. Remote attackers use backdoors as a means of accessing and taking control of a computer that bypasses security mechanisms. This type of exploit allows them to steal sensitive information like passwords, personal and financial data which is send back to the hacker. To learn more about these types of infections, you can refer to:

What danger is presented by rootkits?
Rootkits and how to combat them
r00tkit Analysis: What Is A Rootkit

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised and change each password using a clean computer, not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
What Should I Do If I've Become A Victim Of Identity Theft?
Identity Theft Victims Guide - What to do


Please run this next
Kaspersky Online Scan

Please perform a scan with Kaspersky Online Virus Scanner.
-- Requires free Java Runtime Environment (JRE) to be installed before scanning for malware as ActiveX is no longer being used.
-- This scan will not remove any detected file threats but it will show where they are located so they can be cleaned with other tools.
  • Vista users need to right-click the IE or FF Start Menu or Quick Launch Bar icons and Run As Administrator from the context menu.
  • Read the "Advantages - Requirements and Limitations" then press the Posted Image... button.
  • You will be prompted to install an application from Kaspersky. Click the Run button. It will start downloading and installing the scanner and virus definitions.
  • When the downloads have finished, you should see 'Database is updated. Ready to scan'. Click on the Posted Image... button.
  • Make sure these boxes are checked. By default, they should be. If not, please check them and click on the Posted Image... button afterwards:
    • Detect malicious programs of the following categories:
      Viruses, Worms, Trojan Horses, Rootkits
      Spyware, Adware, Dialers and other potentially dangerous programs
    • Scan compound files (doesn't apply to the File scan area):
      Archives
      Mail databases
  • Click on My Computer under the Scan section. OK any warnings from your protection programs.
  • The scan will take a while so be patient and do NOT use the computer while the scan is running. Keep all other programs and windows closed.
  • Once the scan is complete (the 'status' will show complete), click on View Scan Report and any infected objects will be shown.
  • Click on Save Report As... and change the Files of type to Text file (.txt)
  • Name the file KAVScan_ddmmyy (day, month, year) before clicking on the Save button and save it to your Desktop.
  • Copy and paste (Ctrl+C) the saved scan results from that file in your next reply.
-- Note: Some online scanners will detect existing anti-virus software and refuse to cooperate. You may have to disable the real-time protection components of your existing anti-virus and try running the scan again. If you do this, remember to turn them back on after you are finished.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#8 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 10:15 PM

I get error 0 : cannot connec to update source when Kasperscan trys to do its thing. Ill try restarting my pc and doing process over to see if that helps, and yes i did run as admin.

#9 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 27 June 2010 - 10:21 PM

Or try this ( I will be leaving soon)

Please run a BitDefender Online Scan
  • Click I Agree to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click Click here to scan to begin the scan.
  • Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
  • When the scan is finished, click on Click here to export the scan results.
  • Save the report to your desktop so you can post it in your next reply.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#10 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 10:30 PM

well i ran the 60 second quick scan which seemed like the only option available, and while there was no "Click here to export the scan results" there was an option to "View log" which I clicked on but I get an error saying "Error at line 1. This line does not contain a recognized action."

EDIT: I uninstalled autohotkey whcih is associated with opening txt files and I suspected probably was causing the error but now when I lcick "view log" absolutely nothing happens.

EDIT2: Ok I suspcted that the associations may have been off for .txt files so I set the default program to open up .txt files to notepad, and that fixed the problem. Heres the log, only found 1 thing though...

QuickScan Beta 32-bit v0.9.9.23
-------------------------------
Scan date: Sun Jun 27 23:33:36 2010
Machine ID: 4A2D4D99



Found 1 infected file!
----------------------

C:\Users\Kyle\AppData\Local\Windows Server\qjzehr.dll --> Gen:Variant.Kates.3
--> Process SetPoint.exe (3668)
--> Process hpqSTE08.exe (4788)
--> Process rundll32.exe (156)



Processes
---------
<unsigned> Catalyst Control Centre 4872 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
<unsigned> Catalyst Control Centre 3620 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> Sophos Anti-Virus 2544 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
<unsigned> Sophos Anti-Virus 1672 C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
<unsigned> Sophos AutoUpdate 3564 C:\Program Files\Sophos\AutoUpdate\ALMon.exe
<unsigned> Sophos AutoUpdate 2596 C:\Program Files\Sophos\AutoUpdate\ALsvc.exe

