Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected with Google re-direct


  • This topic is locked This topic is locked
28 replies to this topic

#1 LarryM13

LarryM13

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 12 June 2011 - 07:09 PM

Problem - whenever I use any search engines for a particular search and click on it I get re-directed to another site. Initially started just with Google then I was able to use Yahoo for awhile but then this also gives same re-directing results. Now all searches get re-directed.

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 7.0.5730.11
Run by Owner at 12:22:47 on 2011-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2048.899 [GMT -4:00]
.
AV: Lavasoft Ad-Watch Live! Anti-Virus *Enabled/Updated* {A1C4F2E0-7FDE-4917-AFAE-013EFC3EDE33}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\rundll32.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\windows\system\hpsysdrv.exe
C:\WINDOWS\system32\ezSP_Px.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Norton Utilities 14\nu.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvcHst.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\Owner\My Documents\Downloads\Defogger.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uSearch Page = hxxp://ie.search.msn.com
uDefault_Search_URL = hxxp://srch-us7.hpwis.com/
uSearch Bar =
mStart Page = hxxp://us7.hpwis.com/
mSearch Bar =
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = localhost;127.0.0.1;your-6jnhhu0520
uSearchAssistant = hxxp://ie.search.msn.com
uSearchURL,(Default) = hxxp://as.starware.com/dp/search?x=wKX1ILEOi+UdWpSlz2q9Dzn13Emww/YwiC273s2RLPmkZW6+CAq7Nz8ckf9qnPYWqulZcYX2c3KWeI2VqZmtP7fjqaJgRGlFe1qblkzop4AaXFQj0AgnTUco42F12Ss6
mCustomizeSearch = hxxp://ie.search.msn.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\18.6.0.29\ips\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.2.4204.1700\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: hp toolkit: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\hp\explorebar\HPTOOLKT.DLL
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\18.6.0.29\coIEPlg.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {1028F737-81E7-452B-A860-E50CAD90A08C} - No File
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No File
EB: hp toolkit: {8f4902b6-6c04-4ade-8052-aa58578a21bd} - c:\windows\system32\Shdocvw.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [NortonUtilities] c:\program files\norton utilities 14\nu.exe /H
uRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\NPSWF32_FlashUtil.exe -p
mRun: [hpsysdrv] c:\windows\system\hpsysdrv.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [KBD] c:\hp\kbd\KBD.EXE
mRun: [PS2] c:\windows\system32\ps2.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [USB] c:\windows\system32\usb.exe
mRun: [ezShieldProtector for Px] c:\windows\system32\ezSP_Px.exe
mRun: [<NO NAME>]
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRunOnce: [RunNarrator] Narrator.exe
StartupFolder: c:\documents and settings\owner\start menu\programs\startup\PowerReg Scheduler V3.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hppsc2~1.lnk - c:\program files\hewlett-packard\digital imaging\bin\hpobnz08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\winzip~1.lnk - c:\program files\winzip\WZQKPICK.EXE
mPolicies-explorer: <NO NAME> =
IE: {17A27031-71FC-11d4-815C-005004D0F1FA} - c:\program files\marketbrowser\lmt\MarketBrowser_Launch.xpy
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: intuit.com\ttlc
Trusted Zone: turbotax.com
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/templates/ieawsdc.cab
DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://www.apple.com/qtactivex/qtplugin.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/4/9/e494c802-dd90-4c6b-a074-469358f075a6/OGAControl.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} - hxxp://www.classlink2000.com/sites/FILES/wfica.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1150499302796
DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://www.nick.com/common/groove/gx/GrooveAX27.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38134.4207060185
DPF: {A4639D2F-774E-11D3-A490-00C04F6843FB} - hxxp://download.microsoft.com/download/vizact2000/Install/10/WIN98Me/EN-US/msorun.cab
DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.1.6.cab
TCP: DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
TCP: Interfaces\{7BBE5969-6F3A-4FD5-8D0E-1501FF7AD710} : DhcpNameServer = 24.229.54.212 207.44.96.129 24.229.54.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\owner\application data\mozilla\firefox\profiles\ir1qwhes.default\
FF - prefs.js: browser.search.selectedEngine - Wikipedia (en)
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - prefs.js: network.proxy.type - 0
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coffplgn\components\coFFPlgn.dll
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - plugin: c:\documents and settings\joe\my documents\divx\divx web player\npdivx32.dll
FF - plugin: c:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff
FF - Ext: Symantec IPS: {BBDA0591-3099-440a-AA10-41764D9DB4DB} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\IPSFFPlgn
FF - Ext: Norton Toolbar: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62} - c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\coFFPlgn
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
.
============= SERVICES / DRIVERS ===============
.
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-10-27 64288]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nis\1206000.01d\symds.sys [2011-5-11 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nis\1206000.01d\symefa.sys [2011-5-11 744568]
R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\bashdefs\20110518.001\BHDrvx86.sys [2011-5-18 802936]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-10-27 98392]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nis\1206000.01d\ironx86.sys [2011-5-11 136312]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2010-9-23 2151128]
R2 NIS;Norton Internet Security;c:\program files\norton internet security\engine\18.6.0.29\ccsvchst.exe [2011-5-11 130008]
R2 Symantec Core LC;Symantec Core LC;c:\program files\common files\symantec shared\ccpd-lc\symlcsvc.exe [2005-10-29 1245064]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-9-9 24652]
R2 WinDriver;WinDriver;c:\windows\system32\drivers\windrvr.sys [2010-9-9 205220]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-26 105592]
R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\ipsdefs\20110604.001\IDSXpx86.sys [2011-6-2 355256]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110612.002\NAVENG.SYS [2011-6-12 86008]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nis_18.1.0.37\definitions\virusdefs\20110612.002\NAVEX15.SYS [2011-6-12 1542392]
R4 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-2-6 39984]
S2 mrtRate;mrtRate; [x]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\lavasoft\ad-aware\kernexplorer.sys [2010-9-23 15232]
S3 PCDRDRV;Pcdr Helper Driver;\??\c:\progra~1\pc-doc~1\diagno~1\pcdrdrv.sys --> c:\progra~1\pc-doc~1\diagno~1\PCDRDRV.sys [?]
S3 SMCSMC WirelessUSB(SMC2662W)®;SMC SMC WirelessUSB(SMC2662W)® Service for SMC EZ Connect Wireless USB Adapter(SMC2662W);c:\windows\system32\drivers\Net62151.sys [2004-5-27 100352]
.
=============== Created Last 30 ================
.
2011-06-01 07:26:25 -------- d-----w- c:\program files\CCleaner
.
==================== Find3M ====================
.
2011-05-29 13:11:30 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-29 13:11:20 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 23:39:48 60872 ----a-w- c:\windows\system32\S32EVNT1.DLL
2011-05-11 23:39:48 126584 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2011-04-18 10:23:39 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-03-31 03:00:09 516216 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtsp.sys
2011-03-31 03:00:09 50168 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\srtspx.sys
2011-03-22 00:39:49 369784 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdi.sys
2011-03-22 00:39:49 331384 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symtdiv.sys
2011-03-22 00:39:49 296568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symnets.sys
2011-03-15 02:31:23 744568 ----a-w- c:\windows\system32\drivers\nis\1206000.01d\symefa.sys
2005-10-30 01:49:15 3727360 ----a-w- c:\program files\WRT54GV4[1].0_4.20.7_US_code,1.exe
2005-10-29 21:47:09 19846914 ----a-w- c:\program files\71.89_win2kxp_english.exe
2005-10-15 14:47:23 5037072 ----a-w- c:\program files\spybotsd14.exe
.
============= FINISH: 12:24:39.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 19 June 2011 - 10:56 AM

Hello LarryM13 and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please temporarily disable Ad-Aware's Ad-Watch, as it may hinder the removal of some entries. You can re-enable it after you're clean.

Right click on the Adaware icon in the system tray and select Exit.

(you may need to do this after every reboot.)

-------------

I notice that you have Spybot's TeaTimer running. While this is normally a wonderful tool to protect against hijackers, it can also interfere with HijackThis fixes. So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure Advanced Mode is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck Resident TeaTimer and OK any prompts
You can re-enable TeaTimer once your system is clean.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please go here to see a list of programs that should be disabled.

