Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help, possible infection again.


  • Please log in to reply
7 replies to this topic

#1 elvis7

elvis7

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 12 November 2011 - 01:18 PM

my yahoo account sent me a spam email... i havnt used it since 2005, and last logged into it to remove my personal info about 2 weeks ago.. my password is a simple 5 word one. and i only have 4 contacts so no big deal.. but the thing is.. ive ran mbam and security essentials and eset online scanner but nothing is found.. i need to know if my pc is compromised or just my email adress and how do i find out if any of my other accounts have been compromised or even how they got my yahooo password if my pc is not compromised... the login activity for the yahoo account is from around the world...(il, us...malaysia...us...poland..china.. all in about a weeks time :S

ok so norton did not find anything,
nor essentials,
nor mbam,

eset found something but its just a keygen.
C:\Users\Elvis7\Documents\software\stardock\keygen.rar a variant of Win32/HackTool.Patcher.J application
C:\Users\Elvis7\Downloads\Stardock ObjectDock Plus v2.0.50727 By Adrian Dennis.rar a variant of Win32/HackTool.Patcher.J application


any ideas on how this keeps happening? also, on both occasions (gmail,yahoo)my password was the same and a simple 5 word one, could they have just attacked the server somehow to get it or could it be my pc?

windows 7 64 bit
mbam.
essentials.

Edited by elvis7, 12 November 2011 - 01:19 PM.


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 AM

Posted 18 November 2011 - 06:37 PM

Hi elvis7,

Please run Superantispyware

Download Superantispyware
  • Load Superantispyware and click the check for updates button.
  • Once the update is finished click the scan your computer button.
  • Check Perform Complete Scan and then next.
  • Superantispyware will now scan your computer and when its finished it will list all the infections it has found.
  • Make sure that they all have a check next to them and press next.
  • Click finish and you will be taken back to the main interface.
  • Click Preferences and then click the statistics/logs tab. Click the dated log and press view log and a text file will appear.
  • Copy and paste the log onto the forum.

Posted Image
m0le is a proud member of UNITE

#3 elvis7

elvis7
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 November 2011 - 07:49 PM

Memory items scanned : 907
Memory threats detected : 0
Registry items scanned : 73519
Registry threats detected : 0
File items scanned : 71186
File threats detected : 255

the 255 files are "tracking cookies"


SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 11/23/2011 at 05:47 PM

Application Version : 5.0.1136

Core Rules Database Version : 7983
Trace Rules Database Version: 5795

Scan type : Complete Scan
Total Scan Time : 01:13:12

Operating System Information
Windows 7 Ultimate 64-bit, Service Pack 1 (Build 6.01.7601)
UAC Off - Administrator

Memory items scanned : 907
Memory threats detected : 0
Registry items scanned : 73519
Registry threats detected : 0
File items scanned : 71186
File threats detected : 255