<verified> Ad-Aware Service Application 1988 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
<verified> Ad-Aware Tray Application 5168 C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
<verified> AMD External Events 1600 C:\Windows\system32\atieclxx.exe
<verified> AMD External Events 1232 C:\Windows\system32\atiesrxx.exe
<verified> Apple Mobile Device Service 936 C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
<verified> cmdagent.exe 1908 C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
<verified> COCIManager.exe 4340 C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
<verified> Firefox 3360 C:\Program Files\Mozilla Firefox\firefox.exe
<verified> hp digital imaging - hp all-in-one seri 4788 C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
<verified> hp digital imaging - hp all-in-one seri 1444 C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Java™ Platform SE Auto Updater 2 0 2156 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> LightScribe 2148 C:\Program Files\Common Files\LightScribe\LSSrvc.exe
<verified> Logitech QuickCam 2252 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
<verified> Logitech SetPoint 4260 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
<verified> Logitech SetPoint 3668 C:\Program Files\Logitech\SetPoint\SetPoint.exe
<verified> McAfee Security Scanner 3680 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
<verified> Microsoft® Windows® Operating System 4056 C:\Program Files\Windows Media Player\wmpnetwk.exe
<verified> Microsoft® Windows® Operating System 1508 C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System 2244 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System 3068 C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System 4052 C:\Windows\ehome\ehmsas.exe
<verified> Microsoft® Windows® Operating System 3604 C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System 3348 C:\Windows\Explorer.EXE
<verified> Microsoft® Windows® Operating System 780 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 704 C:\Windows\system32\csrss.exe
<verified> Microsoft® Windows® Operating System 2016 C:\Windows\system32\dllhost.exe
<verified> Microsoft® Windows® Operating System 1132 C:\Windows\system32\Dwm.exe
<verified> Microsoft® Windows® Operating System 2492 C:\Windows\system32\locator.exe
<verified> Microsoft® Windows® Operating System 828 C:\Windows\system32\lsass.exe
<verified> Microsoft® Windows® Operating System 836 C:\Windows\system32\lsm.exe
<verified> Microsoft® Windows® Operating System 156 C:\Windows\System32\rundll32.exe
<verified> Microsoft® Windows® Operating System 816 C:\Windows\system32\services.exe
<verified> Microsoft® Windows® Operating System 1528 C:\Windows\system32\SLsvc.exe
<verified> Microsoft® Windows® Operating System 632 C:\Windows\System32\smss.exe
<verified> Microsoft® Windows® Operating System 460 C:\Windows\System32\spoolsv.exe
<verified> Microsoft® Windows® Operating System 1356 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2296 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2328 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 2432 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2612 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 2692 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1912 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1572 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 676 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1032 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1092 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1276 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1512 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 1324 C:\Windows\System32\svchost.exe
<verified> Microsoft® Windows® Operating System 1464 C:\Windows\system32\svchost.exe
<verified> Microsoft® Windows® Operating System 3700 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 2724 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 5116 C:\Windows\system32\taskeng.exe
<verified> Microsoft® Windows® Operating System 2968 C:\Windows\system32\wbem\unsecapp.exe
<verified> Microsoft® Windows® Operating System 3196 C:\Windows\system32\wbem\wmiprvse.exe
<verified> Microsoft® Windows® Operating System 772 C:\Windows\system32\wininit.exe
<verified> Microsoft® Windows® Operating System 876 C:\Windows\system32\winlogon.exe
<verified> Nero Home 3656 C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
<verified> Nero Home 1292 C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
<verified> Nero Home 4108 C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
<verified> PnkBstrA.exe 2348 C:\Windows\system32\PnkBstrA.exe
<verified> PnkBstrB.exe 2384 C:\Windows\system32\PnkBstrB.exe
<verified> Quickcam.exe 3052 C:\Program Files\Logitech\QuickCam\Quickcam.exe
<verified> Seagate Scheduler 2 2564 C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
<verified> Syntek Hardware Snapshot Launch Applica 2636 C:\Windows\System32\StkASv2K.exe


Network activity
----------------
Process svchost.exe (1356) connected on port 80 (HTTP) --> unknown.iad.scnet.net
Process firefox.exe (3360) connected on port 80 (HTTP) --> 64.79.91.34
Process firefox.exe (3360) connected on port 80 (HTTP) --> 78.41.206.236
Process firefox.exe (3360) connected on port 80 (HTTP) --> 74.125.77.149
Process firefox.exe (3360) connected on port 80 (HTTP) --> 209.85.157.156
Process firefox.exe (3360) connected on port 80 (HTTP) --> 72.247.238.186
Process firefox.exe (3360) connected on port 80 (HTTP) --> 204.237.131.25
Process firefox.exe (3360) connected on port 80 (HTTP) --> 72.247.238.179
Process firefox.exe (3360) connected on port 80 (HTTP) --> 63.135.86.23
Process firefox.exe (3360) connected on port 80 (HTTP) --> 72.247.238.185
Process firefox.exe (3360) connected on port 80 (HTTP) --> 96.17.156.19
Process firefox.exe (3360) connected on port 80 (HTTP) --> 209.85.157.154
Process firefox.exe (3360) connected on port 80 (HTTP) --> 173.194.33.148
Process firefox.exe (3360) connected on port 443 (HTTP over SSL) --> 72.14.204.97
Process firefox.exe (3360) connected on port 80 (HTTP) --> 66.235.142.24
Process firefox.exe (3360) connected on port 80 (HTTP) --> 205.234.231.38

Process wininit.exe (772) listens on ports: 49152 (RPC)
Process services.exe (816) listens on ports: 49156 (RPC)
Process lsass.exe (828) listens on ports: 49154 (RPC)
Process svchost.exe (1092) listens on ports: 135 (RPC)
Process svchost.exe (1276) listens on ports: 49153 (RPC)
Process svchost.exe (1356) listens on ports: 49155 (RPC)
Process svchost.exe (1912) listens on ports: 3390
Process wmpnetwk.exe (4056) listens on ports: 554 (RTSP)


Autoruns and critical files
---------------------------
<unsigned> Catalyst® Control Center C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> CyberLink GoldenEye C:\Users\Kyle\AppData\Local\wmsysnac.dll
<unsigned> Mozilla Firefox C:\Program Files\Mozilla Firefox
<unsigned> Sophos AutoUpdate C:\Program Files\Sophos\AutoUpdate\ALMon.exe
<unsigned> ubawuwuqec.dll C:\Users\Kyle\AppData\Local\ubawuwuqec.dll

<verified> Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
<verified> Google Update C:\Users\Family\AppData\Local\Google\Update\GoogleUpdate.exe
<verified> hp digital imaging - hp all-in-one seri C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
<verified> Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
<verified> Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Media Player\wmpnscfg.exe
<verified> Microsoft® Windows® Operating System C:\Program Files\Windows Sidebar\sidebar.exe
<verified> Microsoft® Windows® Operating System C:\Windows\ehome\ehtray.exe
<verified> Microsoft® Windows® Operating System C:\Windows\System32\browseui.dll
<verified> Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
<verified> Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
<verified> Nero Home C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
<verified> Quickcam.exe C:\Program Files\Logitech\QuickCam\Quickcam.exe
<verified> SDMessaging Application C:\Program Files\SmartDraw 2010\Messages\SDNotify.exe
<verified> Smart Defrag C:\Program Files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe
<verified> SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
<verified> Windows Defender C:\Program Files\Windows Defender\MSASCui.exe
<verified> Windows® Internet Explorer C:\Windows\system32\msfeedssync.exe
<verified> Windows® Internet Explorer c:\windows\system32\webcheck.dll


