Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

USB Mass Storage In Device Manager But Not Disk Manager - Rootkit Susp


  • Please log in to reply

#46
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Update:
aswMBR Rootkit has been running 4h 30m. Process Explorere still shows a process ID assigned but, it hasn't gotten CPU for at least 3 Hrs, System Idle Process is consistently at 100% and no disk access indicator.
Trying it in Safe Mode now.

Edited by SGProd, 03 July 2011 - 06:40 PM.

  • 0

Advertisements


#47
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Now showing scanning progress. I suspect this run will complete a bit quicker.
  • 0

#48
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
aswMBR log:
==========
aswMBR version 0.9.7.675 Copyright© 2011 AVAST Software
Run date: 2011-07-03 20:40:55
-----------------------------
20:40:55.906 OS Version: Windows 5.1.2600 Service Pack 3
20:40:55.906 Number of processors: 2 586 0x403
20:40:55.906 ComputerName: FANG UserName:
20:40:57.484 Initialize success
20:40:59.234 AVAST engine defs: 11070301
20:41:14.421 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-e
20:41:14.437 Disk 0 Vendor: SAMSUNG_HD160JJ/P ZM100-34 Size: 152587MB BusType: 3
20:41:16.484 Disk 0 MBR read successfully
20:41:16.500 Disk 0 MBR scan
20:41:16.921 Disk 0 unknown MBR code
20:41:18.937 Disk 0 scanning sectors +312496380
20:41:18.968 Disk 0 scanning C:\WINDOWS\system32\drivers
20:41:42.562 Service scanning
20:41:47.109 Disk 0 trace - called modules:
20:41:47.140 ntoskrnl.exe CLASSPNP.SYS disk.sys atapi.sys hal.dll pciide.sys PCIIDEX.SYS
20:41:47.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8ab59ab8]
20:41:47.171 3 CLASSPNP.SYS[f7637fd7] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-e[0x8ab5fd98]
20:41:47.968 AVAST engine scan C:\WINDOWS
21:13:40.125 AVAST engine scan C:\Documents and Settings\SilvioG
21:25:35.640 AVAST engine scan C:\Documents and Settings\All Users
21:27:46.359 Scan finished successfully
23:56:27.625 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\SilvioG\Desktop\System Security\MBR.dat"
23:56:27.640 The log file has been saved successfully to "C:\Documents and Settings\SilvioG\Desktop\System Security\aswMBR-07-03-2011.txt"

=============================================================================
  • 0

#49
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
TDSSKiller scan completed.
Duration: 00:00:16
Processed: 231 objects
Infection: Not found
No log produced.
  • 0

#50
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Cold Boot Duration:L 00:03:23. Clearly night and day from when we started this adventure.

I just plugged in the USB hard drive that started all this. It still exhibits the same behavior.
Rebooting with the drive plugged in to allow drive to be recognized in Windows Explorer or Disk Manager did not work either.
But the reduced reboot time is great!
  • 0

#51
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Glad we are making progress. aswMBR is a very new program but it's very useful. The guy who wrote it also wrote another program called GMER which for years was our main tool against rootkits. He has recently been hired by Avast and he made some changes to their scanning engine which really improved it.

I think we need to do the eset and bitdefender scans and see if they find anything then run the Avast boot-time scan one more time.

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Let's also try the bitdefender quickscan.

http://quickscan.bitdefender.com/

When it finishes there is a report option. Click on it and copy and paste the report (even if it says nothing found).

Click on the Avast ball. Then click on Scan Computer, then on
Boot-Time Scan then on Settings. Change the Ask at the bottom to Move to Chest. OK then Schedule Now. Reboot and let it run a scan. It may take hours.
Once it finishes it should load windows.

Ron
  • 0

#52
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Good Morning & Happy 4th!
Here are the requested logs from ESET & BitDefender.
Kicking off the Avast! Boot Scan now.