Adware.Tracking Cookie
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@bizrate[1].txt [ /bizrate ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@e-2dj6wcliwhdpobo.stats.esomniture[2].txt [ /e-2dj6wcliwhdpobo.stats.esomniture ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@e-2dj6wjloeidjwao.stats.esomniture[2].txt [ /e-2dj6wjloeidjwao.stats.esomniture ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@elite.callofduty[1].txt [ /elite.callofduty ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@imrworldwide[2].txt [ /imrworldwide ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\elvis7@indoormedia.co[1].txt [ /indoormedia.co ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\XLZH956I.txt [ /bellcan.adbureau.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\JG1YZKIF.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\7JNT5JIJ.txt [ /lucidmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\PHP6QFSN.txt [ /intermundomedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\P5FU38B7.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\38M5RSM0.txt [ /adserver.valwa.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\09V90ISL.txt [ /fastclick.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\ETSMHBW3.txt [ /ads.pubmatic.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\0FA7MNS3.txt [ /specificclick.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\P40VYNKU.txt [ /pointroll.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\15HF04HY.txt [ /adultswim.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\PSP04D39.txt [ /ads.appprizes.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\LS1I9800.txt [ /clickaider.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\V23GZ2OL.txt [ /interclick.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9NZGTQ5Q.txt [ /bricormedia.go2jump.org ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\LO5BIPVY.txt [ /ads.bleepingcomputer.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\LCR8BW6O.txt [ /vitamine.networldmedia.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\CEXCJP3Y.txt [ /atdmt.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HTLLAN7J.txt [ /mm.chitika.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\0KJ6528G.txt [ /ads.ookla.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HHCPNAO6.txt [ /e-2dj6wgkiqjdjskp.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HWH287DH.txt [ /e-2dj6wnlywnczkcp.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\3IEYR50I.txt [ /adcentriconline.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\Z147730P.txt [ /collective-media.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\59JEDU03.txt [ /microsoftxbox.112.2o7.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\0SLFU0YO.txt [ /mediabrandsww.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\8Y57O0NY.txt [ /legolas-media.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\Y795B4YE.txt [ /media6degrees.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\S0JLDH7T.txt [ /e-2dj6wjmiepcpglo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\ZEW5L7Q4.txt [ /msnportal.112.2o7.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\57LVQOF3.txt [ /doubleclick.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\MNU6DLMX.txt [ /invitemedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\2NSOY1T0.txt [ /themis-media.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\VPDX40T9.txt [ /adinterax.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\F1HRZIB1.txt [ /ads.ad4game.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\JEN7TOQE.txt [ /mds.profcitymedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\NYA1W9OG.txt [ /ad.yieldmanager.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9E0GZWI7.txt [ /ad.adperium.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\ANGBTI5X.txt [ /ads.undertone.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\19TQ9MYR.txt [ /adserver.adtechus.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\QZRMDD12.txt [ /ads.pof.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\WLM1C56R.txt [ /networldmedia.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\B9KUSG7Q.txt [ /tribalfusion.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\32IFQ2WI.txt [ /network.realmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\1SAZT22A.txt [ /apmebf.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\YGOQZF10.txt [ /in.getclicky.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\H1TQKDZQ.txt [ /us.sitestat.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\M1WX6RQT.txt [ /ads.intergi.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\CD9E5YY3.txt [ /stats3.forces.gc.ca ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\V1D1UHGK.txt [ /ads.eqads.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9EA2V0DU.txt [ /horyzon-media.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\AJQU4NID.txt [ /e-2dj6wjlygmdjgep.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HWQTUJU1.txt [ /uk.sitestat.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\DK1ENCCC.txt [ /mswmw7mobilemainprod.122.2o7.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9CT0FLN6.txt [ /h.atdmt.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\OW2H92DB.txt [ /e-2dj6wjlicpczafo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\948Z0TUJ.txt [ /track.effiliation.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\94UW59WW.txt [ /www.googleadservices.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\B19UJBGR.txt [ /ad.360yield.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\WVFJS17F.txt [ /shared.rogersmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\TGHYHKIR.txt [ /ads.saveland.ca ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\8UZRVI6A.txt [ /accounts.google.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\24FI37PW.txt [ /server.cpmstar.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\ZNTQB75F.txt [ /banners.sexfinder.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\55CEKAN3.txt [ /ad.amateurmatch.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\OWU509NN.txt [ /chimeraadvertising.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\DX0MKDGL.txt [ /lfstmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HGF8PVXJ.txt [ /ads.appprizes.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\SIJSVLFZ.txt [ /ads.networldmedia.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\6OD0TWYA.txt [ /kantarmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\5LGNEGGR.txt [ /optimize.indieclick.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\PZ0LFTLU.txt [ /tracking.publicidees.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\GH2YFJQC.txt [ /ads.tdcanadatrust.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9A5DTIS2.txt [ /e-2dj6wjmykiczscq.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\UD7Z4UP3.txt [ /e-2dj6wjkyulajibo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\AOHVVMRR.txt [ /adxpose.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\X900NECM.txt [ /accounts.youtube.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\T3T9XP5C.txt [ /c.atdmt.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\BSZRBJDH.txt [ /ads.cnn.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\95WZQS4S.txt [ /dc.tremormedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\W359RX1F.txt [ /uk.sitestat.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\82NYFZOG.txt [ /eyewonder.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\TD1F2JTI.txt [ /ads.adk2.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\6FVGXN6X.txt [ /ads2.phonearena.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\53ZV6XRP.txt [ /ads.networldmedia.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\9XRJ99R0.txt [ /realmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\ZQZP3R41.txt [ /www.inteletrack.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\MIQTFOHF.txt [ /e-2dj6aelognajsep.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\YQEB22VZ.txt [ /caloriecount.about.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\HI20ELRY.txt [ /static.freewebs.getclicky.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\S0POE4LV.txt [ /e-2dj6wglicodzkap.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\WDDQDWKP.txt [ /e-2dj6wmkoshczogo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\C5621GLW.txt [ /ads.skooiz.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\4NT7S836.txt [ /e-2dj6aelognd5ido.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\8BC9XZYC.txt [ /e-2dj6wmlyujajwcq.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\E2QFXM3C.txt [ /solvemedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\BN0TWC6G.txt [ /analytics.rogersmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\42JKDID3.txt [ /clickintext.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\P1PB5K2Z.txt [ /lafindestempsetlemahdi.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\M78QJ2QP.txt [ /supremeadserver.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\Q7ZL78OS.txt [ /www.googleadservices.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\RQU137QH.txt [ /wmedia.rotator.hadj7.adjuggler.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\7PZ06QCA.txt [ /rts.pgmediaserve.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\W8W03GSL.txt [ /account.live.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\MJB6DWV4.txt [ /e-2dj6wmkykgcjkdo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\Q4UJH5JJ.txt [ /e-2dj6wflygid5ehp.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\AS5M9RZ4.txt [ /e-2dj6wnlykpdzgfq.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\G629Q9SP.txt [ /e-2dj6wnmywnazwbo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\SGJPSEUU.txt [ /dealtime.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\PTFWM0CC.txt [ /e-2dj6aekoejajeeq.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\2P18H3IJ.txt [ /rmtracking.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\0JZSGW17.txt [ /zanox.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\5O400YZS.txt [ /www.googleadservices.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\4AI9QG8I.txt [ /ads1.empiretheatres.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\XQVK3MYT.txt [ /ads.us.e-planning.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\MVI8ICAT.txt [ /c1.atdmt.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\YADCC1KC.txt [ /ads.footar.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\94ELXOSO.txt [ /e-2dj6wjnyujajgfo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\E7Q7MU2S.txt [ /track.effiliation.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\7FQPVWN4.txt [ /ads.adultswim.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\OT6EPQM8.txt [ /rogersmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\J39WWW9F.txt [ /indieclick.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\CRFT21Q7.txt [ /us.sitestat.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\8O6ETNOK.txt [ /e-2dj6wmkiakazwaq.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\17YH96G6.txt [ /uk.sitestat.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\2JNHWIF4.txt [ /e-2dj6wjkyomdjogo.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\IG2CM992.txt [ /stats.paypal.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\3E27A2QQ.txt [ /ad.jmg.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\U6RSUE03.txt [ /amazon-adsystem.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\UVFIHFMV.txt [ /stats3.forces.gc.ca ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\QGUKBGQH.txt [ /gpstrackingsystems.biz ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\1XM2HK59.txt [ /e-2dj6wjkyehdzoap.stats.esomniture.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\S9OUZUL5.txt [ /xm.xtendmedia.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\JOV8GCRA.txt [ /atdmt.combing.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\OMO22L6H.txt [ /rotator.hadj7.adjuggler.net ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\Z3SLMOF7.txt [ /adv.ertisement.com ]
C:\Users\Elvis7\AppData\Roaming\Microsoft\Windows\Cookies\EE460E6V.txt [ /counters.gigya.com ]
C:\USERS\ELVIS7\AppData\Roaming\Microsoft\Windows\Cookies\758T1NHK.txt [ Cookie:elvis7@www.google.com/accounts ]
C:\USERS\ELVIS7\AppData\Roaming\Microsoft\Windows\Cookies\Q2QNEJUV.txt [ Cookie:elvis7@google.com/accounts/recovery/ ]
C:\USERS\ELVIS7\AppData\Roaming\Microsoft\Windows\Cookies\HRW1FYIQ.txt [ Cookie:elvis7@lightyears.blogs.cnn.com/2011/09/08/ancient-fossils-question-human-family-tree/ ]
C:\USERS\ELVIS7\AppData\Roaming\Microsoft\Windows\Cookies\ECQS3WAO.txt [ Cookie:elvis7@thechart.blogs.cnn.com/2011/10/12/how-american-teens-view-sex/ ]
C:\USERS\ELVIS7\Cookies\XLZH956I.txt [ Cookie:elvis7@bellcan.adbureau.net/ ]
C:\USERS\ELVIS7\Cookies\JG1YZKIF.txt [ Cookie:elvis7@wmedia.rotator.hadj7.adjuggler.net/servlet/ajrotator/130460/ ]
C:\USERS\ELVIS7\Cookies\7JNT5JIJ.txt [ Cookie:elvis7@lucidmedia.com/ ]
C:\USERS\ELVIS7\Cookies\PHP6QFSN.txt [ Cookie:elvis7@intermundomedia.com/ ]
C:\USERS\ELVIS7\Cookies\38M5RSM0.txt [ Cookie:elvis7@adserver.valwa.com/ ]
C:\USERS\ELVIS7\Cookies\elvis7@e-2dj6wjloeidjwao.stats.esomniture[2].txt [ Cookie:elvis7@e-2dj6wjloeidjwao.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\09V90ISL.txt [ Cookie:elvis7@fastclick.net/ ]
C:\USERS\ELVIS7\Cookies\0FA7MNS3.txt [ Cookie:elvis7@specificclick.net/ ]
C:\USERS\ELVIS7\Cookies\P40VYNKU.txt [ Cookie:elvis7@pointroll.com/ ]
C:\USERS\ELVIS7\Cookies\elvis7@e-2dj6wcliwhdpobo.stats.esomniture[2].txt [ Cookie:elvis7@e-2dj6wcliwhdpobo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\V23GZ2OL.txt [ Cookie:elvis7@interclick.com/ ]
C:\USERS\ELVIS7\Cookies\9NZGTQ5Q.txt [ Cookie:elvis7@bricormedia.go2jump.org/ ]
C:\USERS\ELVIS7\Cookies\CEXCJP3Y.txt [ Cookie:elvis7@atdmt.com/ ]
C:\USERS\ELVIS7\Cookies\HTLLAN7J.txt [ Cookie:elvis7@mm.chitika.net/ ]
C:\USERS\ELVIS7\Cookies\HWH287DH.txt [ Cookie:elvis7@e-2dj6wnlywnczkcp.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\3IEYR50I.txt [ Cookie:elvis7@adcentriconline.com/ ]
C:\USERS\ELVIS7\Cookies\Z147730P.txt [ Cookie:elvis7@collective-media.net/ ]
C:\USERS\ELVIS7\Cookies\59JEDU03.txt [ Cookie:elvis7@microsoftxbox.112.2o7.net/ ]
C:\USERS\ELVIS7\Cookies\0SLFU0YO.txt [ Cookie:elvis7@mediabrandsww.com/ ]
C:\USERS\ELVIS7\Cookies\Y795B4YE.txt [ Cookie:elvis7@media6degrees.com/ ]
C:\USERS\ELVIS7\Cookies\S0JLDH7T.txt [ Cookie:elvis7@e-2dj6wjmiepcpglo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\ZEW5L7Q4.txt [ Cookie:elvis7@msnportal.112.2o7.net/ ]
C:\USERS\ELVIS7\Cookies\57LVQOF3.txt [ Cookie:elvis7@doubleclick.net/ ]
C:\USERS\ELVIS7\Cookies\elvis7@bizrate[1].txt [ Cookie:elvis7@bizrate.com/ ]
C:\USERS\ELVIS7\Cookies\MNU6DLMX.txt [ Cookie:elvis7@invitemedia.com/ ]
C:\USERS\ELVIS7\Cookies\2NSOY1T0.txt [ Cookie:elvis7@themis-media.com/ ]
C:\USERS\ELVIS7\Cookies\elvis7@indoormedia.co[1].txt [ Cookie:elvis7@indoormedia.co.uk/ ]
C:\USERS\ELVIS7\Cookies\758T1NHK.txt [ Cookie:elvis7@www.google.com/accounts ]
C:\USERS\ELVIS7\Cookies\JEN7TOQE.txt [ Cookie:elvis7@mds.profcitymedia.com/ ]
C:\USERS\ELVIS7\Cookies\elvis7@imrworldwide[2].txt [ Cookie:elvis7@imrworldwide.com/cgi-bin ]
C:\USERS\ELVIS7\Cookies\19TQ9MYR.txt [ Cookie:elvis7@adserver.adtechus.com/ ]
C:\USERS\ELVIS7\Cookies\B9KUSG7Q.txt [ Cookie:elvis7@tribalfusion.com/ ]
C:\USERS\ELVIS7\Cookies\elvis7@elite.callofduty[1].txt [ Cookie:elvis7@elite.callofduty.com/ ]
C:\USERS\ELVIS7\Cookies\32IFQ2WI.txt [ Cookie:elvis7@network.realmedia.com/ ]
C:\USERS\ELVIS7\Cookies\1SAZT22A.txt [ Cookie:elvis7@apmebf.com/ ]
C:\USERS\ELVIS7\Cookies\H1TQKDZQ.txt [ Cookie:elvis7@us.sitestat.com/future/gamesradar/ ]
C:\USERS\ELVIS7\Cookies\CD9E5YY3.txt [ Cookie:elvis7@stats3.forces.gc.ca/dcs58uo6vpkjj7tc3zyxos4l2_5o2b ]
C:\USERS\ELVIS7\Cookies\9EA2V0DU.txt [ Cookie:elvis7@horyzon-media.com/ ]
C:\USERS\ELVIS7\Cookies\AJQU4NID.txt [ Cookie:elvis7@e-2dj6wjlygmdjgep.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\HWQTUJU1.txt [ Cookie:elvis7@uk.sitestat.com/future/ ]
C:\USERS\ELVIS7\Cookies\Q2QNEJUV.txt [ Cookie:elvis7@google.com/accounts/recovery/ ]
C:\USERS\ELVIS7\Cookies\9CT0FLN6.txt [ Cookie:elvis7@h.atdmt.com/ ]
C:\USERS\ELVIS7\Cookies\OW2H92DB.txt [ Cookie:elvis7@e-2dj6wjlicpczafo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\948Z0TUJ.txt [ Cookie:elvis7@track.effiliation.com/ ]
C:\USERS\ELVIS7\Cookies\94UW59WW.txt [ Cookie:elvis7@www.googleadservices.com/pagead/conversion/1034269673/ ]
C:\USERS\ELVIS7\Cookies\WVFJS17F.txt [ Cookie:elvis7@shared.rogersmedia.com/ ]
C:\USERS\ELVIS7\Cookies\8UZRVI6A.txt [ Cookie:elvis7@accounts.google.com/ ]
C:\USERS\ELVIS7\Cookies\24FI37PW.txt [ Cookie:elvis7@server.cpmstar.com/ ]
C:\USERS\ELVIS7\Cookies\ZNTQB75F.txt [ Cookie:elvis7@banners.sexfinder.com/ ]
C:\USERS\ELVIS7\Cookies\OWU509NN.txt [ Cookie:elvis7@chimeraadvertising.com/ ]
C:\USERS\ELVIS7\Cookies\6OD0TWYA.txt [ Cookie:elvis7@kantarmedia.com/ ]
C:\USERS\ELVIS7\Cookies\5LGNEGGR.txt [ Cookie:elvis7@optimize.indieclick.com/ ]
C:\USERS\ELVIS7\Cookies\PZ0LFTLU.txt [ Cookie:elvis7@tracking.publicidees.com/ ]
C:\USERS\ELVIS7\Cookies\9A5DTIS2.txt [ Cookie:elvis7@e-2dj6wjmykiczscq.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\UD7Z4UP3.txt [ Cookie:elvis7@e-2dj6wjkyulajibo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\AOHVVMRR.txt [ Cookie:elvis7@adxpose.com/ ]
C:\USERS\ELVIS7\Cookies\X900NECM.txt [ Cookie:elvis7@accounts.youtube.com/accounts ]
C:\USERS\ELVIS7\Cookies\T3T9XP5C.txt [ Cookie:elvis7@c.atdmt.com/ ]
C:\USERS\ELVIS7\Cookies\95WZQS4S.txt [ Cookie:elvis7@dc.tremormedia.com/ ]
C:\USERS\ELVIS7\Cookies\W359RX1F.txt [ Cookie:elvis7@uk.sitestat.com/future/pcgamer/ ]
C:\USERS\ELVIS7\Cookies\82NYFZOG.txt [ Cookie:elvis7@eyewonder.com/ ]
C:\USERS\ELVIS7\Cookies\6FVGXN6X.txt [ Cookie:elvis7@ads2.phonearena.com/ ]
C:\USERS\ELVIS7\Cookies\9XRJ99R0.txt [ Cookie:elvis7@realmedia.com/ ]
C:\USERS\ELVIS7\Cookies\ZQZP3R41.txt [ Cookie:elvis7@www.inteletrack.com/ ]
C:\USERS\ELVIS7\Cookies\MIQTFOHF.txt [ Cookie:elvis7@e-2dj6aelognajsep.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\YQEB22VZ.txt [ Cookie:elvis7@caloriecount.about.com/ ]
C:\USERS\ELVIS7\Cookies\S0POE4LV.txt [ Cookie:elvis7@e-2dj6wglicodzkap.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\WDDQDWKP.txt [ Cookie:elvis7@e-2dj6wmkoshczogo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\4NT7S836.txt [ Cookie:elvis7@e-2dj6aelognd5ido.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\HRW1FYIQ.txt [ Cookie:elvis7@lightyears.blogs.cnn.com/2011/09/08/ancient-fossils-question-human-family-tree/ ]
C:\USERS\ELVIS7\Cookies\8BC9XZYC.txt [ Cookie:elvis7@e-2dj6wmlyujajwcq.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\E2QFXM3C.txt [ Cookie:elvis7@solvemedia.com/ ]
C:\USERS\ELVIS7\Cookies\ECQS3WAO.txt [ Cookie:elvis7@thechart.blogs.cnn.com/2011/10/12/how-american-teens-view-sex/ ]
C:\USERS\ELVIS7\Cookies\BN0TWC6G.txt [ Cookie:elvis7@analytics.rogersmedia.com/ ]
C:\USERS\ELVIS7\Cookies\42JKDID3.txt [ Cookie:elvis7@clickintext.net/ ]
C:\USERS\ELVIS7\Cookies\P1PB5K2Z.txt [ Cookie:elvis7@lafindestempsetlemahdi.com/ ]
C:\USERS\ELVIS7\Cookies\M78QJ2QP.txt [ Cookie:elvis7@supremeadserver.com/ ]
C:\USERS\ELVIS7\Cookies\RQU137QH.txt [ Cookie:elvis7@wmedia.rotator.hadj7.adjuggler.net/servlet/ajrotator/136108/ ]
C:\USERS\ELVIS7\Cookies\W8W03GSL.txt [ Cookie:elvis7@account.live.com/ ]
C:\USERS\ELVIS7\Cookies\MJB6DWV4.txt [ Cookie:elvis7@e-2dj6wmkykgcjkdo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\Q4UJH5JJ.txt [ Cookie:elvis7@e-2dj6wflygid5ehp.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\AS5M9RZ4.txt [ Cookie:elvis7@e-2dj6wnlykpdzgfq.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\G629Q9SP.txt [ Cookie:elvis7@e-2dj6wnmywnazwbo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\PTFWM0CC.txt [ Cookie:elvis7@e-2dj6aekoejajeeq.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\2P18H3IJ.txt [ Cookie:elvis7@rmtracking.com/ ]
C:\USERS\ELVIS7\Cookies\0JZSGW17.txt [ Cookie:elvis7@zanox.com/ ]
C:\USERS\ELVIS7\Cookies\5O400YZS.txt [ Cookie:elvis7@www.googleadservices.com/pagead/conversion/1021947097/ ]
C:\USERS\ELVIS7\Cookies\4AI9QG8I.txt [ Cookie:elvis7@ads1.empiretheatres.com/ ]
C:\USERS\ELVIS7\Cookies\7FQPVWN4.txt [ Cookie:elvis7@ads.adultswim.com/ ]
C:\USERS\ELVIS7\Cookies\OT6EPQM8.txt [ Cookie:elvis7@rogersmedia.com/ ]
C:\USERS\ELVIS7\Cookies\J39WWW9F.txt [ Cookie:elvis7@indieclick.com/ ]
C:\USERS\ELVIS7\Cookies\CRFT21Q7.txt [ Cookie:elvis7@us.sitestat.com/future/ ]
C:\USERS\ELVIS7\Cookies\8O6ETNOK.txt [ Cookie:elvis7@e-2dj6wmkiakazwaq.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\2JNHWIF4.txt [ Cookie:elvis7@e-2dj6wjkyomdjogo.stats.esomniture.com/ ]
C:\USERS\ELVIS7\Cookies\IG2CM992.txt [ Cookie:elvis7@stats.paypal.com/ ]
C:\USERS\ELVIS7\Cookies\U6RSUE03.txt [ Cookie:elvis7@amazon-adsystem.com/ ]
C:\USERS\ELVIS7\Cookies\UVFIHFMV.txt [ Cookie:elvis7@stats3.forces.gc.ca/ ]
C:\USERS\ELVIS7\Cookies\QGUKBGQH.txt [ Cookie:elvis7@gpstrackingsystems.biz/ ]
C:\USERS\ELVIS7\Cookies\S9OUZUL5.txt [ Cookie:elvis7@xm.xtendmedia.com/ ]
C:\USERS\ELVIS7\Cookies\JOV8GCRA.txt [ Cookie:elvis7@atdmt.combing.com/ ]
C:\USERS\ELVIS7\Cookies\OMO22L6H.txt [ Cookie:elvis7@rotator.hadj7.adjuggler.net/servlet/ajrotator/track/pt143728 ]
C:\USERS\ELVIS7\Cookies\EE460E6V.txt [ Cookie:elvis7@counters.gigya.com/ ]
media.whosay.com [ C:\USERS\ELVIS7\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCXRPT39 ]
stat.easydate.biz [ C:\USERS\ELVIS7\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\XCXRPT39 ]
media.mtvnservices.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UQNGQXHE ]
secure-us.imrworldwide.com [ C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\#SHAREDOBJECTS\UQNGQXHE ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ETERNITY$@MTVN.112.2O7[1].TXT [ /MTVN.112.2O7 ]
C:\WINDOWS\SYSWOW64\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\ETERNITY$@VIACOM.ADBUREAU[2].TXT [ /VIACOM.ADBUREAU ]