Browser plugins
---------------
<unsigned> libvlc.dll C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
<unsigned> NBC Direct (2.0.3376.1 (Insecure)) C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll

<verified> 2007 Microsoft Office system C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL
<verified> AcroIEHelperShim Library c:\program files\common files\adobe\acrobat\activex\acroiehelpershim.dll
<verified> Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
<verified> Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
<verified> Adobe® Flash® Player ActiveX C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
<verified> BitDefender QuickScan C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\components\qscanff.dll
<verified> BitDefender QuickScan C:\Users\Kyle\AppData\Roaming\Mozilla\Firefox\Profiles\tibxncwe.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
<verified> DivX Player Netscape Plugin C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
<verified> DivX Player Netscape Plugin C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
<verified> DivX Web Player C:\Program Files\DivX\DivX Web Player\npdivx32.dll
<verified> DivX Web Player C:\Program Files\Mozilla Firefox\plugins\npdivx32.dll
<verified> DNA Plug-in C:\Program Files\DNA\plugins\npbtdna.dll
<verified> IAIEPlay C:\Windows\Downloaded Program Files\iaieplay.dll
<verified> IAMCE C:\Windows\Downloaded Program Files\iamce.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.dll
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\dwusplay.exe
<verified> InstallShield Update Service C:\Windows\Downloaded Program Files\isusweb.dll
<verified> Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
<verified> Java™ Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll
<verified> Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
<verified> Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\mswsock.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\NapiNSP.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\pnrpnsp.dll
<verified> Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll
<verified> Move Streaming Media Player C:\Users\Kyle\AppData\Roaming\Move Networks\plugins\npqmp071504000001.dll
<verified> Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
<verified> npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
<verified> NPSWF32.dll C:\Windows\System32\Macromed\Flash\NPSWF32.dll
<verified> PokerStars C:\Program Files\PokerStars\PokerStarsUpdate.exe
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
<verified> QuickTime Plug-in 7.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
<verified> RealJukebox NS Plugin C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
<verified> RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
<verified> RealPlayer Version Plugin C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
<verified> RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
<verified> RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
<verified> Silverlight Plug-In c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\libdivx.dll
<verified> The OpenSSL Toolkit C:\Program Files\Mozilla Firefox\plugins\ssldivx.dll
<verified> Unity Player C:\Program Files\Unity\WebPlayer\loader\npUnity3D32.dll
<verified> Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
<verified> Windows Presentation Foundation c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
<verified> Windows® Internet Explorer C:\Windows\System32\ieframe.dll
<verified> Yahoo! activeX Plug-in Bridge C:\Program Files\Yahoo!\Common\npyaxmpb.dll
<verified> Yahoo! Toolbar c:\program files\yahoo!\companion\installs\cpn\yt.dll


Missing files
-------------
File not found: C:\Program Files\Bonjour\mDNSResponder.exe
referenced in: HKLM\System\ControlSet001\services\Bonjour Service\"ImagePath"

File not found: C:\Users\Kyle\AppData\Roaming\Vutuaw\gima.exe
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"{E76424D3-128B-B9C5-09AB-0721A2F04D1D}"

File not found: C:\Windows\system32\drivers\amdide.sys
referenced in: HKLM\System\ControlSet001\services\amdide\"ImagePath"

File not found: C:\Windows\system32\drivers\blbdrive.sys
referenced in: HKLM\System\ControlSet001\services\blbdrive\"ImagePath"

File not found: KHALMNPR.EXE
referenced in: HKLM\Software\Microsoft\Windows\CurrentVersion\Run\"Kernel and Hardware Abstraction Layer"

File not found: system32\DRIVERS\ipinip.sys
referenced in: HKLM\System\ControlSet001\services\IpInIp\"ImagePath"

File not found: system32\DRIVERS\nwlnkflt.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFlt\"ImagePath"

File not found: system32\DRIVERS\nwlnkfwd.sys
referenced in: HKLM\System\ControlSet001\services\NwlnkFwd\"ImagePath"