Enjoy the festivites - Don't blow up anything you think you might need later. :)
Silvio


================================

ESET EXPORT TO TEXT FILE:
--------------------------------

C:\!Software\TempInstall\AmpliTube_2.1.2_JimiHendrix_1.0.1.rar probably a variant of Win32/Agent.HCJZGWT trojan deleted - quarantined
C:\Temp\UTLGRFX\PHontDawg Collection DVDISO (10000+ Fonts)\PHontDawg2.iso probably a variant of Win32/Hupigon.BEDPGEA trojan deleted - quarantined

================================

ESET logfile located at C:\Program Files\EsetOnlineScanner\log.txt
--------------------------------

[email protected] as CAB hook log:
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=7.00.6000.17098 (vista_gdr.110420-1745)
# OnlineScanner.ocx=1.0.0.6427
# api_version=3.0.2
# EOSSerial=c672595ae73f2441b8fb2185bdc2f732
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-07-04 01:46:46
# local_time=2011-07-04 09:46:46 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=768 16777215 100 0 25796259 25796259 0 0
# compatibility_mode=6401 16777213 66 100 0 25903703 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=333397
# found=2
# cleaned=2
# scan_time=24990
C:\!Software\TempInstall\AmpliTube_2.1.2_JimiHendrix_1.0.1.rar probably a variant of Win32/Agent.HCJZGWT trojan (deleted - quarantined) 00000000000000000000000000000000 C
C:\Temp\UTLGRFX\PHontDawg Collection DVDISO (10000+ Fonts)\PHontDawg2.iso probably a variant of Win32/Hupigon.BEDPGEA trojan (deleted - quarantined) 00000000000000000000000000000000 C

=======================================

BitDefener QuickScan Report
---------------------------


QuickScan Beta 32-bit v0.9.9.96
-------------------------------
Scan date: Mon Jul 04 09:54:13 2011
Machine ID: 4CDA2F86



No infection found.
-------------------



Processes
---------
AcroTray - Adobe Acrobat Distiller help 3748 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Ashampoo Magic Defrag 2232 C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
Ashampoo Magic Defrag 1768 C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
avast! Antivirus 1836 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
avast! Antivirus 2452 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
Bonjour 1852 C:\Program Files\Bonjour\mDNSResponder.exe
C-Major Audio 3968 C:\WINDOWS\stsystra.exe
D-Link WLAN Application 3144 C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
Emsisoft Online Armor 1176 C:\Program Files\Online Armor\oacat.exe
Emsisoft Online Armor 3740 C:\Program Files\Online Armor\oahlp.exe
Emsisoft Online Armor 1236 C:\Program Files\Online Armor\oasrv.exe
Emsisoft Online Armor 3240 C:\Program Files\Online Armor\oaui.exe
InstallShield Update Service 1732 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
Intel® Common User Interface 3864 C:\WINDOWS\system32\hkcmd.exe
iTunes 3232 C:\Program Files\iPod\bin\iPodService.exe
iTunes 3480 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U26 184 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 1580 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Microsoft® Windows® Operating System 3916 C:\WINDOWS\ehome\ehmsas.exe
Microsoft® Windows® Operating System 1884 C:\WINDOWS\ehome\ehrecvr.exe
Microsoft® Windows® Operating System 1900 C:\WINDOWS\ehome\ehSched.exe
Microsoft® Windows® Operating System 3728 C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System 2704 C:\WINDOWS\ehome\mcrdsvc.exe
Microsoft® Windows® Operating System 1600 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 1228 C:\WINDOWS\system32\wscntfy.exe
MobileDeviceService 1708 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MouseWare 2612 C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
Windows® Internet Explorer 1324 C:\Program Files\Internet Explorer\iexplore.exe
Yahoo! Mail 2820 C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
(verified) GrooveMonitor Utility 2276 C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Microsoft® Windows® Operating System 1308 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3496 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 492 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 128 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 3224 C:\WINDOWS\system32\dllhost.exe
(verified) Microsoft® Windows® Operating System 616 C:\WINDOWS\system32\locator.exe
(verified) Microsoft® Windows® Operating System 572 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 560 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 440 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 848 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 808 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 760 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2776 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1672 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1252 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 972 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 936 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 516 C:\WINDOWS\system32\winlogon.exe
(verified) Microsoft® Windows® Operating System 188 C:\WINDOWS\system32\wuauclt.exe


Network activity
----------------
Process iexplore.exe (1324) connected on port 80 (HTTP) --> 67.238.67.152
Process iexplore.exe (1324) connected on port 80 (HTTP) --> 67.238.67.138
Process iexplore.exe (1324) connected on port 80 (HTTP) --> 69.171.224.14
Process iexplore.exe (1324) connected on port 80 (HTTP) --> 74.125.229.101

Process svchost.exe (808) listens on ports: 135 (RPC)