**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**

Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.

-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • C:\ComboFix.txt
  • Security Check checkup.txt

How is your computer running now?

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 25 June 2011 - 10:43 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB

#4 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 28 June 2011 - 09:37 AM

Fred,

Apologize for the delay as I have been on travel. Ran your instructions and unfortunately still have the same re-direct problem. Attached are the 3 files tdsskller(nothing found), combo and security check. Thanks again for all your efforts.

Larry

Attached Files



#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 28 June 2011 - 10:46 AM

Apologize for the delay as I have been on travel. Ran your instructions and unfortunately still have the same re-direct problem. Attached are the 3 files tdsskller(nothing found), combo and security check. Thanks again for all your efforts.

No worries, I understand. Thank you for letting me know. :)

Also, for future reference, please include the logs as posts rather than as attachments- it makes them easier to read for me that way. :wink:

Also, are you getting redirects in Internet Explorer, Firefox, or both? Please let me know. :)

Let's run some more scans to give us a better look:

----------

Please download maxhandle.exe by noahdfear to your desktop
  • Double click and run the application
  • An active internet connection is required so that maxhandle.exe may download a tool from SysInternals (every time it is run).
  • Log is saved to c:\maxhandle.txt
  • If Max++ is not found Nothing found! is echoed to the screen - no log is produced.
Please post the results for my review

----------

Download Rootkit Unhooker and save it to your Desktop.

Close all open programs and browsers, then double-click RKUnhookerLE.exe to run it.
Vista/Windows 7 users right-click and select Run As Administrator.

  • Click the Report tab, then click Scan
  • Check Drivers, Stealth Code, Files, and Code Hooks
  • UNcheck the rest, then click OK
  • When prompted to Select Disks for Scan, make sure C:\ is checked and click OK
  • Wait until the scanner has finished then go File > Save Report
  • Save the report somewhere you can find it. Click Close
  • Copy the entire contents of the report and paste it in your next reply.

    Note: You may get the following warning---just ignore it, click OK and continue. Rootkit Unhooker has detected a parasite inside itself!
    It is recommended to remove parasite, okay?

----------

Please include the maxhandle log (if one is created) and the Rootkit Unhooker log in your next reply.

How is your computer running now?

#6 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 28 June 2011 - 11:41 AM

Fred,

Was able to runmaxhandle and "Nothing Found". Having trouble running Rootkit Unhooker, after checking drivers, stealth code, files and code hooks and unchecking the rest after hitting "Ok" I am never prompted to select disks for Scan. Root Unhooker screen with all tabs stays for a few minutes and then disappears.

Larry

#7 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 28 June 2011 - 11:43 AM

Let's try this:

Please reboot to Safe Mode (tap the F8 key just before Windows starts to load and select the Safe Mode option from the menu).

Once you're in safe mode try running Rootkit Unhooker again. If successful, please post the log that it creates in your next reply. :)

#8 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 30 June 2011 - 11:39 AM

Fred,

Ran in safe mode, still was never prompted to select disks for scan and therefore was unable to make sure C:/ was selected although I believe a report ran which I save and is below. Was unable to post entire report as it exceeded permissible limit, although it appeared the report just keep repeating itself with the 3 numbers on end of each line changing i.e. started with 164, next was 168 then 172 up to 320. Let me know if this is what you expected to see. Again thanks for your help.

Larry

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #1
==============================================
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A7D6680 ] TID: 164, 328056 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheck [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckByType [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckByTypeAndAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckByTypeResultList [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAccessCheckByTypeResultListAndAuditAlarmByHandle [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAddAtom [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAddBootEntry [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAdjustGroupsToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAdjustPrivilegesToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAlertResumeThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAlertThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAllocateLocallyUniqueId [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAllocateUserPhysicalPages [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAllocateUuids [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAllocateVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAreMappedFilesTheSame [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtAssignProcessToJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCallbackReturn [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCancelDeviceWakeupRequest [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCancelIoFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCancelTimer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtClearEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtClose [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCloseObjectAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCompactKeys [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCompareTokens [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCompleteConnectPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCompressKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtConnectPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtContinue [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateDebugObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateDirectoryObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateIoCompletion [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateJobSet [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateMailslotFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateMutant [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateNamedPipeFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreatePagingFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreatePort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateProcessEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateProfile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateSection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateSemaphore [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateSymbolicLinkObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateTimer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateWaitablePort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDebugActiveProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDebugContinue [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDelayExecution [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteAtom [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteBootEntry [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteObjectAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeleteValueKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDeviceIoControlFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDisplayString [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDuplicateObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtDuplicateToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtEnumerateBootEntries [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtEnumerateKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtEnumerateSystemEnvironmentValuesEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtEnumerateValueKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtExtendSection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFilterToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFindAtom [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFlushBuffersFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFlushInstructionCache [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFlushKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFlushVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFlushWriteBuffer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFreeUserPhysicalPages [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFreeVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtFsControlFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtGetContextThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtGetDevicePowerState [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtGetPlugPlayEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtGetWriteWatch [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtImpersonateAnonymousToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtImpersonateClientOfPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtImpersonateThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtInitializeRegistry [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtInitiatePowerAction [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtIsProcessInJob [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtIsSystemResumeAutomatic [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtListenPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLoadDriver [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLoadKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLoadKey2 [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLockFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLockProductActivationKeys [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLockRegistryKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtLockVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtMakePermanentObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtMakeTemporaryObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtMapUserPhysicalPages [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtMapUserPhysicalPagesScatter [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtMapViewOfSection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtModifyBootEntry [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtNotifyChangeDirectoryFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtNotifyChangeKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtNotifyChangeMultipleKeys [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenDirectoryObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenIoCompletion [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenMutant [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenObjectAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenProcessToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenProcessTokenEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenSection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenSemaphore [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenSymbolicLinkObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenThreadToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenThreadTokenEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenTimer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPlugPlayControl [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPowerInformation [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPrivilegeCheck [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPrivilegeObjectAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPrivilegedServiceAuditAlarm [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtProtectVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtPulseEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryAttributesFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryBootEntryOrder [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryBootOptions [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryDebugFilterState [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryDefaultLocale [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryDefaultUILanguage [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryDirectoryFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryDirectoryObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryEaFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryFullAttributesFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationAtom [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInformationToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryInstallUILanguage [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryIntervalProfile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryIoCompletion [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryMultipleValueKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryMutant [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryOpenSubKeys [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryPerformanceCounter [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryQuotaInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySecurityObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySemaphore [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySymbolicLinkObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySystemEnvironmentValue [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySystemEnvironmentValueEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySystemInformation [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQuerySystemTime [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryTimer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryTimerResolution [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryValueKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryVolumeInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueueApcThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRaiseException [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRaiseHardError [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReadFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReadFileScatter [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReadRequestData [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReadVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRegisterThreadTerminatePort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReleaseMutant [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReleaseSemaphore [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRemoveIoCompletion [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRemoveProcessDebug [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRenameKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReplaceKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReplyPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReplyWaitReceivePort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReplyWaitReceivePortEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReplyWaitReplyPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRequestDeviceWakeup [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRequestPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRequestWaitReplyPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRequestWakeupLatency [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtResetEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtResetWriteWatch [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtRestoreKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtResumeProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtResumeThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSaveKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSaveKeyEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSaveMergedKeys [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSecureConnectPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetBootEntryOrder [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetBootOptions [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetContextThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetDebugFilterState [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetDefaultHardErrorPort [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetDefaultLocale [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetDefaultUILanguage [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetEaFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetEventBoostPriority [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetHighEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetHighWaitLowEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationDebugObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetInformationToken [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetIntervalProfile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetIoCompletion [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetLdtEntries [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetLowEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetLowWaitHighEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetQuotaInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSecurityObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSystemEnvironmentValue [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSystemEnvironmentValueEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSystemInformation [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSystemPowerState [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetSystemTime [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetThreadExecutionState [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetTimer [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetTimerResolution [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetUuidSeed [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetValueKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSetVolumeInformationFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtShutdownSystem [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSignalAndWaitForSingleObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtStartProfile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtStopProfile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSuspendProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSuspendThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtSystemDebugControl [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTerminateJobObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTerminateProcess [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTerminateThread [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTestAlert [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTraceEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtTranslateFilePath [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnloadDriver [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnloadKey [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnloadKeyEx [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnlockFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnlockVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtUnmapViewOfSection [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtVdmControl [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitForDebugEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitForMultipleObjects [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitForSingleObject [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitHighEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitLowEventPair [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWriteFile [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWriteFileGather [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWriteRequestData [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWriteVirtualMemory [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtYieldExecution [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtCreateKeyedEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtOpenKeyedEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtReleaseKeyedEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtWaitForKeyedEvent [ ETHREAD 0x8A7D6680 ] TID: 164
Masqueraded service-->NtQueryPortInformationProcess [ ETHREAD 0x8A7D6680 ] TID: 164
0x80562520 Faked ServiceTable-->smss.exe [ ETHREAD 0x8A7E5DA8 ] TID: 168, 328056 bytes
Masqueraded service-->NtAcceptConnectPort [ ETHREAD 0x8A7E5DA8 ] TID: 168
Masqueraded service-->NtAccessCheck [ ETHREAD 0x8A7E5DA8 ] TID: 168
Masqueraded service-->NtAccessCheckAndAuditAlarm [ ETHREAD 0x8A7E5DA8 ] TID: 168