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 AM

Posted 23 November 2011 - 08:52 PM

Please run BitDefender next

Please run a BitDefender QuickScan
  • Click Start Scanner
  • Click Start Scan

    If you are running Firefox you should accept the installation of the Plug-in and restart Firefox
    If you are running Internet Explorer then allow the ActiveX control to install when prompted.


  • Click Start Scan
  • Check the I ACCEPT box on the EULA and click OK
When the scan has finished, it should take about a minute, click View Log and copy and paste the log into your next reply.

Edited by m0le, 23 November 2011 - 08:53 PM.

Posted Image
m0le is a proud member of UNITE

#5 elvis7

elvis7
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 23 November 2011 - 11:00 PM

QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Wed Nov 23 22:54:04 2011
Machine ID: 102011BA

C:\ProgramData\Rpcnet\Bin\rpcld.exe - could not be accessed
--> Process rpcld.exe (6632)
C:\ProgramData\rpcnet\bin\GLAwsnl.dll - could not be accessed
--> Process rpcld.exe (6632)


No infection found.
-------------------



Processes
---------
Absolute Notifier 4792 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
AbsoluteNotifierService 1652 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
FATrayAlert Application 5564 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
FATrayMon 5304 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
Gyration Music Remote 4296 C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicServer.exe
Gyration Music Remote 2116 C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicService.exe
Gyration Music Remote 5264 C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicTray.exe
Installation/Management Application 2568 C:\Windows\SysWOW64\rpcnet.exe
iTunes 5812 C:\Program Files (x86)\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U26 2256 C:\Windows\SysWOW64\java.exe
LinksysUpdater.exe 2152 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
Malwarebytes' Anti-Malware 5820 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Malwarebytes' Anti-Malware 3432 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
Messenger Plus! 5 5460 C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
Microsoft Office OneNote 1324 C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft® Windows® Operating System 3736 C:\Program Files (x86)\Windows Media Player\wmplayer.exe
Norton Ghost 2432 C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
Norton Ghost 5396 C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
Pure Networks Platform 5584 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
Pure Networks Platform 2252 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
Sensible Vision FastAccess 416 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
Stardock ObjectDock 4012 C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
Windows Live Communications Platform 1344 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
Windows Live Messenger 4652 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Windows® Internet Explorer 4716 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 7404 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Windows® Internet Explorer 9016 C:\Program Files (x86)\Internet Explorer\iexplore.exe
µTorrent 5900 C:\Program Files (x86)\uTorrent\uTorrent.exe


Network activity
----------------
Process wlcomm.exe (1344) connected on port 1863 (MSN) --> 64.4.61.209
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 66.132.220.30
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 209.85.145.95
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 209.85.145.95
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 199.68.156.31
Process iexplore.exe (7404) connected on port 443 (HTTP over SSL) --> 66.132.220.119
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 216.137.33.59
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 216.137.33.59
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 66.235.142.2
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 72.14.204.96
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 72.14.204.96
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 74.125.226.89
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 74.125.226.89
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 74.125.226.77
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 74.125.226.77
Process iexplore.exe (7404) connected on port 80 (HTTP) --> 69.171.228.40
Process iexplore.exe (7404) connected on port 443 (HTTP over SSL) --> 69.171.228.40
Process iexplore.exe (9016) connected on port 80 (HTTP) --> 204.145.81.75

Process nmsrvc.exe (2252) listens on ports: 1196
Process uTorrent.exe (5900) listens on ports: 20511