Scan
----
<unsigned> MD5: f36b70e79ecefb1e8c000166415b62f4 C:\Program Files\7-Zip\7-zip.dll
<unsigned> MD5: 2a9fd56bb0df43c719ba7e706d3bd340 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ADL.Foundation.dll
<unsigned> MD5: 74ef310fac89341ce2897b7f2c4a7b0f C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
<unsigned> MD5: cabf1df6108bde0ea1fdfaa67fa02760 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
<unsigned> MD5: e7704cbf568815c1caa6e513387bd3f2 C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
<unsigned> MD5: 26b018758226a5dc06de45496c394d40 C:\Program Files\Mozilla Firefox\freebl3.dll
<unsigned> MD5: 9dfb30f203999a3ae0f258a33fa598f9 C:\Program Files\Mozilla Firefox\nssdbm3.dll
<unsigned> MD5: a8c0524219ce5a194db54d23344ed225 C:\Program Files\Mozilla Firefox\plugins\libvlc.dll
<unsigned> MD5: 1fd6c03c0001a5e1eaf61596c2502f0c C:\Program Files\Mozilla Firefox\softokn3.dll
<unsigned> MD5: 574fc61bd45321f87f6e087ba8ccef53 C:\Program Files\NBC Direct\npDirectPlayerMozilla.dll
<unsigned> MD5: 4cf38637fadecccc00013c0711db3bba C:\Program Files\Sophos\AutoUpdate\ALMon.exe
<unsigned> MD5: a2fc88dc4f21c7bb8693955d5e8d3dbb C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
<unsigned> MD5: 76e06f3a5a85b6b7c92d95218506a99e C:\Program Files\Sophos\Sophos Anti-Virus\AuthorisedLists.dll
<unsigned> MD5: 28616a3ad1693667afff1a5389bcc76a C:\Program Files\Sophos\Sophos Anti-Virus\BackgroundScanning.dll
<unsigned> MD5: 21b03e4b07a89dee0a56aa2f10664c53 C:\Program Files\Sophos\Sophos Anti-Virus\BHOManagement.dll
<unsigned> MD5: 9120d1ed28b3127723c1082b9ee8abef C:\Program Files\Sophos\Sophos Anti-Virus\ComponentManager.dll
<unsigned> MD5: 71a74a1c7525740726ab0116fc0f7694 C:\Program Files\Sophos\Sophos Anti-Virus\Configuration.dll
<unsigned> MD5: e6b854fb079d5851263370afa7333b6b C:\Program Files\Sophos\Sophos Anti-Virus\DCManagement.dll
<unsigned> MD5: 8ccd27f80ec8d93d16263ae21cb1d327 C:\Program Files\Sophos\Sophos Anti-Virus\DesktopMessaging.dll
<unsigned> MD5: cc5035d4af9d4b794b255e47a163a2c3 C:\Program Files\Sophos\Sophos Anti-Virus\DriveProcessor.dll
<unsigned> MD5: b83a81db5955fa91e717398211b2c3da C:\Program Files\Sophos\Sophos Anti-Virus\EEConsumer.dll
<unsigned> MD5: 237cea44927c52ca7720a32a6a98a1e0 C:\Program Files\Sophos\Sophos Anti-Virus\FilterProcessors.dll
<unsigned> MD5: 26fd33dbb269dcfd7d64ff39482681b5 C:\Program Files\Sophos\Sophos Anti-Virus\FSDecomposer.dll
<unsigned> MD5: a6e98d32117bef442c5ec91bfe6f36ca C:\Program Files\Sophos\Sophos Anti-Virus\ICAdapter.dll
<unsigned> MD5: cdbc51a58e69b16bc57e25600bea4040 C:\Program Files\Sophos\Sophos Anti-Virus\ICManagement.dll
<unsigned> MD5: 97bfa99f9f31d3722cae79d4b1ee47a6 C:\Program Files\Sophos\Sophos Anti-Virus\ICProcessors.dll
<unsigned> MD5: 05ff1443fe9874bca29ada9fa08b3b04 C:\Program Files\Sophos\Sophos Anti-Virus\LegacyConsumers.dll
<unsigned> MD5: fe23615bee723d20132666f7cb68ce65 C:\Program Files\Sophos\Sophos Anti-Virus\Localisation.dll
<unsigned> MD5: 797d71bc16e205872f1e879dacc40bb4 C:\Program Files\Sophos\Sophos Anti-Virus\Logging.dll
<unsigned> MD5: 5371f7754632552d74805456590e4994 C:\Program Files\Sophos\Sophos Anti-Virus\osdp.dll
<unsigned> MD5: efb4dbc9cae49f65945d59e14cff502a C:\Program Files\Sophos\Sophos Anti-Virus\Persistance.dll
<unsigned> MD5: 71fc5b3d9a814e7b06b7b0f3e204b1d5 C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
<unsigned> MD5: 729475213f138acdfe22e0cdf93cfcf2 C:\Program Files\Sophos\Sophos Anti-Virus\SavNeutralRes.dll
<unsigned> MD5: e943537bfc93bc81a3d2e8e3dc5a969d C:\Program Files\Sophos\Sophos Anti-Virus\SavResEng.dll
<unsigned> MD5: ff1b8ba19d3aa635df699aaa858df63b C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
<unsigned> MD5: decb194fba077b2451c4fc44d9d99831 C:\Program Files\Sophos\Sophos Anti-Virus\SavShellExt.dll
<unsigned> MD5: 9ef83a60f954bbc1ff6c7035a3d8ea01 C:\Program Files\Sophos\Sophos Anti-Virus\ScanEditFacade.dll
<unsigned> MD5: 832ca364485708cc10a03dd4365901dc C:\Program Files\Sophos\Sophos Anti-Virus\ScanManagement.dll
<unsigned> MD5: db895e499e674d48e282394d4fa788e4 C:\Program Files\Sophos\Sophos Anti-Virus\Security.dll
<unsigned> MD5: 98920b957b29126c085d79515973eb8d C:\Program Files\Sophos\Sophos Anti-Virus\SIPSManagement.dll
<unsigned> MD5: 4f7f411637593400260c64410ac80d93 C:\Program Files\Sophos\Sophos Anti-Virus\SystemInformation.dll
<unsigned> MD5: c2c16f3ade6ef76c6cf8c9bce241a341 C:\Program Files\Sophos\Sophos Anti-Virus\ThreatDetection.dll
<unsigned> MD5: 781bd9aad586f310c7430ab41ecc9f52 C:\Program Files\Sophos\Sophos Anti-Virus\ThreatManagement.dll
<unsigned> MD5: 460e8029b432e98ce173e4b2d742f82b C:\Program Files\Sophos\Sophos Anti-Virus\Translators.dll
<unsigned> MD5: 5c24392d03224cf4dd98de973c969e68 C:\Program Files\Sophos\Sophos Anti-Virus\VirusDetection.dll
<unsigned> MD5: 0d8d2aee781dc62514d0cc6286f29441 C:\Users\Kyle\AppData\Local\ubawuwuqec.dll
<unsigned> MD5: 4f05a130afae7bbbd405dca0b8c0fc00 C:\Users\Kyle\AppData\Local\Windows Server\qjzehr.dll
<unsigned> MD5: 4022468eb27df5dcf308e48e6362ec46 C:\Users\Kyle\AppData\Local\wmsysnac.dll
<unsigned> MD5: d5c9b8754337a10c1b4577abdb51aa58 C:\Windows\assembly\GAC_MSIL\AEM.Actions.CCAA.Shared\2.0.3428.28302__90ba9c70f846762e\AEM.Actions.CCAA.Shared.DLL
<unsigned> MD5: 4d735830b8f1a519340cb22df844ff31 C:\Windows\assembly\GAC_MSIL\AEM.Plugin.DPPE.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.DPPE.Shared.DLL
<unsigned> MD5: 3b055e901240ed2247acd0cb3093d8f6 C:\Windows\assembly\GAC_MSIL\AEM.Plugin.EEU.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.EEU.Shared.DLL
<unsigned> MD5: 9d66d3eba023c973c2d5afc408347c6c C:\Windows\assembly\GAC_MSIL\AEM.Plugin.GD.Shared\2.0.3428.28327__90ba9c70f846762e\AEM.Plugin.GD.Shared.DLL
<unsigned> MD5: 4e41e12684d9459a2dbd497b05297a8b C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Hotkeys.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Plugin.Hotkeys.Shared.DLL
<unsigned> MD5: d264786d3f935147c51903f973f43f93 C:\Windows\assembly\GAC_MSIL\AEM.Plugin.REG.Shared\2.0.3428.28329__90ba9c70f846762e\AEM.Plugin.REG.Shared.DLL