#9 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 30 June 2011 - 11:40 AM

Fred,

Forgot, this re-direct occurs in both IE and Firefox.

Larry

#10 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 30 June 2011 - 11:41 AM

Let's try this :):

XP

You must first verify that you can logon to the Windows Recovery Console.
To do so, you must have the Recovery Console installed or use the Windows XP installation cd.

How to install and use the Windows XP Recovery Console


Next, please download maxlook, saving the file to your desktop.
Double click maxlook.exe to run it. Note - you must run it only once!
As instructed when the tool runs, restart the computer and logon to the Recovery Console.
Execute the following bolded command at the x:\windows> prompt <--- the red x represents your operating system drive letter, usually C

batch look.bat


Posted Image

You will see 1 file copied many times then return to the x:\windows> prompt.
Type Exit to restart your computer then logon in normal mode.
Please run maxlook.exe again now. Note - you must run it only once!
It will produce looklog.txt on the desktop and open it.
Please post the results here.

#11 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 30 June 2011 - 02:39 PM

Feed,

Sorry for the delay as I was unable to load Windows Recovery Console to hard drive but managed to get report as follows:

Run from C:\Documents and Settings\Owner\Desktop\maxlook.exe on Thu 06/30/2011 at 15:29:04.76

No infected file found

For the heck of it I tried searching on the net in Google(Firefox) and was not re-directed. I do not know what is different from yesterday when and I tried and got re-directed and what we did today??? Comments?

Larry

#12 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 30 June 2011 - 03:13 PM

For the heck of it I tried searching on the net in Google(Firefox) and was not re-directed. I do not know what is different from yesterday when and I tried and got re-directed and what we did today??? Comments?

That is odd indeed :blink:. For the record, I don't quite think we're in the clear just yet.

Let's try this:

Please go to Start > Run and type:

maxlook -sig

and hit Enter.

Note:

Be sure that you have internet connection. Please post back with the logfile which will open in notepad.

#13 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 30 June 2011 - 03:25 PM

Fred,

file as requested from maxlook -sig, Larry

Run from C:\Documents and Settings\Owner\Desktop\maxlook.exe on Thu 06/30/2011 at 16:19:09.20

--------- maxlook unsigned files ---------

c:\windows\maxdrive\asctrm.sys:
	Verified:	Unsigned
	File date:	11:40 AM 5/27/2004
	Publisher:	Windows (R) 2000 DDK provider
	Description:	TR Manager
	Product:	Windows (R) 2000 DDK driver
	Version:	5.00.2195.1
	File version:	5.00.2195.1
c:\windows\maxdrive\BlackBox.sys:
	Verified:	Unsigned
	File date:	10:54 AM 6/30/2011
	Publisher:	n/a
	Description:	n/a
	Product:	n/a
	Version:	3, 8, 389, 7601
	File version:	3, 8, 389, 7601
c:\windows\maxdrive\BVRPMPR5.SYS:
	Verified:	Unsigned
	File date:	4:27 AM 6/30/2010
	Publisher:	Avanquest Software
	Description:	BVRP NDIS 5.0 MPR Protocol Driver
	Product:	BVRPNDIS Rawether for Windows
	Version:	2.00.00.01
	File version:	2.00.00.01
c:\windows\maxdrive\drvmcdb.sys:
	Verified:	Unsigned
	File date:	2:21 PM 10/21/2002
	Publisher:	VERITAS Software, Inc.
	Description:	Device Driver
	Product:	n/a
	Version:	n/a
	File version:	3.21.45a
c:\windows\maxdrive\hpzid412.sys:
	Verified:	Unsigned
	File date:	2:26 PM 2/15/2002
	Publisher:	HP
	Description:	IEEE-1284.4-1999 Driver (Windows 2000)
	Product:	HP Dot4 Windows 2000
	Version:	4, 5, 0, 642
	File version:	4, 5, 0, 642
c:\windows\maxdrive\HPZipr12.sys:
	Verified:	Unsigned
	File date:	1:37 PM 3/21/2002
	Publisher:	HP
	Description:	IEEE-1284.4-1999 Print Class Driver
	Product:	HP Dot4Print
	Version:	4, 5, 0, 479
	File version:	4, 5, 0, 479
c:\windows\maxdrive\MxlW2k.sys:
	Verified:	Unsigned
	File date:	2:59 PM 10/28/2002
	Publisher:	MusicMatch, Inc.
	Description:	MusicMatch Access Layer KMD
	Product:	MusicMatch Access Layer
	Version:	1.0.1.104
	File version:	1.0.1.104
c:\windows\maxdrive\Net62151.sys:
	Verified:	Unsigned
	File date:	1:03 PM 7/23/2003
	Publisher:	ATMEL
	Description:	NDIS 5.0/5.1 driver
	Product:	802.11b Compliant USB Wireless Network Adapter
	Version:	ver. 1.102.x.113, 505A 2958
	File version:	2.9.8.351 built by: WinDDK
c:\windows\maxdrive\PcdrNt.sys:
	Verified:	Unsigned
	File date:	9:42 AM 3/23/2000
	Publisher:	PC-Doctor Inc.
	Description:	PC-Doctor NT Support Driver
	Product:	PC-Doctor NT 3.0
	Version:	3.0
	File version:	4.0.7
c:\windows\maxdrive\pfc.sys:
	Verified:	Unsigned
	File date:	4:47 PM 9/19/2003
	Publisher:	Padus, Inc.
	Description:	Padus(R) ASPI Shell
	Product:	Padus(R) ASPI Shell
	Version:	2, 5, 0, 204
	File version:	2, 5, 0, 204
c:\windows\maxdrive\pxhelp20.sys:
	Verified:	Unsigned
	File date:	10:33 AM 10/21/2002
	Publisher:	VERITAS Software, Inc.
	Description:	PxHelper Device Driver for Windows 2000
	Product:	PxHelp20
	Version:	n/a
	File version:	2.02.42a
c:\windows\maxdrive\SQCamD.sys:
	Verified:	Unsigned
	File date:	9:30 AM 1/10/2003
	Publisher:	Service & Quality Technology.
	Description:	Universal Serial Bus Camera Driver
	Product:	SQ913
	Version:	9.13.15.6
	File version:	1.891.110.3
c:\windows\maxdrive\SQCaptur.sys:
	Verified:	Unsigned
	File date:	10:56 AM 1/10/2003
	Publisher:	Service & Quality Technology.
	Description:	Universal Serial Bus Camera Driver
	Product:	SQ913
	Version:	9.13.15.6
	File version:	1.89.108.2
c:\windows\maxdrive\StMp3Rec.sys:
	Verified:	Unsigned
	File date:	8:32 PM 12/18/2004
	Publisher:	Generic
	Description:	Generic MP3 Player USB Driver
	Product:	Generic MP3 Player
	Version:	139, 0, 551, 1
	File version:	1, 551, 0, 139
c:\windows\maxdrive\tiehdusb.sys:
	Verified:	Unsigned
	File date:	12:27 PM 2/4/2004
	Publisher:	Texas Instruments Incorporated
	Description:	tiehdusb.sys
	Product:	Texas Instruments Incorporated Educational Handheld Device
	Version:	1.5
	File version:	1.5
c:\windows\maxdrive\wdmstub.sys:
	Verified:	Unsigned
	File date:	4:53 PM 11/14/2003
	Publisher:	Walter Oney Software
	Description:	WDM stub functions for Windows 98
	Product:	Programming the Microsoft Windows Driver Model SP-4
	Version:	5.00.006
	File version:	5.00.006
c:\windows\maxdrive\wdpnp.sys:
	Verified:	Unsigned
	File date:	6:38 PM 5/6/2002
	Publisher:	Jungo
	Description:	WinDriver plug and play stub Driver 5.05
	Product:	WinDriver plug and play stub Driver
	Version:	5.05
	File version:	5.05
c:\windows\maxdrive\windrvr.sys:
	Verified:	Unsigned
	File date:	5:47 PM 8/4/2002
	Publisher:	Jungo
	Description:	WinDriver Device Driver 5.05b
	Product:	WinDriver Device Driver
	Version:	5.05b
	File version:	5.05b