Autoruns and critical files
---------------------------
AcroTray - Adobe Acrobat Distiller help C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
Adobe Acrobat C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
Adobe CS4 Service Manager C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Alcohol Virual Drive Auto-mount Service C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Ashampoo Magic Defrag C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
C-Major Audio C:\WINDOWS\stsystra.exe
Emsisoft Online Armor C:\Program Files\Online Armor\oaevent.dll
Emsisoft Online Armor C:\Program Files\Online Armor\oaui.exe
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
Intel Modem Event Monitor Application C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe
Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MCW.exe C:\Program Files\Monitor Calibration Wizard\MCW.exe
Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe
Microsoft® Windows® Operating System C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
MouseWare C:\WINDOWS\Logi_MwX.Exe
Nero AG NeroCheck C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
QuickTime C:\Program Files\QuickTime\qttask.exe
SpywareGuard Protection C:\Program Files\SpywareGuard\spywareguard.dll
Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe
Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
Windows® Search C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
Yahoo! Mail C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GrooveMonitor Utility C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll


Browser plugins
---------------
AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
Adobe Acrobat C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
Adobe PDF Toolbar for IE C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
Contribute c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll
Drive Letter Access Component c:\windows\system32\dla\tfswshx.dll
GrooveShellExtensions Module C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll
Java Deployment Toolkit 6.0.260.3 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U26 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U26 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
Microsoft ClearAdjust Module C:\WINDOWS\Downloaded Program Files\clearadjust.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Sample code for GoogleAFE c:\program files\googleafe\googleae.dll
SDHelper.dll C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
SpywareGuard Download Protection C:\Program Files\SpywareGuard\dlprotect.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
WS_FTP Pro C:\Program Files\WS_FTP Pro\wsbho2K0.dll
Yahoo Application State Plugin C:\Program Files\Yahoo!\Shared\npYState.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll
(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll


Scan
----
MD5: ab7b98fe0bd85be46fede7c9cdf54059 c:\ppart\pmsi.networking.services.applicationservice.exe
MD5: 8056586b804bc1c4663a0ac9d3114f28 c:\ppart\pmsi.networking.services.dataservice.exe
MD5: e319c7034fdb55d6be48ee676c2b4c58 c:\program files\adobe\/adobe contribute cs4/contributeieplugin.dll
MD5: 59439888da1057d1c585b90da098ca39 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe
MD5: 91930168b16e0ebf11a648f75e82e549 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU
MD5: f9932c3c8f1c78738f27eb6360acf681 C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
MD5: 387132f6bd26f3c947749ca8fc180aeb C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
MD5: e319c7034fdb55d6be48ee676c2b4c58 C:\Program Files\Adobe\Adobe Contribute CS4\contributeieplugin.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
MD5: 69169586efad19f53c2012ffd8fdcf45 C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MD5: e5c796b621f6fba8616511063d7f0ffe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
MD5: 13b088f235d7682ec6925969b833714f C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: 70f61ffb3fa736bf4a3a49c30614806d C:\Program Files\Alwil Software\Avast5\1033\UILangRes.dll
MD5: d8ebbf704c86546a84748522be0f1a88 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: 5e12a7add37a308f6c0d3fae14582170 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 31d79cb3487e9d8892717b47e2b9b4af C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
MD5: 12c0ee05dd83e40997986b68c68d64fe C:\Program Files\Alwil Software\Avast5\AhResJs.dll
MD5: eb37e35684e0a974561a56e35c1bac63 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
MD5: 4b98c6e1cded22bafb2f2c95621e6ab6 C:\Program Files\Alwil Software\Avast5\AhResMes.dll
MD5: f7c23f5ed3a5ea2de2b9b7130081e891 C:\Program Files\Alwil Software\Avast5\AhResNS.dll
MD5: 04ce86df37beb0171ce554ab8b8c250a C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
MD5: 212a00f274e221cdd235cb643c688bbb C:\Program Files\Alwil Software\Avast5\AhResStd.dll
MD5: b24c3d32622bae7183b3763653fd735e C:\Program Files\Alwil Software\Avast5\AhResWS.dll
MD5: 93ba9a1055b2e64333421a6f5c352eff C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: 25c7c4aa390f5b54956e3b526d5f462c C:\Program Files\Alwil Software\Avast5\ashServ.dll
MD5: 3f665cde964fc1efda762d01fda7c71e C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: b9a46d9e8e6e6b1e8310b4894ae76187 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: 405721b18e44148d3c0cd362c8b5fb1c C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: 640de459a034492d680981abb0aa890c C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 799f67d28ed55b4b4de2d6fb21baf320 C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: 442bd69226b8b7fe0c8956296a9cabda C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: 71a48008fc9c8cd7171cb63aed6cc889 C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: 92d406d7a9934b309b3c8becde3e04c4 C:\Program Files\Alwil Software\Avast5\aswData.dll
MD5: cd3b2a6fa7456df8962f9a9b72421cbb C:\Program Files\Alwil Software\Avast5\aswDld.dll
MD5: d213c34bed142cdcffcf5f0e2a382ccb C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: 56899b0e3b046c26fed9916136a8f600 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
MD5: 4f97bf71999a277323e23f06d4a4d402 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: 4c2a6eee68c65aaf50f9fafe0349fc84 C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: 1eef17552a02708a5280e0240ce1ea3d C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: 3392c3c2afb3af4be57b53afbdb65920 C:\Program Files\Alwil Software\Avast5\aswUtil.dll
MD5: 7de3ee7dbee14c1f8375cb82466c9321 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 4c6898f15701ae7c41775c14e423fe25 C:\Program Files\Alwil Software\Avast5\AvastUI.exe
MD5: 684b3231fb407d4861ec6ae144ed93dc C:\Program Files\Alwil Software\Avast5\CommonRes.dll
MD5: 7b9b731d68eb8d5d4f5eb83bf818f612 C:\Program Files\Alwil Software\Avast5\defs\11070301\algo.dll
MD5: b6fcc5d3a69e64c1dc0d9da4059804f9 C:\Program Files\Alwil Software\Avast5\defs\11070301\aswCmnBS.dll
MD5: aedcfcd587a453774106aaba9c07fec8 C:\Program Files\Alwil Software\Avast5\defs\11070301\aswCmnIS.dll
MD5: dc161d83851521577c26a3f37c995db3 C:\Program Files\Alwil Software\Avast5\defs\11070301\aswCmnOS.dll
MD5: ab0350e01c67b22ba5355ea20b16341d C:\Program Files\Alwil Software\Avast5\defs\11070301\aswEngin.dll
MD5: a0c02cac04f066772a405d2ff6fa2394 C:\Program Files\Alwil Software\Avast5\defs\11070301\aswScan.dll
MD5: a34abf0bb8a9fe8968749688b99007dd C:\Program Files\Alwil Software\Avast5\defs\11070400\algo.dll
MD5: b6fcc5d3a69e64c1dc0d9da4059804f9 C:\Program Files\Alwil Software\Avast5\defs\11070400\aswCmnBS.dll
MD5: aedcfcd587a453774106aaba9c07fec8 C:\Program Files\Alwil Software\Avast5\defs\11070400\aswCmnIS.dll
MD5: dc161d83851521577c26a3f37c995db3 C:\Program Files\Alwil Software\Avast5\defs\11070400\aswCmnOS.dll
MD5: ab0350e01c67b22ba5355ea20b16341d C:\Program Files\Alwil Software\Avast5\defs\11070400\aswEngin.dll
MD5: a0c02cac04f066772a405d2ff6fa2394 C:\Program Files\Alwil Software\Avast5\defs\11070400\aswScan.dll
MD5: 1ae2742bc95ff26fd8868d47ce201a16 C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 3a2e34a32a3eef998d1ca33083844698 C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragCtrl.exe