<unsigned> MD5: f6e5a39a13058d52f5a9bc35f9ccdced C:\Windows\assembly\GAC_MSIL\AEM.Plugin.Source.Kit.Server\2.0.3470.20921__90ba9c70f846762e\AEM.Plugin.Source.Kit.Server.DLL
<unsigned> MD5: 1a0abfaf07d9fd694f928f5640caff47 C:\Windows\assembly\GAC_MSIL\AEM.Plugin.WinMessages.Shared\2.0.3428.28311__90ba9c70f846762e\AEM.Plugin.WinMessages.Shared.DLL
<unsigned> MD5: 60b76c8d8aff9a0e534bde0046793a22 C:\Windows\assembly\GAC_MSIL\AEM.Server.Shared\2.0.3428.28304__90ba9c70f846762e\AEM.Server.Shared.DLL
<unsigned> MD5: 3ce4866daf11f10efe5e2e9dc2f96080 C:\Windows\assembly\GAC_MSIL\AEM.Server\2.0.3470.20822__90ba9c70f846762e\AEM.Server.DLL
<unsigned> MD5: e43216796a81ab5b64ad7fce2a55e676 C:\Windows\assembly\GAC_MSIL\APM.Foundation\2.0.3428.28310__90ba9c70f846762e\APM.Foundation.DLL
<unsigned> MD5: fea8a87aaf7a2dae3621496ca8282956 C:\Windows\assembly\GAC_MSIL\APM.Server\2.0.3470.20824__90ba9c70f846762e\APM.Server.DLL
<unsigned> MD5: 46be521579317ee924ad21f1304f4085 C:\Windows\assembly\GAC_MSIL\ATICCCom\2.0.0.0__90ba9c70f846762e\ATICCCom.DLL
<unsigned> MD5: a66c6c46a20759550cd7315ef9fac39f C:\Windows\assembly\GAC_MSIL\CCC.Implementation\2.0.3470.20910__90ba9c70f846762e\CCC.Implementation.DLL
<unsigned> MD5: 3fb0342bdbb03fe1dc12acb8cba07b3e C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.DLL
<unsigned> MD5: 3628e90586bb3d91b62c8d7d2592f929 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.CustomFormats.Graphics.Shared\2.0.3428.28311__90ba9c70f846762e\CLI.Aspect.CustomFormats.Graphics.Shared.DLL
<unsigned> MD5: a80b36c959696134e6ed7459a5627835 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Dashboard\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Dashboard.DLL
<unsigned> MD5: 79524048f735b731383a09b2c6d3e61e C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Runtime.DLL
<unsigned> MD5: 51932026c4423879df53a6e58a1dceb9 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCRT.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceCRT.Graphics.Shared.DLL
<unsigned> MD5: 94d30f39517e5476332b2801aa80cead C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Dashboard\2.0.3470.20879__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Dashboard.DLL
<unsigned> MD5: fe61bc7f2d95c125c6d9ae63d2a1f79f C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Runtime\2.0.3470.20878__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Runtime.DLL
<unsigned> MD5: f1023e1ce6520af077203a0832eb2e11 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Shared.DLL
<unsigned> MD5: ed32501db0e843769f5180e05b49b2d3 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceCV.Graphics.Wizard\2.0.3470.20887__90ba9c70f846762e\CLI.Aspect.DeviceCV.Graphics.Wizard.DLL
<unsigned> MD5: 4dbc143b7b0a105ccc1121541936c198 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Runtime.DLL
<unsigned> MD5: 293b2ea7e95637b69d2a8441c74bf177 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceDFP.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DeviceDFP.Graphics.Shared.DLL
<unsigned> MD5: e0472d30cd18bb24aa51135548f7c770 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Runtime\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Runtime.DLL
<unsigned> MD5: 3d2a503a229ebb1956751259afccd9b8 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceLCD.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.DeviceLCD.Graphics.Shared.DLL
<unsigned> MD5: 1fccef31a97338efab404f81fae16f92 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Runtime\2.0.3470.20869__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Runtime.DLL
<unsigned> MD5: 0ca4b0fa32315932e95296415d2f7852 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceProperty.Graphics.Shared\2.0.3428.28309__90ba9c70f846762e\CLI.Aspect.DeviceProperty.Graphics.Shared.DLL
<unsigned> MD5: 7dcccd40e15ecad7a7f84f11613156f5 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Dashboard\2.0.3470.20897__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Dashboard.DLL
<unsigned> MD5: 7a44e9253049d9e30400f9bd78738f50 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Runtime\2.0.3470.20896__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Runtime.DLL
<unsigned> MD5: 9042ba98bb46f64cc0f5eb3b99fd7365 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Shared\2.0.3428.28316__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Shared.DLL
<unsigned> MD5: 759865b7337f83c24a003573302e8d94 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DeviceTV.Graphics.Wizard\2.0.3470.20901__90ba9c70f846762e\CLI.Aspect.DeviceTV.Graphics.Wizard.DLL
<unsigned> MD5: 1f0c68b89a44626b56d620a4debe3d44 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Dashboard\2.0.3470.20847__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Dashboard.DLL
<unsigned> MD5: 001bcb2f8acc2fe001f3fbe9e355801d C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Runtime\2.0.3470.20850__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Runtime.DLL
<unsigned> MD5: 32012729e2c34b921535ac43a10f402f C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysColour2.Graphics.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Aspect.DisplaysColour2.Graphics.Shared.DLL
<unsigned> MD5: fb86aff35e4187550488764ddc5eb502 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager.Graphics.Wizard\2.0.3470.20845__90ba9c70f846762e\CLI.Aspect.DisplaysManager.Graphics.Wizard.DLL
<unsigned> MD5: 05be173c488ddbed7a3643eb79ec2935 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysManager2.Graphics.Dashboard\2.0.3470.20941__90ba9c70f846762e\CLI.Aspect.DisplaysManager2.Graphics.Dashboard.DLL
<unsigned> MD5: dca50eaa8f064f417e01b0db27206ed6 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Dashboard\2.0.3470.20876__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Dashboard.DLL
<unsigned> MD5: fd1319d7eb8c4bbd9543c4c75b298853 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Runtime\2.0.3470.20875__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Runtime.DLL
<unsigned> MD5: ad5cc6083023219b204ef1c1c438125e C:\Windows\assembly\GAC_MSIL\CLI.Aspect.DisplaysOptions.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.DisplaysOptions.Graphics.Shared.DLL