--------- system32\drivers unsigned files ---------

c:\windows\system32\drivers\asctrm.sys:
	Verified:	Unsigned
	File date:	11:40 AM 5/27/2004
	Publisher:	Windows (R) 2000 DDK provider
	Description:	TR Manager
	Product:	Windows (R) 2000 DDK driver
	Version:	5.00.2195.1
	File version:	5.00.2195.1
c:\windows\system32\drivers\BlackBox.sys:
	Verified:	Unsigned
	File date:	10:54 AM 6/30/2011
	Publisher:	n/a
	Description:	n/a
	Product:	n/a
	Version:	3, 8, 389, 7601
	File version:	3, 8, 389, 7601
c:\windows\system32\drivers\BVRPMPR5.SYS:
	Verified:	Unsigned
	File date:	4:27 AM 6/30/2010
	Publisher:	Avanquest Software
	Description:	BVRP NDIS 5.0 MPR Protocol Driver
	Product:	BVRPNDIS Rawether for Windows
	Version:	2.00.00.01
	File version:	2.00.00.01
c:\windows\system32\drivers\drvmcdb.sys:
	Verified:	Unsigned
	File date:	2:21 PM 10/21/2002
	Publisher:	VERITAS Software, Inc.
	Description:	Device Driver
	Product:	n/a
	Version:	n/a
	File version:	3.21.45a
c:\windows\system32\drivers\hpzid412.sys:
	Verified:	Unsigned
	File date:	2:26 PM 2/15/2002
	Publisher:	HP
	Description:	IEEE-1284.4-1999 Driver (Windows 2000)
	Product:	HP Dot4 Windows 2000
	Version:	4, 5, 0, 642
	File version:	4, 5, 0, 642
c:\windows\system32\drivers\HPZipr12.sys:
	Verified:	Unsigned
	File date:	1:37 PM 3/21/2002
	Publisher:	HP
	Description:	IEEE-1284.4-1999 Print Class Driver
	Product:	HP Dot4Print
	Version:	4, 5, 0, 479
	File version:	4, 5, 0, 479
c:\windows\system32\drivers\MxlW2k.sys:
	Verified:	Unsigned
	File date:	2:59 PM 10/28/2002
	Publisher:	MusicMatch, Inc.
	Description:	MusicMatch Access Layer KMD
	Product:	MusicMatch Access Layer
	Version:	1.0.1.104
	File version:	1.0.1.104
c:\windows\system32\drivers\Net62151.sys:
	Verified:	Unsigned
	File date:	1:03 PM 7/23/2003
	Publisher:	ATMEL
	Description:	NDIS 5.0/5.1 driver
	Product:	802.11b Compliant USB Wireless Network Adapter
	Version:	ver. 1.102.x.113, 505A 2958
	File version:	2.9.8.351 built by: WinDDK
c:\windows\system32\drivers\PcdrNt.sys:
	Verified:	Unsigned
	File date:	9:42 AM 3/23/2000
	Publisher:	PC-Doctor Inc.
	Description:	PC-Doctor NT Support Driver
	Product:	PC-Doctor NT 3.0
	Version:	3.0
	File version:	4.0.7
c:\windows\system32\drivers\pfc.sys:
	Verified:	Unsigned
	File date:	4:47 PM 9/19/2003
	Publisher:	Padus, Inc.
	Description:	Padus(R) ASPI Shell
	Product:	Padus(R) ASPI Shell
	Version:	2, 5, 0, 204
	File version:	2, 5, 0, 204
c:\windows\system32\drivers\pxhelp20.sys:
	Verified:	Unsigned
	File date:	10:33 AM 10/21/2002
	Publisher:	VERITAS Software, Inc.
	Description:	PxHelper Device Driver for Windows 2000
	Product:	PxHelp20
	Version:	n/a
	File version:	2.02.42a
c:\windows\system32\drivers\SQCamD.sys:
	Verified:	Unsigned
	File date:	9:30 AM 1/10/2003
	Publisher:	Service & Quality Technology.
	Description:	Universal Serial Bus Camera Driver
	Product:	SQ913
	Version:	9.13.15.6
	File version:	1.891.110.3
c:\windows\system32\drivers\SQCaptur.sys:
	Verified:	Unsigned
	File date:	10:56 AM 1/10/2003
	Publisher:	Service & Quality Technology.
	Description:	Universal Serial Bus Camera Driver
	Product:	SQ913
	Version:	9.13.15.6
	File version:	1.89.108.2
c:\windows\system32\drivers\StMp3Rec.sys:
	Verified:	Unsigned
	File date:	8:32 PM 12/18/2004
	Publisher:	Generic
	Description:	Generic MP3 Player USB Driver
	Product:	Generic MP3 Player
	Version:	139, 0, 551, 1
	File version:	1, 551, 0, 139
c:\windows\system32\drivers\tiehdusb.sys:
	Verified:	Unsigned
	File date:	12:27 PM 2/4/2004
	Publisher:	Texas Instruments Incorporated
	Description:	tiehdusb.sys
	Product:	Texas Instruments Incorporated Educational Handheld Device
	Version:	1.5
	File version:	1.5
c:\windows\system32\drivers\wdmstub.sys:
	Verified:	Unsigned
	File date:	4:53 PM 11/14/2003
	Publisher:	Walter Oney Software
	Description:	WDM stub functions for Windows 98
	Product:	Programming the Microsoft Windows Driver Model SP-4
	Version:	5.00.006
	File version:	5.00.006
c:\windows\system32\drivers\wdpnp.sys:
	Verified:	Unsigned
	File date:	6:38 PM 5/6/2002
	Publisher:	Jungo
	Description:	WinDriver plug and play stub Driver 5.05
	Product:	WinDriver plug and play stub Driver
	Version:	5.05
	File version:	5.05
c:\windows\system32\drivers\windrvr.sys:
	Verified:	Unsigned
	File date:	5:47 PM 8/4/2002
	Publisher:	Jungo
	Description:	WinDriver Device Driver 5.05b
	Product:	WinDriver Device Driver
	Version:	5.05b
	File version:	5.05b


#14 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:09:36 PM

Posted 30 June 2011 - 05:03 PM

Well, it all looks clean to me :thumbup2:.

EDIT: Try rebooting the computer. If you get any redirects after, let me know.

Before we move on, let's run some online scans to see if there are any traces left :wink: :


Please run a free online scan with the ESET Online Scanner
Note: You will need to use Internet Explorer for this scan.
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  • Click Scan
    Wait for the scan to finish
  • Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic

-------

Please use the Internet Explorer and run a BitDefender Online scan from Here
  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan
Please post the results in your next reply.

-------

Please incldue the ESET and BitDefender reports in your next reply, and let me know of any issues you've encountered :).

Edited by D-FRED-BROWN, 30 June 2011 - 05:04 PM.