Autoruns and critical files
---------------------------
Absolute Notifier C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
Agent Antidote C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
Agent Antidote C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
Apple Push C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
Catalyst® Control Center C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
FALogNot.dll C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
FATrayMon C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
Gyration Music Remote C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicTray.exe
Intel® PROSet/Wireless C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
Internet Explorer C:\Program Files (x86)\Internet Explorer
iTunes C:\Program Files (x86)\iTunes\iTunesHelper.exe
Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Malwarebytes' Anti-Malware C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
Messenger Plus! 5 C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
Microsoft Office OneNote C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
Microsoft Security Client c:\Program Files\Microsoft Security Client\msseces.exe
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Norton Ghost C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
Power Plan Assistant for Windows® 7 C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLauncher.exe
Pure Networks Platform C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
QuickSet C:\Program Files\Dell\QuickSet\QuickSet.exe
Standalone Scanner Components C:\Program Files (x86)\Norton Security Scan\Engine\3.6.0.31\Nss.exe
Stardock ObjectDock C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
SUPERAntiSpyware C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Synaptics Pointing Device Driver C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Zune® C:\Program Files\Zune\ZuneLauncher.exe


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BitDefender QuickScan C:\Windows\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files (x86)\Bonjour\mdnsNSP.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
CANON iMAGE GATEWAY Album Plugin Utilit C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
DivX Plus Web Player HTML5 <video> C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
DivX VOD Helper Plug-in C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
DivX Web Player C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
Easy-WebPrint EX c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
Easy-WebPrint EX c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
ECOM Loader C:\Windows\Downloaded Program Files\ecmldr32.dll
ECOM Server C:\Windows\Downloaded Program Files\ecmsvr32.dll
FAIESSO DLL C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
Flash® Player Installer/Uninstaller C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Java Deployment Toolkit 6.0.260.3 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U26 c:\program files (x86)\java\jre6\bin\ssv.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® CoReXT C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® CoReXT C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
Microsoft® Windows® Operating System C:\Windows\system32\mswsock.dll
Microsoft® Windows® Operating System C:\Windows\System32\nlaapi.dll
Microsoft® Windows® Operating System C:\Windows\system32\wshbth.dll
NAVAPI C:\Windows\Downloaded Program Files\navapi32.dll
npitunes.dll C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.7 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
Silverlight Plug-In c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Skype Toolbars C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Symantec Antivirus Engine C:\Windows\Downloaded Program Files\naveng32.dll
Symantec Antivirus Engine C:\Windows\Downloaded Program Files\navex32a.dll
Symantec Security Check C:\Windows\Downloaded Program Files\avsniff.dll
Symantec Security Check C:\Windows\Downloaded Program Files\rufsi.dll
TODO: <Product name> C:\Windows\Downloaded Program Files\avsniffdlgs.dll
Windows Live Messenger Companion C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
Windows Live™ Photo Gallery C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\napinsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\system32\pnrpnsp.dll
(verified) Microsoft® Windows® Operating System C:\Windows\System32\winrnr.dll