<unsigned> MD5: 5394377f9bcc9dd9c49cec3e557298f3 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Runtime\2.0.3470.20835__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Runtime.DLL
<unsigned> MD5: 1ef9b184a64ad160e747f57b91fb006b C:\Windows\assembly\GAC_MSIL\CLI.Aspect.HotkeysHandling.Graphics.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Aspect.HotkeysHandling.Graphics.Shared.DLL
<unsigned> MD5: 6bc1bf45dd60653f3d08b30093abca13 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Dashboard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Dashboard.DLL
<unsigned> MD5: fd83ada2117124f88ea05cdda87b0187 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.InfoCentre.Graphics.Wizard\2.0.3470.20846__90ba9c70f846762e\CLI.Aspect.InfoCentre.Graphics.Wizard.DLL
<unsigned> MD5: 9acbfc3aaaeeb7aba6291cd3a3dcf2a1 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Dashboard\2.0.3470.20871__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Dashboard.DLL
<unsigned> MD5: 98f951d44e6ed7bc63758f0865519645 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Runtime\2.0.3470.20870__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Runtime.DLL
<unsigned> MD5: 20f16d017e30c27cb4388254412626bb C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Shared\2.0.3428.28314__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Shared.DLL
<unsigned> MD5: db87a5340cff9676a80738f49d9bd3ad C:\Windows\assembly\GAC_MSIL\CLI.Aspect.MMVideo.Graphics.Wizard\2.0.3470.20891__90ba9c70f846762e\CLI.Aspect.MMVideo.Graphics.Wizard.DLL
<unsigned> MD5: 93f3cead0f4806ad3035684934884108 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Dashboard\2.0.3470.20926__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Dashboard.DLL
<unsigned> MD5: bd19313da6c91a7b383c8c39f6c73700 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Runtime\2.0.3470.20925__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Runtime.DLL
<unsigned> MD5: 30da5d77e356457e33278ec127f4fc47 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.OverDrive5.Graphics.Shared\2.0.3428.28328__90ba9c70f846762e\CLI.Aspect.OverDrive5.Graphics.Shared.DLL
<unsigned> MD5: 8fdcaa1d42e54017d3433acc08036fab C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Dashboard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Dashboard.DLL
<unsigned> MD5: f992948ae6d7e9cb60cf78a1b2d79dac C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Runtime\2.0.3470.20882__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Runtime.DLL
<unsigned> MD5: 244a84cd307ebf610ca8f974dcb76ddf C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Shared\2.0.3428.28315__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Shared.DLL
<unsigned> MD5: 93e6478fe53dfa660eb3b21e3a778b46 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Radeon3D.Graphics.Wizard\2.0.3470.20883__90ba9c70f846762e\CLI.Aspect.Radeon3D.Graphics.Wizard.DLL
<unsigned> MD5: 6449938511e739e10d59097451afc926 C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Shared\2.0.3428.28324__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Shared.DLL
<unsigned> MD5: ff4afddca184c3f30782711cb7a70a5e C:\Windows\assembly\GAC_MSIL\CLI.Aspect.TransCode.Graphics.Wizard\2.0.3470.20915__90ba9c70f846762e\CLI.Aspect.TransCode.Graphics.Wizard.DLL
<unsigned> MD5: b8866d52e16a6effc10d5d05633884ee C:\Windows\assembly\GAC_MSIL\CLI.Aspect.Welcome.Graphics.Dashboard\2.0.3470.20916__90ba9c70f846762e\CLI.Aspect.Welcome.Graphics.Dashboard.DLL
<unsigned> MD5: e9381f3215d774856431240055b408d2 C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard.Shared\2.0.3428.28312__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.Shared.DLL
<unsigned> MD5: 7a14a84dcc7cff1180c03994dafabba9 C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Dashboard\2.0.3470.20835__90ba9c70f846762e\CLI.Caste.Graphics.Dashboard.DLL
<unsigned> MD5: 21c34cff6e64969156bebac544990a40 C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime.Shared.Private\2.0.3428.28316__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.Shared.Private.DLL
<unsigned> MD5: 54291edbf31867795e737d522e02c69e C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Runtime\2.0.3470.20826__90ba9c70f846762e\CLI.Caste.Graphics.Runtime.DLL
<unsigned> MD5: bbb03b86b9781153165e2d06e2ac38b2 C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Shared\2.0.3428.28305__90ba9c70f846762e\CLI.Caste.Graphics.Shared.DLL
<unsigned> MD5: 82b92d9c1bd0fe7f4a4f1df4fe94a7dc C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard.Shared\2.0.3428.28313__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.Shared.DLL
<unsigned> MD5: 76b55cb8547ec00f04c424a8d8a9c6a9 C:\Windows\assembly\GAC_MSIL\CLI.Caste.Graphics.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Caste.Graphics.Wizard.DLL
<unsigned> MD5: 36416b2f31b82ddf2ec246702ed4bc8b C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Dashboard\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Dashboard.DLL
<unsigned> MD5: 96846ad608f56506887c3d443f3ba895 C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Runtime\2.0.3470.20928__90ba9c70f846762e\CLI.Caste.HydraVision.Runtime.DLL
<unsigned> MD5: 0757caa8b92cafd5e34073620c21b346 C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Shared\2.0.3470.20927__90ba9c70f846762e\CLI.Caste.HydraVision.Shared.DLL
<unsigned> MD5: 28dc1a42299c9faa1bd69a5000a29381 C:\Windows\assembly\GAC_MSIL\CLI.Caste.HydraVision.Wizard\2.0.3470.20931__90ba9c70f846762e\CLI.Caste.HydraVision.Wizard.DLL
<unsigned> MD5: 3b16801f6169d525e6308462323a40e6 C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared.Private\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Client.Shared.Private.DLL
<unsigned> MD5: 288948851d663ed08b1808ea1b0ce570 C:\Windows\assembly\GAC_MSIL\CLI.Component.Client.Shared\2.0.3428.28302__90ba9c70f846762e\CLI.Component.Client.Shared.DLL
<unsigned> MD5: 0ea25b462747caa4e05fb2cbb83bda2d C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared.Private\2.0.3428.28309__90ba9c70f846762e\CLI.Component.Dashboard.Shared.Private.DLL