#15 LarryM13

LarryM13
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 01 July 2011 - 04:50 PM

Fred,

results below:Thanks, Larry

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=f81aa63e26c7b8448312e0778f853d30
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-01 04:36:09
# local_time=2011-07-01 12:36:09 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=3584 16777215 100 0 0 0 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=223400
# found=1
# cleaned=1
# scan_time=9566
C:\WINDOWS\inf\alchem.inf probably a variant of Win32/Agent.GESWFOG trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000


QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Fri Jul 01 17:44:49 2011
Machine ID: 549445A5

C:\WINDOWS\system32\ntdsapi7.dll - could not be scanned


No infection found.
-------------------



Processes
---------
Bonjour 2024 C:\Program Files\Bonjour\mDNSResponder.exe
ezSP_Px Application 2548 C:\WINDOWS\system32\ezSP_Px.exe
Hewlett-Packard Company KBD EXE 2200 C:\hp\KBD\kbd.exe
hp digital imaging - hp all-in-one seri 3984 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hp digital imaging - hp all-in-one seri 1588 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
hp digital imaging - hp all-in-one seri 3688 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
HP PML 2192 C:\WINDOWS\system32\HPZipm12.exe
hpsysdrv 1808 C:\WINDOWS\system\hpsysdrv.exe
Intuit Update Service 340 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
Logitech QuickCam 460 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
Logitech QuickCam 496 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
Microsoft® Windows® Operating System 1484 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 1996 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
Norton Utilities 1004 C:\Program Files\Norton Utilities 14\nu.exe
NVIDIA Driver Helper Service, Version 7 920 C:\WINDOWS\system32\nvsvc32.exe
Symantec Security Technologies 632 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
Symantec Security Technologies 3088 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
symlcsvc.exe 1344 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Viewpoint Manager 1772 C:\Program Files\Viewpoint\Common\ViewpointService.exe
WinZip 4080 C:\Program Files\WinZip\WZQKPICK.EXE
(verified) Java™ Platform SE 6 U11 428 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft® Windows® Operating System 3292 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 2376 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 656 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 740 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 728 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 896 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1008 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1104 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1964 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1188 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1316 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 176 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1364 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2524 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 3880 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 4068 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3664 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (4068) connected on port 80 (HTTP) --> 204.186.34.161
Process iexplore.exe (4068) connected on port 80 (HTTP) --> 204.186.34.161
Process iexplore.exe (4068) connected on port 80 (HTTP) --> 69.171.228.12
Process iexplore.exe (4068) connected on port 80 (HTTP) --> 72.14.204.138
Process iexplore.exe (4068) connected on port 80 (HTTP) --> 204.186.34.155

Process svchost.exe (1008) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
Ad-Aware Admin Application C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
ezSP_Px Application C:\WINDOWS\system32\ezSP_Px.exe
Hewlett-Packard Company KBD EXE C:\hp\KBD\kbd.exe
Hewlett-Packard Company PS2 EXE C:\WINDOWS\system32\ps2.exe
Hewlett-Packard Company USB EXE C:\WINDOWS\system32\usb.exe
hp digital imaging - hp all-in-one seri C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
hpsysdrv C:\WINDOWS\system\hpsysdrv.exe
Intel® Common User Interface C:\WINDOWS\System32\hkcmd.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxsrvc.dll
Intel® Common User Interface C:\WINDOWS\System32\igfxtray.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Microsoft Office 2000 C:\Program Files\Microsoft Office\Office\OSA9.EXE
Microsoft® Windows® Operating System C:\WINDOWS\System32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Norton Utilities C:\Program Files\Norton Utilities 14\nu.exe
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll
PowerReg Scheduler C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
WinZip C:\Program Files\WinZip\WZQKPICK.EXE
(verified) Google Updater C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Broderbund Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
DivX Web Player C:\Documents and Settings\Joe\My Documents\DivX\DivX Web Player\npdivx32.dll
Fast Search C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
Graphics Display Plugin C:\Program Files\Internet Explorer\plugins\NPEvery.dll
HP Peripheral Interrogator C:\Program Files\Internet Explorer\plugins\nphppi.dll
hp toolkit c:\hp\explorebar\hptoolkt.dll
InterTrust Redemption Wizard C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
MarketBrowser_Launch.xpy C:\Program Files\MarketBrowser\lmt\MarketBrowser_Launch.xpy
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft ® Visual C++ C:\Program Files\Internet Explorer\plugins\mfc42.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
Norton Confidential C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
RealJukebox NS Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
RealNetworks Rhapsody Player Engine C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
RealPlayer Version Plugin C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
RealPlayer™ G2 LiveConnect-Enabled P C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
Skype add-on for IE C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Symantec Intrusion Detection C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
Verity VML Viewer C:\Program Files\Internet Explorer\plugins\npvview.dll
VIEWCTRL OLE Control Module C:\Program Files\Internet Explorer\plugins\viewctrl.ocx
viewkv.dll C:\Program Files\Internet Explorer\plugins\viewkv.dll
viewmgr.dll C:\Program Files\Internet Explorer\plugins\viewmgr.dll
viewpdf.dll C:\Program Files\Internet Explorer\plugins\viewpdf.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
(verified) Java™ Platform SE 6 U11 c:\program files\java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U11 C:\Program Files\Java\jre6\bin\ssv.dll
(verified) Java™ Platform SE 6 U11 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll


Scan
----
MD5: ad73b4cd214de82d003fdadbaeab6410 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHDrvx86.sys
MD5: 68c53529158ca19a8d9b727df9224ab1 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110616.003\BHEngine.dll
MD5: 61518e77e90d33abba26ff26b6f5cd94 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSxpx86.dll
MD5: b9ba869eb7b66c5740e904a79f9245b4 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\IDSxpx86.sys
MD5: e170dbbe40f08b084fe5bb308e4f1745 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110630.050\Scxpx86.dll
MD5: 920d9701bba90dbb7ccfd3536ea4d6f9 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110701.002\NAVENG.SYS
MD5: 31b1a9b53c3319b97f7874347cd992d2 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110701.002\NAVEX15.SYS
MD5: 56e18c09654020009012a53fd332d397 C:\Documents and Settings\Joe\My Documents\DivX\DivX Web Player\npdivx32.dll
MD5: 0419b153fbcad8c197e2212ebb5a23db C:\Documents and Settings\Owner\Start Menu\Programs\Startup\PowerReg Scheduler V3.exe
MD5: 158ce08ba0ba8c1b76b6c47793dd02be c:\hp\explorebar\hptoolkt.dll
MD5: d2d55202d68c0aebdd9b5fce91fb2b55 C:\HP\KBD\aol.dll
MD5: c12de5303e91e0f80797776f357972ea C:\HP\KBD\cfg.dll
MD5: f60d7ba291b9812ae9a77cf95689818e C:\hp\KBD\kbd.exe
MD5: b3082b33b2949893510d6ec25091e7cf C:\HP\KBD\led.dll
MD5: d9a7a90d377b9f90bd3f2ba2155d42a2 C:\HP\KBD\msg.dll
MD5: 870a855e446aae72a33217c8e4c939d3 C:\HP\KBD\MSIKBDIF.DLL
MD5: 67ff63f39a32c9b9b163f356db653bd5 C:\HP\KBD\onl.dll
MD5: 5ea0fdb1453174a525aa87ae651bb5a5 C:\HP\KBD\osd.dll
MD5: fc730a9d0ae4587ff6df8cfaaf2d6e0d C:\HP\KBD\ps2.dll
MD5: a902444a6c43cb14980ef5b70846b764 C:\HP\KBD\sct.dll
MD5: b272f152e4f8d524fa51b5711fd97859 C:\HP\KBD\url.dll
MD5: eb04496e490812baa345f699c5fa5f3d C:\HP\KBD\USB.dll
MD5: bcd6f11db7def073a934cb1ea5eb5f07 C:\OrCAD\OrCAD_10.0_Demo\tools\capture\hhctrl.ocx
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe
MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: 7caac9543318a1ee9056859f073a00da C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 6c74d73032bd60694ccf485a6dfcdbd3 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 3808dd8f3b80549c140d22147441b1fb C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 12562870da441564f4cf80ccbea646fe C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: f64a630c746dcefb640fe724f911d317 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 87305fef54f6787331812deec2620b70 C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 5aa788d5a2c6737bb9c45933985bc1b8 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: 91607a5e321cf2b9043dde0d6681a6c5 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
MD5: 38440fe1a65b1fe3d246c5c4cad22f53 C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
MD5: 28bd0e4b6c050b591b8cb35b9ad284e6 C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
MD5: 205317416cd948a47c39cae3f2ded711 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MD5: 438fafe708c93b2236fc26b6f2bd5fd0 C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 277b3b6dc03a68739e8186120fa91f79 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_D5B8545F3CFB02D4.dll
MD5: aebb7536da92a8a0417af89e63e973b3 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_9655453EC427A513.dll
MD5: 783ad24a77cd964b9888f27535fcc56e C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
MD5: b23ed6dea5ec6a8e014a8f09e59981c0 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
MD5: 595f9a0f4611ea2421be1c850b9da744 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpocxi08.dll
MD5: 08df4e73780f319ad23633d1d3588287 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodio08.dll
MD5: 45af6fc5532e5ef8baf5aec071b6abc3 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvb08.dll
MD5: 801224c44bf401da0ff8823cafd9adc0 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpodvd08.dll
MD5: 78669b036adb0bf4dfcdd3fa2850c3cc C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
MD5: 4203ead4455547ad5e38b956b91b5c6f C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposts08.exe
MD5: 64aa2e598c7450345aaa64e446aac0d5 C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.rsc
MD5: 7d85da98de68ef2872e4f120de2ebb18 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcob08.dll
MD5: 51524ed79ffe5568f0a0a33525861707 C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqcxm08.dll
MD5: 3b079bf5039ce59b07d4b99215bc0aeb C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpqtap08.dll
MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 28f2911af34f73259a9c5dffcbf71a00 C:\Program Files\Internet Explorer\plugins\mfc42.dll
MD5: 0cbe3e4166a08fc379eabf532b4efe18 C:\Program Files\Internet Explorer\plugins\NPDocBox.dll
MD5: b6c33bc5e5497a5834202eaa69f2bb4d C:\Program Files\Internet Explorer\plugins\NPEvery.dll
MD5: dd165f4302b987948610d258f891f8b7 C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll
MD5: 52e276ce67464d35602cfd59a87895a6 C:\Program Files\Internet Explorer\plugins\nphppi.dll
MD5: 700cc8a0ca98e056f7a951d0ab9f856b C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 17fc6c3388dfafd491774a37191e6536 C:\Program Files\Internet Explorer\plugins\npvview.dll
MD5: 6c9b1ab0b9a8fc8256021226dca10727 C:\Program Files\Internet Explorer\plugins\viewctrl.ocx
MD5: 70d6cb6b98e42fcdb16a75ec400286b5 C:\Program Files\Internet Explorer\plugins\viewkv.dll
MD5: b5648f62474b33374a292c1b489453d4 C:\Program Files\Internet Explorer\plugins\viewmgr.dll
MD5: 443f22c32617241fd9730dda47186e67 C:\Program Files\Internet Explorer\plugins\viewpdf.dll
MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Internet Explorer\sqmapi.dll
MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\Internet Explorer\xpshims.dll
MD5: 8e5e5a8cc84da3f683e3bbc045138d52 C:\Program Files\iPod\bin\iPodService.exe
MD5: f3deaa1f2fcf70faf6de3757ca343fa5 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 2658ce01d183bc62e7c46a1c9969632e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: bb35c1500b546b534dea0b758aac2d25 C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
MD5: 1ddb6ca106d92fbb7e2138df1360ec26 C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
MD5: 6c4a3804510ad8e0f0c07b5be3d44ddb C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 6b3fa070d2ea1c617726deda01064b23 C:\Program Files\Microsoft Office\Office\OSA9.EXE
MD5: 4e3216231cba873f1d88cc3a755cc4af C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 700cc8a0ca98e056f7a951d0ab9f856b C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: a25641b6b2ea0c110ffd27b737ea5aca C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 589697cbe6daf871a0d09caefa863208 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ACCTMGR.DLL
MD5: ce2f59aa06e589aaa43581ef5b8c39a0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\APPMGR32.DLL
MD5: decb5263bf00c3986bb32a8828d41584 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asEngine.dll
MD5: fc019481ff2307b15c9782b754ecace9 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\asHelper.dll
MD5: 39bb3b67410f3b838bffb4279e7a493f C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ASOEHOOK.DLL
MD5: 9b45e9a0bc2b6832992b337ff1d6022e C:\Program Files\Norton Internet Security\Engine\18.6.0.29\AVIfc.dll
MD5: c7979d21269949d53c80b0169d601339 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\AVMail.dll
MD5: 59ab5e28f9f6fe0f2e22bf244c93e109 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\avModule.dll
MD5: 388c75e109fe0af001a7182443086266 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\AVPAPP32.dll
MD5: 3fa1c3f245b99cbc8eca335afd768092 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\AVPSVC32.DLL
MD5: 33c3a5cd1d4f95aed46d6c6081edd3f3 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\BHClient.dll
MD5: becae02803277efec3ffb6c31feca370 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\BHSVCPLG.DLL
MD5: 939f327171b94a14d43a54d4bbf2129b C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCEMLPXY.DLL
MD5: ef4e4231057f9887cda435a0697a8334 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCGEVT.DLL
MD5: f9ac3d7e84f7a996e921d9b2da084f7d C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccGLog.dll
MD5: db7951146ca1e218e1d3bcff115848a3 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccIPC.dll
MD5: 2f33af526667313ecc13d85da103cc2e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCJOBMGR.DLL
MD5: 7a03683fdec05543a5cf7aa968129a1f C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccL100U.dll
MD5: 6fee15b53d624e06d86759258e1f6a9c C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSet.dll
MD5: c59f4fc0c28c236bdde2fd35167de054 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CCSUBENG.DLL
MD5: 2ca0b0c4460898ed5371e4988954f466 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccSvc.dll