Scan
----
MD5: 9cef55257cba29119de88dec175be5e0 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifier.exe
MD5: 28d79aaa4e1c15577a86f930e8da5e50 C:\Program Files (x86)\Absolute Software\Absolute Notifier\AbsoluteNotifierService.exe
MD5: 95ed57da07f80ec98d27e64b797e05e9 C:\Program Files (x86)\Absolute Software\Absolute Notifier\Agent.dll
MD5: 5f23d4db8613e000686bf90571192134 C:\Program Files (x86)\Absolute Software\Absolute Notifier\Com.Absolute.Common.Agent.dll
MD5: 9b88e385330cce123cb2589fa9bc2df1 C:\Program Files (x86)\Absolute Software\Absolute Notifier\Com.Absolute.Common.Agent.Remoting.dll
MD5: 77ac8322178fb8f3117cdd3b6dc6e126 C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
MD5: 40947436a70e0034e41123df5a0a7702 C:\Program Files (x86)\Bonjour\mdnsNSP.dll
MD5: ce252b04fb9f4f773a7db5338bfeea5b C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
MD5: e2c59b4bc4296c39ee41997482b14241 c:\program files (x86)\canon\easy-webprint ex\ewpexbho.dll
MD5: 47398631893c7eea7fbaf6010d85e5bb c:\program files (x86)\canon\easy-webprint ex\ewpexhlp.dll
MD5: ad5df6f4fbbc798636edc66bfec7d0de C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
MD5: 3cdea45c32aa24f161c55fa4b33cc063 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: f31208835709a62ecc5d45211d89c772 C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: f577910a133a592234ebaad3f3afa258 C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
MD5: f7dd2d785280db73dc9060f80361befb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
MD5: 37cf2461cb5e40c4cfab82c8fc79a2bc C:\Program Files (x86)\Common Files\Apple\Apple Application Support\ASL.dll
MD5: fc33cbbb9cadcec307da010fe763d04c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CFNetwork.dll
MD5: 054b87c872292a960b9b8a834b34dfa7 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: 149d74e1128a86dc9cfb2851fbea11eb C:\Program Files (x86)\Common Files\Apple\Apple Application Support\icudt46.dll
MD5: 250bf888ddbe88d61eb19a9d4957c794 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 5a963c340de1a01ba6e24945ce05d16a C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuin.dll
MD5: f4bc62990e7e5c29799a895b80fc3177 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libicuuc.dll
MD5: 73862ff693168369a90f046e7f227b83 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MD5: 794950db77aa590c2964eca0a5874a09 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\objc.dll
MD5: 152f8772d5a5cd7883305c3b8d28470e C:\Program Files (x86)\Common Files\Apple\Apple Application Support\pthreadVC2.dll
MD5: 8ba9851e671e8b5e49e303748ffd530c C:\Program Files (x86)\Common Files\Apple\Apple Application Support\SQLite3.dll
MD5: 2e14406e05789f91c9282ae7cfca3a07 C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MD5: d8e18021f91ad79ca8491cb5a5da22d4 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: f7950e8fbb9b26e1a347f00e11ea42b5 C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 95d7f9544b6c989d1aebbbe4664bcd70 C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe
MD5: 0db0ab8415bff81037981af1d3bbbe97 C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe
MD5: 2424231bbd703a677d115c29983b4293 C:\Program Files (x86)\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL
MD5: 785f487a64950f3cb8e9f16253ba3b7b C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
MD5: cf39a105cd553eed31e2255aff4c6742 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
MD5: 45406ffd87f6ba4345b018e303a64ff1 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\wlidcli.dll
MD5: 12b79422a23814429cda9e734c58f78f C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 88240b1d3e0438f576f998311c716743 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\11.1.9051.0.nmcorePS.dll
MD5: fc65070b52225be18f3f630c0c68b70a C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\11.1.9051.0.nmctxtPS.dll
MD5: 181c1c01ade014d1fc07e7059b561cf4 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MD5: cabd1f061fcc85b7fe9c41b770267ee3 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
MD5: 10a3c36b2a76a56a2f6a6d4dc9e8ef4e C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\Linksys.dll
MD5: 7d6454da2922191e05af89736b3dbc9a C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmagnt.dll
MD5: 84fd4787659fdd869ed030ae375ce0eb C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmcore.dll
MD5: e9e83658aa3e1e1ee9f280042c15b695 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxt.dll
MD5: d6633a7a634e6803cb13543808b4c935 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MD5: 04d1bed161b7147e42e911fcdcf33247 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxthl.dll
MD5: e76e95c41d5e006c8009b8922b812c6c C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmrasv.dll
MD5: b55a2c2db672e0597fb9db043c5223cf C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll
MD5: e8cba24628fb569d7660f1711d47f0c5 C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll
MD5: dc1a4f1959f12eaec6bedfd22ddc00b0 C:\Program Files (x86)\Common Files\Symantec Shared\rpAccess\RPAM.dll
MD5: 16549e3412f3a5df2d116854fe03e62b C:\Program Files (x86)\Common Files\Symantec Shared\VProRecovery\EventMonitors.dll
MD5: 169d957e973f41c75cad36111c839857 C:\Program Files (x86)\Common Files\Symantec Shared\VProRecovery\NotifyHandler.dll
MD5: 2a6ea72c19cbbbfa21c2b836297c3658 C:\Program Files (x86)\Common Files\Symantec Shared\VProRecovery\VProAuto.dll
MD5: 88009c2b9fdb4467b34725f5f988969a C:\Program Files (x86)\Common Files\Symantec Shared\VProRecovery\VProObj.dll
MD5: be4e256dc23c9938f3a9bb37cefc2008 C:\Program Files (x86)\Common Files\Symantec Shared\VProRecovery\VProScheduler.dll
MD5: a96cf24dce0dbac3c3b80b61fb1c44a7 C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
MD5: 96af88a09cf6b048dea8c51bd3b4fe0f C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
MD5: 0734c95492371d092367f2f3af794a0d C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
MD5: 58f6d579a4c437557d916483564ae6a1 C:\Program Files (x86)\Druide\Antidote 7\Programmes32\agentantidote.exe
MD5: 1994dafdef221b9e7a3073d46d688918 C:\Program Files (x86)\Druide\Antidote 7\Programmes64\agentantidote64.exe
MD5: b4786017b0b0ed47b661d2c1a968eaae C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicServer.exe
MD5: 3b0973df22aa2df914a469cc8d086740 C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicService.exe
MD5: 492d092472bb15be0a9eb2522a078878 C:\Program Files (x86)\Gyration\Gyration Music Service\GyrationMusicTray.exe
MD5: a1659e4d08fe8d0f0bc61960d8c0369e C:\Program Files (x86)\Internet Explorer\ieproxy.dll
MD5: d9d5b8876afaef641fa71cf40ebfa4f2 C:\Program Files (x86)\Internet Explorer\IEShims.dll
MD5: 904e13ba41af2e353a32cf351ca53639 C:\Program Files (x86)\Internet Explorer\iexplore.exe
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Internet Explorer\plugins\npqtplugin7.dll
MD5: 7001ed498afe9921db7231878de1ce12 C:\Program Files (x86)\iTunes\iTunesHelper.dll
MD5: d743372a621ed03a274539a88eeb3450 C:\Program Files (x86)\iTunes\iTunesHelper.exe
MD5: 3af147edc68cb34cb91b606db6304f11 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 9c94183a22256c35b025a900af4b5372 C:\Program Files (x86)\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: ef900ef15f71bb7ac415bd5cef90b56d C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
MD5: fa784afe3925c4d1e7eb65ca3a9cc72f C:\Program Files (x86)\Java\jre6\bin\awt.dll
MD5: e039fec74cd7cf8c664138ade6b688f4 C:\Program Files (x86)\Java\jre6\bin\client\jvm.dll
MD5: 4b267fff6ba9e985d7964440a69e8146 C:\Program Files (x86)\Java\jre6\bin\fontmanager.dll
MD5: bd1d0f150c25f972951ff1e7381cfb67 C:\Program Files (x86)\Java\jre6\bin\java.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
MD5: f00769b92d4fbbcc66ac298658bbcb69 C:\Program Files (x86)\Java\jre6\bin\net.dll
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
MD5: ef90a560f434ce9c4d92ec4bb878a1ba c:\program files (x86)\java\jre6\bin\ssv.dll
MD5: 048dff56faf13418a4883eba57e0f532 C:\Program Files (x86)\Java\jre6\bin\verify.dll
MD5: 9649b2b14c6aa0b4ad02bba93ca7dc0f C:\Program Files (x86)\Java\jre6\bin\zip.dll
MD5: 06dc2fdc6282f0d68910417b1150c848 C:\Program Files (x86)\Linksys\Linksys Updater\bin\LinksysUpdater.exe
MD5: 63e9acc3fc9e408a5907650fc78c8064 C:\Program Files (x86)\Linksys\Linksys Updater\lib\wrapper.dll
MD5: d8d95f3867c2c93d012660e59e80db20 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.dll
MD5: 4cbe2bd48a10404a7cb9fa9d45fd77a3 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
MD5: 026423673b8563e9975bda97ed6273c7 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
MD5: 0af0c0c737ee9ba80a1c0b72fe9022c8 C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamnet.dll
MD5: 94e920be59b9ab65d95e582dbaa136ac C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
MD5: b98c68ea98ebd13ef1105abc54e15b20 C:\Program Files (x86)\MediaMall\MediaMallServer.exe
MD5: 1843e81fa7acfff4344a7dd4328d7da0 C:\Program Files (x86)\Microsoft Office\Office12\1033\ONINTL.DLL
MD5: 32c9e8f42348343d72013165ea86a3c6 c:\Program Files (x86)\Microsoft Security Client\Antimalware\MpOAv.dll
MD5: 46d748ab26eba869c6953863afd0617d c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\agcore.dll
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: bb9de58ac6513da62c005d92e2db4981 C:\Program Files (x86)\Motorola\MotoConnectService\MotoConnectService.exe
MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 534fb04d167ce2b8de6e180a23646074 C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 13aa2130f2a104dd775ead0f0ee5417b C:\Program Files (x86)\Nero\Update\NASvc.exe
MD5: 87d950a4315cb643c37f8eae7013a634 C:\Program Files (x86)\Norton Ghost\Agent\gearaw32.dll