<unsigned> MD5: 3d2a58da885238d0283468e089748eb5 C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard.Shared\2.0.3428.28304__90ba9c70f846762e\CLI.Component.Dashboard.Shared.DLL
<unsigned> MD5: 7e723174cf3f542315444eed73d585ce C:\Windows\assembly\GAC_MSIL\CLI.Component.Dashboard\2.0.3470.20831__90ba9c70f846762e\CLI.Component.Dashboard.DLL
<unsigned> MD5: 3bfebf15c50ffb2f0377d903e1823e80 C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Extension.EEU\2.0.3470.20822__90ba9c70f846762e\CLI.Component.Runtime.Extension.EEU.DLL
<unsigned> MD5: e6c65277fcb950c58ce4a627d0c349cb C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Runtime.Shared.Private.DLL
<unsigned> MD5: 3ff2feff9b4a13e81ecd5f184fe400d9 C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime.Shared\2.0.3428.28303__90ba9c70f846762e\CLI.Component.Runtime.Shared.DLL
<unsigned> MD5: d3e203bccbd65fda6550370979519830 C:\Windows\assembly\GAC_MSIL\CLI.Component.Runtime\2.0.3470.20824__90ba9c70f846762e\CLI.Component.Runtime.DLL
<unsigned> MD5: 0fde9d6f5ef0ec91cf7e07552bf3bbc0 C:\Windows\assembly\GAC_MSIL\CLI.Component.SkinFactory\2.0.3470.20825__90ba9c70f846762e\CLI.Component.SkinFactory.DLL
<unsigned> MD5: 6cc72bd43647b9072d89c2b54b5f5ce9 C:\Windows\assembly\GAC_MSIL\CLI.Component.Systemtray\2.0.3470.20904__90ba9c70f846762e\CLI.Component.Systemtray.DLL
<unsigned> MD5: 4717e814e85ba5c25a36cc908384675b C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared.Private\2.0.3428.28311__90ba9c70f846762e\CLI.Component.Wizard.Shared.Private.DLL
<unsigned> MD5: 2df59ccef57fa50a803d519b517f8e2e C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard.Shared\2.0.3428.28308__90ba9c70f846762e\CLI.Component.Wizard.Shared.DLL
<unsigned> MD5: b6cbfd752e15950ae4a3cce380210f60 C:\Windows\assembly\GAC_MSIL\CLI.Component.Wizard\2.0.3470.20840__90ba9c70f846762e\CLI.Component.Wizard.DLL
<unsigned> MD5: 852b2a8dc54df9c18afed3a4abd94cb1 C:\Windows\assembly\GAC_MSIL\CLI.Foundation.Private\2.0.3428.28301__90ba9c70f846762e\CLI.Foundation.Private.DLL
<unsigned> MD5: b6f31340b672b730c51ff44fc783d9e4 C:\Windows\assembly\GAC_MSIL\CLI.Foundation.XManifest\2.0.3428.28354__90ba9c70f846762e\CLI.Foundation.XManifest.DLL
<unsigned> MD5: ad3fd617782e4b8cc59bb588f921d203 C:\Windows\assembly\GAC_MSIL\CLI.Foundation\2.0.3428.28298__90ba9c70f846762e\CLI.Foundation.DLL
<unsigned> MD5: 90c13a7525a19cdc9d651b38257983c4 C:\Windows\assembly\GAC_MSIL\DEM.Graphics\2.0.3428.28324__90ba9c70f846762e\DEM.Graphics.DLL
<unsigned> MD5: 786569d7082130e2c30d9b44def1d501 C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation.Private\2.0.3428.28310__90ba9c70f846762e\LOG.Foundation.Implementation.Private.DLL
<unsigned> MD5: 7dc7c0eef58730141871365afc083ea1 C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Implementation\2.0.3470.20908__90ba9c70f846762e\LOG.Foundation.Implementation.DLL
<unsigned> MD5: 790ee8256b17fbec067e7b3ffca9d4d0 C:\Windows\assembly\GAC_MSIL\LOG.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\LOG.Foundation.Private.DLL
<unsigned> MD5: 5eafd4ee6cb0d15c646981fe05f7ca34 C:\Windows\assembly\GAC_MSIL\LOG.Foundation\2.0.3428.28296__90ba9c70f846762e\LOG.Foundation.DLL
<unsigned> MD5: 0f77a66cfbf9be9bca343d9385f26937 C:\Windows\assembly\GAC_MSIL\MOM.Foundation\2.0.3428.28310__90ba9c70f846762e\MOM.Foundation.DLL
<unsigned> MD5: 76d3a8a8f5d97344bb644230d2e360c4 C:\Windows\assembly\GAC_MSIL\MOM.Implementation\2.0.3470.20910__90ba9c70f846762e\MOM.Implementation.DLL
<unsigned> MD5: 20b3cf6a886f8ca5505aee4472347a96 C:\Windows\assembly\GAC_MSIL\NEWAEM.Foundation\2.0.3428.28297__90ba9c70f846762e\NEWAEM.Foundation.DLL
<unsigned> MD5: 019ca7ec74eb0e553cc077a18a9e43d4 C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Implementation\2.0.3470.20939__90ba9c70f846762e\ResourceManagement.Foundation.Implementation.DLL
<unsigned> MD5: 28284c03aca54a149ccd57621d2a1dfe C:\Windows\assembly\GAC_MSIL\ResourceManagement.Foundation.Private\2.0.3428.28303__90ba9c70f846762e\ResourceManagement.Foundation.Private.DLL
<unsigned> MD5: 208b19412153ba7c77acb4e093aa739c C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\e3d4c11809bddd2154fe7b704695e070\Microsoft.VisualBasic.ni.dll
<unsigned> MD5: 3c97e7131026a968c69892a3002f4003 C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\894183c0c47bd4772fbfad4c1a7e3b71\mscorlib.ni.dll
<unsigned> MD5: 44bc9fe94410a7165687d46774d1253d C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\78aac991cacbc9665c628f5466cec9c1\System.Configuration.ni.dll
<unsigned> MD5: 31d759eb90cccadc5641b6461c8ae180 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\57e722244d3b48cb92b340bc92d7a191\System.Drawing.ni.dll
<unsigned> MD5: b49d32fba5f5670b45663145947f717a C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\5fada30bf7c201ababed5104184b9754\System.Runtime.Remoting.ni.dll
<unsigned> MD5: 08dd0e0639ac0929c9a46e876cdbadf8 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\7742aef93bc3679a986cb5dab148cd76\System.Web.ni.dll
<unsigned> MD5: 4005c194272628cd1362a7ac88b50718 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\425e95df110b77abad261a46fca54e99\System.Windows.Forms.ni.dll
<unsigned> MD5: 5ed7722d11473666528dadc758e4edf1 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\99e7927ccb9099e607035349814d4cf6\System.Xml.ni.dll
<unsigned> MD5: 96d9ccdfcbdab436bf49ad0ed15c18e3 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\13cce38e8de5fd54853390e4e98abd0e\System.ni.dll
<unsigned> MD5: 3e9a33113d663d8bd5ed38858e669652 C:\Windows\winsxs\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.4053_none_d1c738ec43578ea1\ATL80.dll
<unsigned> MD5: 4928ab3a304ddf05c354de3807a4a66b C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80.dll
<unsigned> MD5: 686b224b4987c22b153fbb545fee9657 C:\Windows\winsxs\x86_microsoft.vc80.mfc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_cbf21254470d8752\mfc80u.dll
<unsigned> MD5: d8584c7fb9a1ba8480f9000c1ca1b415 C:\Windows\winsxs\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.05 MB sent, 0.71 KB recvd
Scanned 1271 files and modules - 9 seconds