MD5: e78a365cc3e0fbfc018a33dce01909f8 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccsvchst.exe
MD5: abff5f1e970dbc68e2cae682378dc717 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\ccVrTrst.dll
MD5: d3239392a9b422a01fe9b39f0a962902 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CLTALDIS.DLL
MD5: 1a1a3414769230bcf722d73b4dcc6b8e C:\Program Files\Norton Internet Security\Engine\18.6.0.29\cltElPrv.dll
MD5: 154aff44dba0fb30d89197cd9b9457b9 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\cltLMC.dll
MD5: 8e3f864e86b395726c70b989556f675c C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\CLTLMS.DLL
MD5: dded9d52ac7ba65615150ac620054c06 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coDataPr.dll
MD5: fe223be49dfe3712c6fd706cdf211adc C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coIEPlg.dll
MD5: 6834b5db4d798f4c4168203a24aff14c C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\coParse.dll
MD5: 8bdfbc08afaeb052d4b853f438c72f54 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\COSVCPLG.DLL
MD5: 7677f0e9f72ae980ff9eeed552879157 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coUICtlr.dll
MD5: 545d5c12ab3944e281af294ef7ae8a10 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\coWPPlg.dll
MD5: 972e0f9d74fa23c0f5b0044a77c6c37e C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\DIMASTER.DLL
MD5: 79128ef15a21117f4423230f08b1cb38 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\diStRptr.dll
MD5: 0137c7150f01db5c2c36c3d98841be07 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\DSCli.dll
MD5: 177364f26f682529220af4906131dc2a C:\Program Files\Norton Internet Security\Engine\18.6.0.29\EFACli.dll
MD5: 6ef6592b863bf08cad0b1a37ad9512a0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\FWCORE.DLL
MD5: a72054b59e7c738be986a2d8e7d07af8 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\FWGenPlg.dll
MD5: c6a3ff637f063de81a5e4e43eea78e8f C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\FWSESAL.DLL
MD5: 22641180d30f972cad4697ed889d2829 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\FWSetup.dll
MD5: d9acd6311fafb141fe183460722655fd C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\HNCORE.DLL
MD5: 7b36408c298d39a9fc24e934144519db C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IMCfg.dll
MD5: 21215b293e3af3126d313b2be33723ca C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IPS\IPSBHO.DLL
MD5: b983863e75a932baa3675ed53aafa68b C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\IPSPLUG.DLL
MD5: 291ff480ee525b23575fe9d4ded60fae C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\IRON.DLL
MD5: 9ac9959cf6836f9ea0583b1c0a6481ea C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISDATAPR.DLL
MD5: 199abd6ed8cc94e7818b40da0c8d21de C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISDATASV.DLL
MD5: 24c04a3e47562cea85ada5b9b9ecb997 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\ISERROR.DLL
MD5: 90d78d4463fb46a32385bf10e20c332c C:\Program Files\Norton Internet Security\Engine\18.6.0.29\isPwd.dll
MD5: b5d29a0576fea71e97e70fadd09d894e C:\Program Files\Norton Internet Security\Engine\18.6.0.29\IVPlugin.dll
MD5: 600a1b7746da3da31a9c398c25ca90db C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\NCW.DLL
MD5: 31b3fc9bc457de2cdcaec62c5647a8d7 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\NPCTRAY.DLL
MD5: 166cd77a4694d2dbab54df1a10ac7c8b C:\Program Files\Norton Internet Security\Engine\18.6.0.29\QBackup.dll
MD5: 235e9f3372aa016c3535bb3ed3085037 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\rf.dll
MD5: 70512b221f1a69dd768c8555b0967f70 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SDKCMN.DLL
MD5: aed67d84645583a1e081569a594e4e65 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SNDSVC.DLL
MD5: 39d6403adf3e02248c42f8ab6d940af5 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\srtsp32.dll
MD5: 58e4954bf382e2cf03b9a2aea2df0914 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\SYMHTML.DLL
MD5: 765c1fb6ebc3dfb8a89bf8dc52d24b38 C:\Program Files\Norton Internet Security\Engine\18.6.0.29\SymNeti.dll
MD5: bb32dd5b02603c8bccc212ca14fa0ba0 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\SYMRDRSV.DLL
MD5: 02888207d556f30a66c56d7adcb510ee C:\Program Files\Norton Internet Security\Engine\18.6.0.29\SymRedir.dll
MD5: d01d6de1b4341f844d066acb361951b4 C:\PROGRAM FILES\NORTON INTERNET SECURITY\ENGINE\18.6.0.29\UIALERT.DLL
MD5: 446d7ca8329464d6d537bad27af60fac C:\Program Files\Norton Internet Security\MUI\18.6.0.29\09\01\cltRes.loc
MD5: cc788d2be318b5327d2f1ff081d4383c C:\Program Files\Norton Utilities 14\LicHelper.dll
MD5: 7096fe53696e46ada7b9b776439879b1 C:\Program Files\Norton Utilities 14\nu.exe
MD5: dcd45a7caec6acda138e4a10c0890bfb C:\Program Files\Norton Utilities 14\PCTSecUtility.dll
MD5: 661f429f83feaf63417cc41df5600b0b C:\Program Files\Norton Utilities 14\PMSystem.dll
MD5: e0b3c97fbdae99f1c041f0095bfbc584 C:\Program Files\Norton Utilities 14\RMEngine.dll
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: 7601379efc24f3403ee1a5345c565808 C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
MD5: 3d78a6ab586e338364dbab5be2c513f2 C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
MD5: 5f4f8afbe057fb280cb0c7057ea4dc0d C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
MD5: be19cc37fe99e1fc39fa131c0ff35803 C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
MD5: f6489cd364ff6a196aac5db632b6ba72 C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
MD5: 6063af09130f51414701dfb1d46c10a6 C:\Program Files\Skype\Toolbars\Shared\SPhoneParser.dll
MD5: 5f974fde801c73952770736becde11e7 C:\Program Files\Viewpoint\Common\ViewpointService.exe
MD5: b49a14eb7fdd597dc4cf8160ba4be245 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: 67b2e7b6ae3b400d832f0456068ea83d C:\Program Files\WinZip\WZQKPICK.EXE
MD5: 1b42060512fe8fd1aee78d3739f344f8 C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\PACSPT~1.EXE
MD5: 1a61d8c5c34b2169103eabca65b4653e C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: bd1e2bb8c96105353078ad23ff5489d0 C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll
MD5: 937fbd23997a91af923d5e89286126bd C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll
MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MD5: 9631b15db7c43c267636ff43c3075e07 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MD5: 81e1ecd18108ffb859e6427797f316fd C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 0c06a80dffa51e0eb9c5ce3df703bc46 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 12500e86fafeb5cb22c0aba370cfffbd C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll
MD5: 8e9c0fff78c698400f37339c6619730c C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: a71a91c57d2832c5d6d3f1917830bee8 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: 26d2b399e87f2df5dbce2dac24d94cff C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll
MD5: 7cd584bc590a50ada3040cda004ddbe3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: ce652d887de875b24be66901c8c05f62 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: c0770e006d0556d359f586ed86ead004 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll
MD5: 7edf1a41e9c31dce28bd71d6142534cc C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: 68a84e7d86995088127f30e5d118c4e2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: fe88e72f1b01ef8334e47ec44117559f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll
MD5: 5e8c6dca55b0c0b7cc782f16953de7dd C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: e43c3d10e560dbeacfbc12bf888703a7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: f71a731e236fb55e3585dc5391d286d3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll
MD5: 54b21273aaf8a0ba1c06494ffb21bb29 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll
MD5: 515d0e89532fa76488be97427de4207f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll
MD5: 01c916e1044ec652109182577f1091c6 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: d6f5d2245d53b5f5d3939137a7ec97ec C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: e5210eb71e2017951050550067c30093 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll
MD5: 7c651c9d4d822446674fe9607642108b C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.12__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: 712fa98f6794152b349fd74a702f40f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: b37a7c2b855fa1523a6840246c250fb2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll
MD5: 34dcf0e4754f8fa599e33aa444742481 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll
MD5: 58ed45bfb06ec7c6b7d151b77247e4b3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll
MD5: 8da93d9a662e4ba18802bc6c2ccacd66 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll
MD5: 5ac46a3a31bc58e512c4cafd87327922 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll
MD5: 04de2774c2a6602da45e9e76d46bc071 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: 333244713f41c02de8502061c0a11622 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: 1d114e646e5cc8b6d18238eba210f9ae C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll
MD5: 7e1174e9a3d17855680e144aa5d130a1 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: b334fca2f0878c2af77826211dbe55bb C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: bc204ce4cd9d08d6b178dfc77095b850 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll
MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll
MD5: c1c4025b5f5311ac8bcc318b0c244d58 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MD5: 179cc375c81b39902825abfe3a7cd49d C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MD5: 50d2943d426ba91771ad87fdec802ac3 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
MD5: 2045a75f511fb99f5b3369e49e0837a2 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MD5: eb97291e3c9e0035b47b45dbb1af710d C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MD5: 17b9d4728cfcee1650f900e8edbd6686 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll
MD5: 43fbf126d8efe9cb2bca5fb1e365d832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll
MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 860fad57b4668a9f5f350a9d5444ae89 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 429e3efafcae6c89a57cd5d8e3442cae C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\System32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: bc87db4759083525f96a159861670c5e C:\WINDOWS\system32\DINPUT.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 914a9709fc3bf419ad2f85547f2a4832 C:\WINDOWS\System32\DRIVERS\61883.sys
MD5: 0f2d66d5f08ebe2f77bb904288dcf6f0 C:\WINDOWS\system32\drivers\ac97intc.sys
MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys
MD5: da0f7ce7fa90283bc218703b9d315fc5 C:\WINDOWS\system32\drivers\ALCXWDM.SYS
MD5: 8fce268cdbdd83b23419d1f35f42c7b1 C:\WINDOWS\System32\DRIVERS\amdk7.sys
MD5: f8e6956a614f15a0860474c5e2a7de6b C:\WINDOWS\System32\DRIVERS\avc.sys
MD5: 248dfa5762dde38dfddbbd44149e9d7a C:\WINDOWS\system32\drivers\BVRPMPR5.SYS
MD5: b4cba593c540ff2a1ab7c0761c9ede16 C:\WINDOWS\System32\DRIVERS\drvmcdb.sys
MD5: d3eaa6f63fff759d36f8b7adc0b52b7d C:\WINDOWS\System32\DRIVERS\HPZid412.sys
MD5: 8b34661cd899e9274395d5f9ceef725e C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
MD5: 8c5b5566bbc78d6aedad44e92dbd878e C:\WINDOWS\System32\DRIVERS\HPZius12.sys
MD5: 8854f5453cce4c5831538e935f92f73b C:\WINDOWS\system32\drivers\ialmkchw.sys
MD5: 3046f83c8a6acebb9eaa834c2cd7105c C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
MD5: f0890825e7a9f4a808190a781c480568 C:\WINDOWS\system32\drivers\ialmsbw.sys
MD5: fa2ed4a054360f3f873c15420f1f19cc C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys
MD5: e1158b0cb852db0573922c92e6e564de C:\WINDOWS\system32\DRIVERS\lvpopflt.sys
MD5: a6919138f29ae45e90e99fa94737e04c C:\WINDOWS\system32\DRIVERS\LVPr2Mon.sys
MD5: b895839b8743e400d7c7dae156f74e7e C:\WINDOWS\system32\DRIVERS\lvrs.sys
MD5: 23f8ef78bb9553e465a476f3cee5ca18 C:\WINDOWS\system32\drivers\LVUSBSta.sys
MD5: 8bc0d5f6e3898f465a94c6d03afb5a20 C:\WINDOWS\system32\DRIVERS\lvuvc.sys
MD5: 50104c5f1ee1e295781caf9521ca2e56 C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys
MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\System32\DRIVERS\mrxsmb.sys
MD5: 1477849772712bac69c144dcf2c9ce81 C:\WINDOWS\System32\DRIVERS\msdv.sys
MD5: ca3e22598f411199adc2dfee76cd0ae0 C:\WINDOWS\system32\drivers\msmpu401.sys
MD5: a29434a433e11c459d44f6f48a55c671 C:\WINDOWS\System32\DRIVERS\Net62151.sys
MD5: a73399804d5d4a8b20ba60fcf70c9f1f C:\WINDOWS\system32\drivers\NIS\1206000.01D\Ironx86.SYS
MD5: 83726cf02eced69138948083e06b6eac C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SRTSP.SYS
MD5: 4e7eab2e5615d39cf1f1df9c71e5e225 C:\WINDOWS\system32\drivers\NIS\1206000.01D\SRTSPX.SYS
MD5: 9bbeb8c6258e72d62e7560e6667aad39 C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMDS.SYS
MD5: d5c02629c02a820a7e71bca3d44294a3 C:\WINDOWS\system32\drivers\NIS\1206000.01D\SYMEFA.SYS
MD5: dec35ccaf7a222df918306cd2fdfbd39 C:\WINDOWS\System32\Drivers\NIS\1206000.01D\SYMTDI.SYS
MD5: f7ee020dc255b40a83899c53d4147746 C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: 231f133b4a5a04307abd95cac80fd063 C:\WINDOWS\System32\drivers\PcdrNt.sys
MD5: 444f122e68db44c0589227781f3c8b3f C:\WINDOWS\system32\drivers\pfc.sys
MD5: bffdb363485501a38f0bca83aec810db C:\WINDOWS\System32\DRIVERS\PS2.sys
MD5: 951d4769ba5b8a3c58404b5cef4a65ca C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
MD5: 0dbcc071a268e0340a2ba6bdd98bace4 C:\WINDOWS\System32\DRIVERS\s3gnbm.sys
MD5: b244960e5a1db8e9d5d17086de37c1e4 C:\WINDOWS\System32\DRIVERS\sbp2port.sys
MD5: 0505da5d357f18a5d42fc5dede6bc9a0 C:\WINDOWS\system32\drivers\SBREdrv.sys
MD5: 99d5140d748ba27576a4c883e536e6d6 C:\WINDOWS\System32\DRIVERS\SISAGP.sys
MD5: 100ff3d9e16afb3163bd6f9aaaab7c55 C:\WINDOWS\System32\Drivers\SQcaptur.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys
MD5: ab33c3b196197ca467cbdda717860dba C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
MD5: b226f8a4d780acdf76145b58bb791d5b C:\WINDOWS\system32\drivers\symlcbrd.sys
MD5: 5c2bdc152bbab34f36473deaf7713f22 C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: 099f10c7b9d4c7a2bf48d4c6eca1e7f1 C:\WINDOWS\System32\DRIVERS\viaagp1.sys
MD5: 6cb18d5c6f952ffefca4c3d904956fe1 C:\WINDOWS\system32\drivers\windrvr6.sys
MD5: 798f8a11df4724de94a59e15c7705697 C:\WINDOWS\system32\EBPMON24.DLL
MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll
MD5: 2849ed071a0d83406bda342aa767f24e C:\WINDOWS\system32\ezSP_Px.exe
MD5: 64ae8c82239bef92d18a5dbd4eeda8f8 C:\WINDOWS\System32\hkcmd.exe
MD5: 6586674f9e94d05e29d07e78c47df6bb C:\WINDOWS\system32\hpgwiamd.dll
MD5: d5eaba24031f60f3afdedce7515b1fb3 C:\WINDOWS\system32\hpotscl.dll
MD5: df50713655616e0b346a44d328e7438d C:\WINDOWS\System32\HPZidr12.dll
MD5: 67c4b32a2d107862df0e3346aadda86e C:\WINDOWS\system32\HPZipm12.exe
MD5: 48e0490e25d8040d3ddc63d789bc15af C:\WINDOWS\system32\hpzipr12.dll
MD5: aecb5d0b905261df441dd9a7acc13c39 C:\WINDOWS\system32\hpzlnt05.dll
MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\ieframe.dll
MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll
MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll
MD5: 1c9da804c601d6c1270bf9658fdc4a86 C:\WINDOWS\system32\igfxsrvc.dll
MD5: 8bd986df8b136511238cf3d7a2410100 C:\WINDOWS\System32\igfxtray.exe
MD5: 63e8d944afbeebb243f25c4ed07e74c5 C:\WINDOWS\system32\inetmib1.dll
MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: ecc7d7f0d3446de36045d1d9e964fafe C:\WINDOWS\System32\MSCOMCTL.OCX
MD5: 14da23d2b9310c694aba9dcae14dc059 C:\WINDOWS\system32\msfeeds.dll
MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\MSHTML.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll
MD5: 64b33cc5bf131def2721394cf9b3f8ed C:\WINDOWS\system32\MSVBVM60.DLL
MD5: 585992d78b671aaa075c02241309795d C:\WINDOWS\system32\MSVCIRT.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 86e8b780980eebd164b6683d4198652f C:\WINDOWS\system32\NvCpl.dll
MD5: f5ca5a3e07fe3fefa48b620a25be5863 C:\WINDOWS\system32\nvsvc32.exe
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: b413db7b177b6e87c191b052d43eb706 C:\WINDOWS\system32\ps2.exe
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: f0a0ebf086597e645bc14b0d98f8ba58 C:\WINDOWS\system32\scrrun.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\System32\sti.dll
MD5: ecc0b4dc8d1b15da901eba5f09ca5037 C:\WINDOWS\system32\UniBox10.ocx
MD5: ad0eac85abc25b2e3c81c3ad41c10c42 C:\WINDOWS\system32\UniBox210.ocx
MD5: 5c4adb808b54126c1ed2fba0eae06c63 C:\WINDOWS\system32\upnpui.dll
MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll
MD5: aa4b17264b3692f9ed7b98140ab5e7d5 C:\WINDOWS\system32\usb.exe
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\System32\USP10.dll
MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL
MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\System32\wbem\wmiprov.dll
MD5: d7dcfb4d0c58ffb569de93e1681fd37a C:\WINDOWS\system32\WgaLogon.dll
MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\System32\xpsp2res.dll
MD5: 06a1ecb63df139ec639e084d4ab3c9d7 C:\WINDOWS\system\hpsysdrv.exe
MD5: b894bef436cd7b7cf89bc0a53d4ae624 C:\WINDOWS\TEMP\logishrd\LVPrcInj01.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.02 MB sent, 1.28 KB recvd
Scanned 794 files and modules - 43 seconds

==============================================================================

C




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users