MD5: d0d265a0808c39939c275832cc0ae56e C:\Program Files (x86)\Norton Ghost\Agent\gwlangEN.dll
MD5: f43b1623e963b1ee564ee0b4d547a6aa C:\Program Files (x86)\Norton Ghost\Agent\gwrks32.dll
MD5: a40d5ddf4cb3fab18eeca9d6eae8f004 C:\Program Files (x86)\Norton Ghost\Agent\VProDirWatcher.dll
MD5: 4ad196a3cfa4d546068e24477a720948 C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe
MD5: 7f232f51427036f7af6a6806257422ec C:\Program Files (x86)\Norton Ghost\Agent\VProTray.exe
MD5: 33f0619afba455581916b1e3dc84b109 C:\Program Files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelper.exe
MD5: ea1a479651ca2e0409c29d586c91901d C:\Program Files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe
MD5: c522058666ef381e04bfc445c5043893 C:\Program Files (x86)\Norton Ghost\Shared\ErrorGui.dll
MD5: 816e42728ac1426869ae458ce85fa0a7 C:\Program Files (x86)\Norton Ghost\Shared\FileBackup.dll
MD5: 2aec8c1eaa335c4903f53e7411196647 C:\Program Files (x86)\Norton Ghost\Shared\sqlite3.dll
MD5: a7c704351cdeadf51e3ca53c840c50ca C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\ccL100U.dll
MD5: 7a03683fdec05543a5cf7aa968129a1f C:\Program Files (x86)\Norton Internet Security\Engine\18.6.0.29\ccL100U.dll
MD5: e2176dc5b947b6dba393344f3a43445e C:\Program Files (x86)\Norton Security Scan\Engine\3.6.0.31\Nss.exe
MD5: cb0f2a96cea61238068d8e88b4449a1d C:\Program Files (x86)\NXP Software\SPOT\Services\Spot2741.exe
MD5: 1b675823bc34e57b9ca38fc732619b2d C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll
MD5: 2b9c488faf584dacc0e46da8b199198a C:\Program Files (x86)\Sensible Vision\Fast Access\FALogNot.dll
MD5: ebe44d1916f440a3c049e39a6044bb17 C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe
MD5: 6fd89fb1134173a53ca875a4ed0fdf44 C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe
MD5: 06f94606fbb17b7c7edeee57ed77655c C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe
MD5: 0ae3ee2a15685bcde716e1ef410d4436 C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
MD5: 88d0d8ce3eff3c44b0530507f12893e1 C:\Program Files (x86)\Skype\Toolbars\Shared\SkypePnr.dll
MD5: 8258726d076c8fff994f468712ddfbab C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
MD5: 6ab6e5ab3beaa26e1c521f526a378e72 C:\Program Files (x86)\Stardock\ObjectDockPlus2\CrashRpt.dll
MD5: 148423fdbc7f0b07d8d166414c95b8ab C:\Program Files (x86)\Stardock\ObjectDockPlus2\dbghelp.dll
MD5: 27b7504b8a4e5ff786edcda89a49116b C:\Program Files (x86)\Stardock\ObjectDockPlus2\DockShellHook.dll
MD5: 85206bfdd3388883f49cf4e3a68b7507 C:\Program Files (x86)\Stardock\ObjectDockPlus2\ObjectDock.exe
MD5: 87eddceb9d22c129e386e652c5cda521 C:\Program Files (x86)\Stardock\ObjectDockPlus2\zlib.dll
MD5: 3ca734ce373e5675fbc15ca2c45228e5 C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys
MD5: 75c6510de759aef08b1cf8530ba923b8 C:\Program Files (x86)\Transcode360\Transcode360.exe
MD5: bb2fcfa2415d0f08653157d8e998d342 C:\Program Files (x86)\uTorrent\uTorrent.exe
MD5: 0ee505f20817f13dea0c6907a94469d2 C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
MD5: af8259001224340fc7c5c28d44786ce4 C:\Program Files (x86)\Windows Live\Contacts\abssm.dll
MD5: 7dd1a2d88f4ff78bb36857b3fb2feb6f C:\Program Files (x86)\Windows Live\Contacts\condb.dll
MD5: 9a89f6e17c2574f73825c715c3cae982 C:\Program Files (x86)\Windows Live\Contacts\conproxy.dll
MD5: dcd05ff0d431f40939d557dc04182926 C:\Program Files (x86)\Windows Live\Contacts\consync.dll
MD5: bcf6b0b3f0de9e541ee3483b23845f91 C:\Program Files (x86)\Windows Live\Contacts\LiveNatTrav.dll
MD5: adb75755d2372fb70f3dc346654c3fa4 C:\Program Files (x86)\Windows Live\Contacts\LivePlatform.dll
MD5: b37a9f9d71457bcf8e43a07da54a3ae1 C:\Program Files (x86)\Windows Live\Contacts\LiveTransport.dll
MD5: e7587845b892f3d3c7c260f23e73169b C:\Program Files (x86)\Windows Live\Contacts\lmcdata.dll
MD5: d77a2698cc74ba040fee98735b1766f2 C:\Program Files (x86)\Windows Live\Contacts\ObjectStore.dll
MD5: 89c8c0003b70912dbf9e72130934f542 C:\Program Files (x86)\Windows Live\Contacts\PresenceIM.dll
MD5: 32d7820ee5d7da1c66214ee0a1d35715 C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
MD5: 758169cb9276c5529a234a1593a47120 C:\Program Files (x86)\Windows Live\Installer\wlshim.dll
MD5: 5171beb3b098bd23bc9e421c613e598d C:\Program Files (x86)\Windows Live\Messenger\msgsc.dll
MD5: 661ceede98a2e0e5cdd7de239eb38353 C:\Program Files (x86)\Windows Live\Messenger\msgslang.dll
MD5: a8fffba5c5fc63e65bbdf5d54174721b C:\Program Files (x86)\Windows Live\Messenger\msgsres.dll
MD5: aea88bf6b5ea7ac03c74b112485a9a54 C:\Program Files (x86)\Windows Live\Messenger\MSIMG32.dll
MD5: 3a8e5a6763024d6a15a85069ba82f2d1 C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
MD5: 5db64f0adbad651b1cd099a79ecaab2b C:\Program Files (x86)\Windows Live\Messenger\RTMPLTFM.dll
MD5: 7366d1e2ca42ad556526c84d519f05c5 C:\Program Files (x86)\Windows Live\Messenger\shareanything.dll
MD5: c2fb797884d9cc30ac0b5fb28146fe7a C:\Program Files (x86)\Windows Live\Messenger\uccapi.dll
MD5: 68c23b93f7b1fbe1e31c6d64d41554d8 C:\Program Files (x86)\Windows Live\Messenger\vvpltfrm.dll
MD5: 0a1ff0b674e2f268799442a434a63bb3 C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
MD5: 2bec36546e074184660203e51682ba58 C:\Program Files (x86)\Windows Live\Shared\UXCalendar.dll
MD5: 4a2cf4297e29be80512cc61cb46e0b96 C:\Program Files (x86)\Windows Live\Shared\uxcontacts.dll
MD5: 950f3dcbe3005a83879ce8465877ac94 C:\Program Files (x86)\Windows Live\Shared\UXCore.dll
MD5: a2fca1cb184c1b3c6190f2f202961efd C:\Program Files (x86)\Windows Live\Shared\uxctl.dll
MD5: 81d34bc1963f87ff89f9e18e1d5a55f8 C:\Program Files (x86)\Windows Live\Shared\WLBici.dll
MD5: 5589384704dc13598208a36d77d77902 C:\Program Files (x86)\Windows Live\Shared\WLDCore.dll
MD5: c67c0cdad89f0efa6026aa1489a39086 C:\Program Files (x86)\Windows Live\Shared\wldlog.dll
MD5: 9476267bb2b113e40ec4b998dbf08fb0 C:\Program Files (x86)\Windows Live\Shared\wlidux.dll
MD5: a80c173ac5c75706bb74ae4d78f2a53d C:\Program Files (x86)\Windows Media Player\wmplayer.exe
MD5: 8f8ab20aa863ea95a421b9d54c74f20c C:\Program Files (x86)\Windows Media Player\wmpnssci.dll
MD5: 058172de1a8ade29ecedf717ce105e63 C:\Program Files (x86)\Yuna Software\Messenger Plus!\detour32.dll
MD5: 75430d2f8b2e204814247d62d9445ce4 C:\Program Files (x86)\Yuna Software\Messenger Plus!\lame_enc.dll
MD5: 00742b11f1492d15a0a8ff25e36ab9be C:\Program Files (x86)\Yuna Software\Messenger Plus!\libsndfile.dll
MD5: 90f11fd6c321d9e0ed70b28f50d19ba6 C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusLive.dll
MD5: ac8d444b9be7280cbcd48f3c696630e7 C:\Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlusRes.dll
MD5: 30183a68e8efde4cb7d65c815081dada C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe
MD5: f9d908de6b166dac9b89bf62fa291ce8 C:\Program Files\Bonjour\mdnsNSP.dll
MD5: ebbcd5dfbb1de70e8f4af8fa59e401fd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: 8d0fd1c316b44557876bac5e780ecb4d C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
MD5: a60a9f1720f5da1431a3dec14d8833f4 C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
MD5: afb5b500ad69e24ed1bc15d1161641ef C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL
MD5: 2bacd71123f42cea603f4e205e1ae337 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
MD5: a708065955c25c728a93e33163c79bf8 C:\Program Files\Dell\QuickSet\QuickSet.exe
MD5: 3777aec8cb30251e43bf0a2b4fec07d5 C:\Program Files\Intel\WiFi\bin\EvtEng.exe
MD5: e8c8673e9a11b2c9dcaa7f954681de79 C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
MD5: 3c0d4b3e80fc4854ca325dd123cc4ded C:\Program Files\iPod\bin\iPodService.exe
MD5: 157e9e498206a3366baa7e4697bdd947 c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
MD5: 566ddd5d82520da01d75f81428ac4c38 c:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe
MD5: 649760a96bf5f9869f3040673900334f c:\Program Files\Microsoft Security Client\msseces.exe
MD5: bde76b7b584b68b807d6a9f972d5d1e5 C:\Program Files\PowerPlanAssistant\PowerPlanAssistantLauncher.exe
MD5: 7d9d615201a483d6fa99491c2e655a5a C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
MD5: 3289766038db2cb14d07dc84392138d5 C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS
MD5: 58a38e75f3316a83c23df6173d41f2b5 C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS
MD5: 302d8522ff30ca031cadf681b7bf2e11 C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MD5: e24810944b2eb49862d835ca5b7e6e43 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
MD5: 6dde1e97be4d50253dfb9090a6a62524 C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
MD5: 06c8fa1cf39de6a735b54d906ba791c6 C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
MD5: a9f3bfc9345f49614d5859ec95b9e994 C:\Program Files\Windows Media Player\wmpnetwk.exe
MD5: 83b6ca03c846fcd47f9883d77d1eb27b C:\Program Files\Zune\WMZuneComm.exe
MD5: 0febed0093d2fd38da6c6e5de1ada24c C:\Program Files\Zune\ZuneLauncher.exe
MD5: 67b787c34fb2888d01b130ae007042d8 C:\Program Files\Zune\ZuneNss.exe
MD5: 4d89fc1c20cf655739efac5da81a67bc C:\Program Files\Zune\ZuneWlanCfgSvc.exe
MD5: 9c17dcd6ddfeb1a012544faf4f2789f6 C:\Windows\AppPatch\AcGenral.DLL
MD5: 638f45c6397c911828d2a478729b23aa C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MD5: 3e80e0995b343504acdc380a6e485193 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MD5: ae6ed044b086de628d79456baf2acf36 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MD5: ad5e49c6f29bae44c175fb1516421d4e C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MD5: 0b8a02326aaa52df2878ead4b3faf2d5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\6f2de1cb69aef1946760a70f355a3075\System.ServiceProcess.ni.dll