==============================================================================

Edited by KyleJS, 27 June 2010 - 10:38 PM.


#11 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 27 June 2010 - 11:05 PM

I noticed TDSS Rootkit was listed as one of the things found using SAS and so I used the TDSS killer program and it found one infected file and deleted it, upon restarting it couldnt find it again so I think it worked on that one at least. Also I managed to reinstall mbytes, though with several errors along the way, and somehow it let me run it and have it perform a quick scan so heres the log for that as well.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/28/2010 12:04:53 AM
mbam-log-2010-06-28 (00-04-53).txt

Scan type: Quick scan
Objects scanned: 135871
Time elapsed: 5 minute(s), 28 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 3
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\nqelemuvaponame (Trojan.Agent.U) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\vjiro (Trojan.Agent.U) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\AppCertDlls\appsecdll (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.54,93.188.161.184 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4ed9e628-b36b-4015-8942-9fa5635dcb29}\NameServer (Trojan.DNSChanger) -> Data: 93.188.162.54,93.188.161.184 -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Users\Kyle\AppData\Local\ubawuwuqec.dll (Trojan.Agent.U) -> No action taken.
C:\Users\Kyle\AppData\Local\wmsysnac.dll (Trojan.Agent.U) -> No action taken.
C:\Users\Kyle\AppData\Local\Temp\0.5148379615103095.exe (Trojan.Dropper) -> No action taken.
C:\Users\Kyle\Local Settings\Application Data\Windows Server\qjzehr.dll (Trojan.Agent) -> No action taken.
C:\Windows\System32\config\systemprofile\Local Settings\Application Data\Windows Server\qjzehr.dll (Trojan.Agent) -> No action taken.

#12 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 28 June 2010 - 12:39 PM

Update. Ok after using the TDSS killer I let mbytes scan and do its thing and I think with TDSS killer gone it was actually able to delete all the nasty stuff it found without it coming back. I can now access mbytes.org and do the kaspersky scan thing, and I havent had a redirect yet, I think I may have gotten the worst of the stuff off, but im not 100% sure.

#13 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 28 June 2010 - 02:46 PM

yes I am sure the killer hit it. MBAM is old.


Rerun MBAM (MalwareBytes) like this:

Open MBAM in normal mode and click Update tab, select Check for Updates,when done
click Scanner tab,select Quick scan and scan (normal mode).
After scan click Remove Selected, Post new scan log and Reboot into normal mode.
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#14 KyleJS

KyleJS
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:02 PM

Posted 28 June 2010 - 04:58 PM

It found nothing. However I noticed before running this scan I re-ran the SAS scan and let it do its thing and it found the TDSS thing on my pc again, even though TDSS killer had found it and it had appeared gone before. In between those two scans I had restarted it a couple times. Should I do something to make sure TDSS wont get back on my pc again?

Heres the log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4251

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

6/28/2010 5:56:51 PM
mbam-log-2010-06-28 (17-56-51).txt

Scan type: Quick scan
Objects scanned: 147413
Time elapsed: 5 minute(s), 45 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Edited by KyleJS, 28 June 2010 - 04:58 PM.


#15 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,220 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:02 PM

Posted 28 June 2010 - 07:25 PM

In SAS was it in System Volume Information??
How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users