MD5: 51366f2498b4513303419df670fedc9c C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\a512243ee9900e621fb8cd990a9c679d\System.Web.Services.ni.dll
MD5: c53291a27182148d28f47cfc2bdadff5 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\8e7909ef6b5f953d49244c6b9f5f5100\System.Web.ni.dll
MD5: a59af86f303b943da25724ef1a9060f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MD5: a2fbad05e30d830e9208b6e8dfb409f6 C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MD5: c1ef78195dee2d5c6175b4bc1f4d69a0 C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MD5: 03ca4a509e1b0e59005a731f54eb9481 C:\Windows\Downloaded Program Files\ecmldr32.dll
MD5: a6e4c541fb166237f85fe757ce183b12 C:\Windows\Downloaded Program Files\ecmsvr32.dll
MD5: 36c05573cf75f6230d453ad168ef54ea C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
MD5: ca74a39806ecd04fd412eabcb70473c9 C:\Windows\Downloaded Program Files\navapi32.dll
MD5: 1d340bf30c4ba80d86c4fbaec5d582e9 C:\Windows\Downloaded Program Files\naveng32.dll
MD5: 30c92d9540816e1becb303b4e50a28a0 C:\Windows\Downloaded Program Files\navex32a.dll
MD5: 1fa2274532e71bc48bbcc0046a5d4c4a C:\Windows\Downloaded Program Files\qsax.dll
MD5: c4002b6b41975f057d98c439030cea07 C:\Windows\ehome\ehRecvr.exe
MD5: 332feab1435662fc6c672e25beb37be3 C:\Windows\Explorer.exe
MD5: 5988fc40f8db5b0739cd1e3a5d0d78bd C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
MD5: a8b7f3818ab65695e3a0bb3279f6dce6 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
MD5: 7b46a076184b73aedc1a66a71d9131e8 C:\Windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
MD5: 59d16fd61802739988728790bf1232b3 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
MD5: 96076b8fcdff3c6db4ccfbf7fe3a9b28 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: f5df6846f30e9f54ea60ccaeb3fb2055 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
MD5: 773212b2aaa24c1e31f10246b15b276c C:\Windows\servicing\TrustedInstaller.exe
MD5: 521b748a7f9923302ca18b7e6aa2eeae C:\Windows\system32\ACTIVEDS.dll
MD5: b7d2873ec0487646ccdf740af748852c C:\Windows\system32\adsnt.dll
MD5: 37ce7a79d901235504f9add99a7ac177 C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
MD5: 7a044b0746d957bfd7aae18cfd8422c5 C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
MD5: 0a12d948b2cc7fbb01e28daa5e7c01ea C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
MD5: cb4863f2bd46aa02d954b86b56a149da C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
MD5: 2cae4ed96aa903578452b85e5383940c C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
MD5: e96170a923a69711b4d08e885f05d889 C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
MD5: 44ca750001f0db8c308d1ca4abd0f8e5 C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
MD5: 15df9eb8daba744e4d0e9b117f760f49 C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
MD5: a2385b02cb492131af6f79959a42a93f C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
MD5: 3ad0832e8e29fbe9bd722e3354dd4f57 C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
MD5: 88dc1714e38d4eb41a4378aab98e753b C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
MD5: a1d4deb5176c96b1a80715f6a1fdfb4f C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
MD5: b302a1630e5aea2d830b76bbcd761d72 C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
MD5: 22f767bb3b704f79363999bd4a49e68e C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
MD5: 00b83152f99e846fefb139c574cd4a96 C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
MD5: 50035c36acee069d0c209288208626d9 C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
MD5: cdf677ad479fa99f2e4d9766b83ef53c C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
MD5: 12c34c7325b74e8347e8db75279a8f3f C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
MD5: 96324ed3218133a13fff82055afac733 C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
MD5: a7bdf88a46bcc218b73e383e6547ba5f C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
MD5: 573c70d7076f2f101752a727db7c2280 C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
MD5: 29b01d02e9ff3d8a63f8747b50a5a1a3 C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
MD5: 0cc90316b34118e3b8af760d92c262a4 C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
MD5: 6f399c3e562c4e69df96039743a7aa26 C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
MD5: f3b94e04053c2483a6fecf953d6661d6 C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
MD5: c6942a18444bfffc3cceca69a7e1879c C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
MD5: f47e08b025ae376ef1342fc9ecfecdf1 C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
MD5: 8a13e14b68e00ac2cb67420396d8a1c5 C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
MD5: 863f793d15b4026b1a5fdeca873d4d84 C:\Windows\system32\apphelp.dll
MD5: 0b0a00bba81d53c2a8394f79c235ee0c C:\Windows\system32\aticfx32.dll
MD5: 10255d7aeb762407d4f73d9197a6bcaa C:\Windows\system32\atidxx32.dll
MD5: ea3596a17e747ad5b2152cd3f042abb7 C:\Windows\system32\atiu9pag.dll
MD5: 57ab8b941db6bdb1dbd6cd80a8edaed5 C:\Windows\system32\atiumdag.dll
MD5: 63fe90a00375f58b40b39922feb50b97 C:\Windows\system32\atiumdva.dll
MD5: d71bdf009d3d900cdcacc72424b462f5 C:\Windows\system32\atiuxpag.dll
MD5: c940f2f5c60b3727c5f18840735b229c C:\Windows\system32\AUDIOSES.DLL
MD5: e24fe90e9de8d8ae70e59f7b01675def C:\Windows\system32\AVICAP32.dll
MD5: dceabba22e12cc44c2e7785c0eb9c6e3 C:\Windows\system32\AVIFIL32.dll
MD5: 45760eecc8b74b251171be4f247f17cb C:\Windows\system32\browcli.dll
MD5: 7a6986dd659b96398a11af5173892715 C:\Windows\system32\Cabinet.dll
MD5: ae9898d5600a232cd8ae3298692162e5 C:\Windows\system32\CLUSAPI.dll
MD5: ad7b9c14083b52bc532fba5948342b98 C:\Windows\system32\cmd.exe
MD5: 4e5fe39c1076d115ec8bfcfe14d75b80 C:\Windows\system32\credssp.dll
MD5: a585bebf7d054bd9618eda0922d5484a C:\Windows\system32\cryptsvc.dll
MD5: 465bea35f7ed4a4a57686dea7ea10f47 C:\Windows\system32\cscapi.dll
MD5: 35cede6439ff0d8903223a0817ffe46c C:\Windows\system32\d2d1.dll
MD5: 2de90400a63818fa38c4c5c9adb166bf C:\Windows\system32\d3d10_1.dll
MD5: 9c36a3ca80f9b204c670336d344f5df8 C:\Windows\system32\d3d10_1core.dll
MD5: 78b7a3bda25c90daa50d36a56a8d1351 C:\Windows\system32\D3D10Warp.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\system32\D3D9.DLL
MD5: 284b59d7b56fc76c80e622ab856b1fab C:\Windows\System32\davclnt.dll
MD5: 53223b673a3fa2f9a4d1c31c8d3f6cd8 C:\Windows\system32\dbghelp.dll
MD5: 162d247e995eaebf3ef4289069e1111c C:\Windows\system32\DEVRTL.dll
MD5: e9e01eb683c132f7fa27cd607b8a2b63 C:\Windows\system32\dhcpcore.dll
MD5: b40420876b9288e0a1c8cca8a84e5dc9 C:\Windows\system32\DNSAPI.dll
MD5: 062373995eae5f0eac9eaa9192136bfb C:\Windows\system32\dnssd.dll
MD5: 0a5c7253183a6f956d10a3a4bbc96288 C:\Windows\system32\DWrite.dll
MD5: 0411b7958c524bb2e91ee1b3035fe321 C:\Windows\system32\dxgi.dll
MD5: 5c3f9dba818cd93379d1a0f215270374 C:\Windows\system32\ESENT.dll
MD5: 8b88ebbb05a0e56b7dcc708498c02b3e C:\Windows\system32\explorer.exe
MD5: e2a17bcc08d92f42e08af6ba2f93aba7 C:\Windows\system32\explorerframe.dll
MD5: 9f36220372cd99eaf5f6acb5703c61eb C:\Windows\system32\FACrashRpt.dll
MD5: e34af66abc85d797581b2e574dbf73c7 C:\Windows\system32\FAib.dll
MD5: f082e8562966e6b84e62d3ddaad99190 C:\Windows\system32\FAIEExtension.DLL
MD5: 2c6999d5d3051ed37f71fbf8ebb69eaf C:\Windows\system32\FAIESSODlg.dll
MD5: 03a03a453f1aaae0c73aaaf895321c7a C:\Windows\System32\fwpuclnt.dll
MD5: ed6f6fbbcdec95483b7351e23f4fcdf6 C:\Windows\system32\IEADVPACK.DLL
MD5: f0f079a8a947fcfbf8275be7ec1a35ae C:\Windows\system32\IEFRAME.dll
MD5: 83424cf46ffef33736df95c6db52f4bb C:\Windows\system32\IEUI.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\system32\IMM32.DLL
MD5: ed27d1d75bf5e683ad3edd9e3123520a C:\Windows\system32\inetcomm.dll
MD5: a90dc9abd65db1a8902f361103029952 C:\Windows\system32\IPHLPAPI.DLL
MD5: 27fc75229eee367d4c0e643c108a90fa C:\Windows\System32\LocationApi.dll
MD5: 8ea53101ff2b15bdff934b62a8fb326d C:\Windows\system32\LOGONCLI.DLL
MD5: fdba1dec4f9be4274a00b9b850c63484 C:\Windows\system32\MF.dll
MD5: 243974ec02f7ae49e4179c54624143ab C:\Windows\System32\MMDevApi.dll
MD5: 7f8678c59f188528d60104e697c2361e C:\Windows\system32\mscms.dll
MD5: d83947a58613e9091b4c9cc0f1546a8d C:\Windows\SYSTEM32\MSCOREE.DLL
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\system32\msdmo.dll
MD5: 7940c04ce581288a3498d57ec4ee47d2 C:\Windows\system32\msfeeds.dll
MD5: 04e0cd31a63dfc0d73725a3d1768fb5a C:\Windows\system32\MSHTML.dll
MD5: 0ce4d3bd306da6d1f6f233c403f5b667 C:\Windows\system32\msi.dll
MD5: eee470f2a771fc0b543bdeef74fceca0 C:\Windows\system32\msiexec.exe
MD5: 35aae2e841aa1a949775168e119482c9 C:\Windows\system32\msls31.dll
MD5: 0b8fe658bd033ec8b1f6fbc305cc65e7 C:\Windows\system32\MSRATING.dll
MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\system32\MSVFW32.dll
MD5: 8999b8631c7fd9f7f9ec3cafd953ba24 C:\Windows\system32\mswsock.dll
MD5: 4205ca4cd43e725db9ff02b0a588a8c6 C:\Windows\System32\msxml3.dll
MD5: 269d867585cda04d3972a39f3694e7df C:\Windows\System32\msxml6.dll
MD5: 8b57a1ad493653bb57f281fe75dd175b C:\Windows\System32\NaturalLanguage6.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\system32\NETAPI32.dll
MD5: eab975db4c2805927fe5bd047d05c9aa C:\Windows\System32\netshell.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\system32\netutils.dll
MD5: 3d57ffbad3ed16b63de3879bab0fb56f C:\Windows\system32\NetworkExplorer.dll
MD5: 104a1070e90f1c530328e69b49718841 C:\Windows\System32\nlaapi.dll
MD5: d7b7159bc8374e87d8c45a30377a3440 C:\Windows\System32\ntlanman.dll
MD5: eb77db354791a5932ca559b6f6374e95 C:\Windows\system32\ntshrui.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\system32\OLEACC.dll
MD5: 487f44b08efeaf5ad087878357b9403d C:\Windows\system32\pdh.dll
MD5: 414bba67a3ded1d28437eb66aeb8a720 C:\Windows\system32\pla.dll
MD5: 12c45e3cb6d65f73209549e2d02eca7a C:\Windows\system32\PROPSYS.dll
MD5: dbc02d918fff1cad628acbe0c0eaa8e8 C:\Windows\System32\provsvc.dll
MD5: 102cf6879887bbe846a00c459e6d4abc C:\Windows\system32\Riched20.dll
MD5: 5997d769cdb108390dcfaebf442bf816 C:\Windows\system32\RpcRtRemote.dll
MD5: 0915c4db6dbc3bb9e11b7ecbbe4b7159 C:\Windows\system32\rtutils.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\system32\SAMCLI.DLL
MD5: 236f286e103fd44bd85fdd93097fd5dd C:\Windows\system32\SearchIndexer.exe
MD5: a8ce0c7f1d37e0b8082608a148b6b976 C:\Windows\system32\Secur32.dll
MD5: 4ae380f39a0032eab7dd953030b26d28 C:\Windows\system32\sessenv.dll
MD5: be247ae996a9fde007a27b51413a6c79 C:\Windows\System32\shdocvw.dll
MD5: 414da952a35bf5d50192e28263b40577 C:\Windows\System32\shsvcs.dll
MD5: 4b9e4ce667df26ada061aa81e9aa841d C:\Windows\system32\SPFILEQ.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\system32\srvcli.dll
MD5: 6a1e8deb746912df47cf651e138401d7 C:\Windows\System32\StructuredQuery.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\system32\SXS.DLL
MD5: 613bf4820361543956909043a265c6ac C:\Windows\System32\tapisrv.dll
MD5: 465dbf63a5049e4db4bc5c12ffe781cb C:\Windows\system32\tquery.dll
MD5: 954ea9b34f155c844b11f4047a8f6f89 C:\Windows\system32\upnp.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\system32\USERENV.dll
MD5: 61ac3efdfacfdd3f0f11dd4fd4044223 c:\windows\system32\userinit.exe
MD5: cfc7d8289d2b5f3cf8d16e2db7f93d4a C:\Windows\system32\wbem\fastprox.dll
MD5: 704314fd398c81d5f342caa5df7b7f21 C:\Windows\system32\wbemcomn.dll
MD5: 34eee0dfaadb4f691d6d5308a51315dc C:\Windows\System32\wcncsvc.dll
MD5: d205c24a9d069049fe2df2a1b38726a7 C:\Windows\system32\wdmaud.drv
MD5: a9d880f97530d5b8fee278923349929d C:\Windows\System32\webclnt.dll
MD5: 02c61d8ad469417f5508225c75de3236 C:\Windows\system32\webio.dll
MD5: 590d5c506044fe02ff7643e32ff9bdac C:\Windows\system32\wer.dll
MD5: 1db71a41daee6b3f8cd0dda8209fa2d5 C:\Windows\system32\WindowsCodecs.dll
MD5: ca9f7888b524d8100b977c81f44c3234 C:\Windows\system32\WINHTTP.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\system32\WINMM.dll
MD5: 9419abf3163b6f0e3ad3dd2b381c879f C:\Windows\system32\WinSCard.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\system32\winspool.drv
MD5: 418e881201583a3039d81f43e39e6c78 C:\Windows\system32\WINSTA.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\system32\wkscli.dll
MD5: 1957d49a9613faad1c73b508cce02aa5 C:\Windows\system32\wmp.dll
MD5: 0fbc74aa20fe0ae6884279f893169c60 C:\Windows\system32\wmploc.dll
MD5: 0f416e23dd2eb4debe70608020cfd283 C:\Windows\system32\wmvcore.dll
MD5: 181f69bc9c406b7fb5c0ade8031630ac C:\Windows\system32\wpdshext.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\system32\ws2_32.dll
MD5: ac122407b29378ff9646f03404ac7c54 C:\Windows\system32\wshbth.dll
MD5: 1b91cd34ea3a90ab6a4ef0550174f4cc C:\Windows\system32\WsmSvc.dll
MD5: 6a6b2ee4565a178035be2a4ff6f2c968 C:\Windows\system32\WTSAPI32.dll
MD5: edf2a5e96bec469da3f64e9bdd386111 C:\Windows\system32\XmlLite.dll
MD5: d2958325c1ae1ae37a83334c6229e3bc C:\Windows\SysWOW64\actxprxy.dll
MD5: 95e2376b3323f062eb562b8586d0f14a C:\Windows\syswow64\ADVAPI32.dll
MD5: f436e847fa799ecd75ad8c313673f450 C:\Windows\syswow64\CFGMGR32.dll
MD5: d1de1eafde97be41cf6585027ff3e732 C:\Windows\syswow64\COMDLG32.dll
MD5: 454e292861a4ef1d72f43f42bbaf6917 C:\Windows\syswow64\CRYPT32.dll
MD5: 6ef5f3f18413c367195f06e503ab86a6 C:\Windows\SysWOW64\d3d9.dll
MD5: 2eeff4502f5e13b1bed4a04ccad64c08 C:\Windows\syswow64\DEVOBJ.dll
MD5: 4312debdacbe338f0b90e7f08e7672be C:\Windows\SysWOW64\Dxtmsft.dll
MD5: ca493a92da9880b6f1a89c3dbd54ba5b C:\Windows\SysWOW64\Dxtrans.dll
MD5: 53af1750fd45ddd705c9b68c7dc58827 C:\Windows\SysWOW64\evr.dll
MD5: d6d3ad7bf1d6f6ce9547613ed5e170a2 C:\Windows\syswow64\GDI32.dll
MD5: ee9d715af1b928982f417238b9914484 C:\Windows\SysWOW64\ieapfltr.dll
MD5: f0f079a8a947fcfbf8275be7ec1a35ae C:\Windows\SysWOW64\ieframe.dll
MD5: 217557259182c86a6d3ade11bc42b74a C:\Windows\syswow64\iertutil.dll
MD5: b2fd31e20b423335fe3273b4bf95813c C:\Windows\syswow64\imagehlp.dll
MD5: 2d11bc8b460957e62e4420373a0d8bda C:\Windows\SysWOW64\imapi2.dll
MD5: a6f09e5669d9a19035f6d942caa15882 C:\Windows\syswow64\IMM32.dll
MD5: 2340832b8b1efb379280a30140d1b7ed C:\Windows\SysWOW64\java.exe
MD5: 8aba7dbfc0dae718245e4569ab0477f6 C:\Windows\SysWOW64\jscript.dll
MD5: 3be120ba72475250fa6bfcb3bee6a7f7 C:\Windows\SysWOW64\jscript9.dll
MD5: 99c3f8e9cc59d95666eb8d8a8b4c2beb C:\Windows\syswow64\kernel32.dll
MD5: 5c2d21c9b6b6175b89bc5d7e3cb979e1 C:\Windows\syswow64\KERNELBASE.dll
MD5: c140f86932b5b61f54a4d836e2d34ab2 C:\Windows\SysWOW64\ksproxy.ax
MD5: 630a31f277349109299e590856a4b004 C:\Windows\SysWOW64\kswdmcap.ax
MD5: 57348ed5916cf4a8d55680b31a482b35 C:\Windows\SysWOW64\Macromed\Flash\Flash10q.ocx
MD5: 6bb36fe5fab0d213c4c1554a2cba67fc C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
MD5: dc6612a9ee015a36ba2a27bc9cc12537 C:\Windows\SysWOW64\MFC42.dll
MD5: 938f39b50bafe13d6f58c7790682c010 C:\Windows\syswow64\MSASN1.dll
MD5: 7069aab8536f29ed7323140973a2894b C:\Windows\SysWOW64\msdmo.dll
MD5: 04e0cd31a63dfc0d73725a3d1768fb5a C:\Windows\SysWOW64\mshtml.dll
MD5: 4c1e16b9a53102c8d6fba587cbcb95de C:\Windows\SysWOW64\msv1_0.DLL
MD5: c335ec1182ac10b188705554e0bc1186 C:\Windows\SysWOW64\MSVFW32.dll
MD5: 8ce1a6d16b9077e91e192499eb611c5f C:\Windows\SysWOW64\NETAPI32.dll
MD5: 1ff7e4f548c7c372c804938f0d5b36ae C:\Windows\SysWOW64\netcfgx.dll
MD5: 20b3934db73eaba2b49b7177873cb81f C:\Windows\SysWOW64\netutils.dll
MD5: d124f55b9393c976963407dff51ffa79 C:\Windows\SysWOW64\ntdll.dll
MD5: 7d34af98a706230cc2dedfe0cabf87ab C:\Windows\SysWOW64\ODBC32.dll
MD5: 928cf7268086631f54c3d8e17238c6dd C:\Windows\syswow64\ole32.dll
MD5: 8e01332cc4b68bc6b5b7effe374442aa C:\Windows\SysWOW64\OLEACC.dll
MD5: 6c765e82b57f2e66ce9c54ac238471d9 C:\Windows\syswow64\OLEAUT32.dll
MD5: cc5bf60e9d3f181c0b62ac91ad8634b8 C:\Windows\SysWOW64\qcap.dll
MD5: 44b13b356c737b628e73833b07cbbf72 C:\Windows\SysWOW64\qedit.dll
MD5: b4d0d2f098c7a68385560df4551551ca C:\Windows\SysWOW64\quartz.dll
MD5: 680643960a81fb929959010f68d8a2bf C:\Windows\SysWOW64\rpcnet.dll
MD5: 3297445bb9fd3e8363e7559010ed2ae7 C:\Windows\SysWOW64\rpcnet.exe
MD5: c5ad8083cf94201f1f8084ecc696a8b7 C:\Windows\syswow64\RPCRT4.dll
MD5: 68ecca523ed760aafc03c5d587569859 C:\Windows\SysWOW64\samcli.dll
MD5: 135f7ac9be35ab1df727faf2e60e92f8 C:\Windows\SysWOW64\schannel.dll
MD5: 10fb16b50affda6d44588f3c445dc273 C:\Windows\syswow64\SETUPAPI.dll
MD5: 699b9dda17581b8e7f50a0ff05c7e102 C:\Windows\syswow64\SHELL32.dll
MD5: 8cc3c111d653e96f3ea1590891491d71 C:\Windows\syswow64\SHLWAPI.dll
MD5: 5ccdcd40e732d54e0f7451ac66ac1c87 C:\Windows\SysWOW64\srvcli.dll
MD5: 7224d964a6d657374c551c878eb2c386 C:\Windows\syswow64\SspiCli.dll
MD5: 919001d2bb17df06ca3f8ac16ad039f6 C:\Windows\SysWOW64\SXS.DLL
MD5: 672d7c5080acb003343006405da2e621 C:\Windows\SysWOW64\thumbcache.dll
MD5: 3bf5881cb3d3402ade70be9e96e18c67 C:\Windows\syswow64\urlmon.dll
MD5: 5e0db2d8b2750543cd2ebb9ea8e6cdd3 C:\Windows\syswow64\USER32.dll
MD5: d15618a0ff8dbc2c5bf3726bacc75a0b C:\Windows\SysWOW64\USERENV.dll
MD5: 804aaafebb3ad5f49334dd906bcb1de5 C:\Windows\syswow64\USP10.dll
MD5: 5e7a2cf7719161c5e6c0e47d67ad45ae C:\Windows\SysWOW64\vbscript.dll
MD5: d3788d91530cfa005bd516189a4c676e C:\Windows\syswow64\WININET.dll
MD5: d5aefad57c08349a4393d987df7c715d C:\Windows\SysWOW64\WINMM.dll
MD5: 9e4b0e7472b4ceba9e17f440b8cb0ab8 C:\Windows\SysWOW64\WINSPOOL.DRV
MD5: 2d0d2da87bea7144f2a17f19d0d17e4c C:\Windows\syswow64\WINTRUST.dll
MD5: e5a4a1326a02f8e7b59e6c3270ce7202 C:\Windows\SysWOW64\wkscli.dll
MD5: a8bb45f9ecad993461e0fef8e2a99152 C:\Windows\syswow64\WLDAP32.dll
MD5: ff3c5379de4fd18498c255d096fed3f5 C:\Windows\SysWOW64\WMADMOD.DLL
MD5: 3b91ea6dc3ae6088c880ab9073a833c2 C:\Windows\SysWOW64\wmpeffects.dll
MD5: 3f2b83695e5bf11930c16af50e991f96 C:\Windows\SysWOW64\wmpps.dll
MD5: 7ff15a4f092cd4a96055ba69f903e3e9 C:\Windows\syswow64\WS2_32.dll
MD5: 7d4dc95a1f5e0818e74a399960569ea1 C:\Windows\SysWOW64\wuapi.dll
MD5: fb633dcc8664e4ccacf562db5bae38cf C:\Windows\SysWOW64\wups.dll
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\Windows\WinSxS\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.6161_none_50934f2ebcb7eb57\MSVCR90.dll
MD5: bdac1aa64495d0f7e1ff810ebbf1f018 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\COMCTL32.dll
MD5: 352b3dc62a0d259a82a052238425c872 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\Comctl32.dll
MD5: 0029eba325f2fc9b6ba46bee33f32a09 C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17514_none_72d18a4386696c80\gdiplus.dll


No file uploaded.

Scan finished - communication took 4 sec
Total traffic - 0.04 MB sent, 1.57 KB recvd
Scanned 625 files and modules - 42 seconds

==============================================================================

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 AM

Posted 24 November 2011 - 02:31 PM

There's nothing there either. Have you had any problems since I replied?
Posted Image
m0le is a proud member of UNITE

#7 elvis7

elvis7
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:06:57 AM

Posted 24 November 2011 - 09:37 PM

well ive changed my passwords since then but how could this hae happened again? an infected pc on the network?

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:11:57 AM

Posted 05 December 2011 - 08:11 PM

I'm not sure that anything has happened, elvis7 - apart from spam being sent from your account. Take a look here for other possibilities

http://www.bleepingcomputer.com/forums/topic287710.html
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users