MD5: 87af08d5ef3ac83a5b2457a5306a296d C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\aDefragService.exe
MD5: 645e6fe0d45a06872b0b5e9a5aa66140 C:\Program Files\Ashampoo\Ashampoo Magic Defrag\bin\ash_inet.dll
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: c38fdd6f1c51f75f2a63b6e53971a4cc C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
MD5: c3104be7d2b689ebe47e2aac64c07530 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: 203a74767eb81f96a5166b1933db46d0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
MD5: ff575e76da89a3cede920bb71ee2f3c7 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
MD5: 185d50da1832a734dc9826037e82be40 C:\Program Files\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll
MD5: 47c1de0a890613ffcff1d67648eedf90 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: e43a851f7b12de589424d6c656155cfc C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Common Files\Ahead\Lib\MFC71.DLL
MD5: c93ab037a8c792d5f8a1a9fc88a7c7c5 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
MD5: 2891b62b2a8181d827add753dccdce7f C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 583b7d111304be63d7d9cb65482d2187 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
MD5: 9e109b03018763fdcb075ce74547be22 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
MD5: 13e7cfe8e269ed15e7fc9c3ebbcb7e2b C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: fab3f0bbc92edc9f35f7865af0556f7d C:\Program Files\Common Files\Logitech\Scrolling\LgMsgHk.dll
MD5: e8dc67ba8d13d07d9ec5ac60643a85a8 C:\Program Files\D-Link\DWA-552 revA\jswpsapi.exe
MD5: 7d774541587474e3471238fa447b54d6 C:\Program Files\D-Link\DWA-552 revA\LIBEAY32.dll
MD5: 1fa14f76231ebb88deb75a8ee98ad7b3 C:\Program Files\D-Link\DWA-552 revA\SSLEAY32.dll
MD5: 4300c397697ba3c041de6e9fd4f9dfb9 C:\Program Files\D-Link\DWA-552 revA\wirelesscm.exe
MD5: 962404a6a63afc060e9cc5fc7b1c2349 C:\Program Files\D-Link\DWA-552 revA\WlanCtl.dll
MD5: f0855f4bc0bf7738033072dc6549bd56 C:\Program Files\D-Link\DWA-552 revA\WlanDll.dll
MD5: a320e50223f908dc831e9fdb2aa9597e C:\Program Files\D-Link\DWA-552 revA\WlanSup.dll
MD5: c310ae885974cf01c0b32d1dc8cc9a2e C:\Program Files\D-Link\DWA-552 revA\WlanWiz.dll
MD5: 1c7f16b06b2be81251b54ddbc0625bf2 C:\Program Files\D-Link\DWA-552 revA\WlanWPS.dll
MD5: 4e6bca1789c823b5eac57bb61d943f09 c:\program files\googleafe\googleae.dll
MD5: bc02e491e88492b02363ce1b384ff7a7 C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
MD5: fd0cba527032d2d3d00e17c0f24a99d3 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: b6e13f9c120c776a89d783e26d6c15c5 C:\Program Files\Internet Explorer\iexplore.exe
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Internet Explorer\plugins\nppdf32.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe
MD5: 8a902eae00a28c96c375dd4e7b38a6f5 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 3ccc253c106ca03eb9b1842c682a2a0d C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: 55520af0f65d5bd7a337dcedde886125 C:\Program Files\iTunes\iTunesHelper.dll
MD5: 0cfbe2d135a73ca98381fc8cc8bc5a03 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 4f99047d255b77fda6e51ea97721e3d8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 795aea2511a1c5082fa690d6bd8d202e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: e7d55e121ff1951cb86c7e0dc6a33877 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 9dba73c2f1e76ec4cb837e67c5743596 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1040bd9bf3ddab7cda2346f8375480a2 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: 2c003d049cd5e45bb88b6f8583561035 c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 1189d45b461e997af17bee5b346bd08a C:\Program Files\Logitech\MouseWare\system\ccmsghk.dll
MD5: 88089e52c154fe04c1e426af3a225c67 C:\Program Files\Logitech\MouseWare\system\ccresrce.dll
MD5: 89930841ebe969479cdb29a091dca048 C:\Program Files\Logitech\MouseWare\system\ccstmglb.dll
MD5: 0488d9f94e56c33c8a7221bfa391b09e C:\Program Files\Logitech\MouseWare\system\ccustom.dll
MD5: bdf269ce109638a0a26b29b2dd933375 C:\Program Files\Logitech\MouseWare\System\devices.dll
MD5: 7d325ec9b9b1589df12d0874700bc59e C:\Program Files\Logitech\MouseWare\system\EM_EXEC.EXE
MD5: a35015fb2e4ffb234b6690a9d602ab0b C:\Program Files\Logitech\MouseWare\system\EVENTEX.dll
MD5: fb17910532d91e7d6dff15d5402727d3 C:\Program Files\Logitech\MouseWare\system\GlbResLt.dll
MD5: 346d7aab3c93ad6c27ad88013cf368c2 C:\Program Files\Logitech\MouseWare\System\LgWndHk.dll
MD5: a430faae0a4db973500b6c882f8848e5 C:\Program Files\Logitech\MouseWare\system\MFC42.DLL
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 451b004c4ace3b84a75cb982627b5e0c C:\Program Files\Microsoft Office\Office12\1033\GrooveIntlResource.dll
MD5: 11da24e40264b9fcb14b8477e25ed09a C:\Program Files\Microsoft Office\Office12\GrooveUtil.DLL
MD5: 269552e0e5bd5bfe0da7ad42fac34c37 C:\Program Files\Microsoft Office\Office12\msohevi.dll
MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll
MD5: 7c02b5a36140e59cd9208c210270010f C:\Program Files\Monitor Calibration Wizard\MCW.exe
MD5: 5eb6f21d95e728c61bcfc89f899d6bb0 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 4393dcb856a2a109e266e6f59e2ef31a C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 8a9bfea84af09b60090e95e6611f2a01 C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
MD5: fd7e9aba274df75e08320420b8e9a1d5 C:\Program Files\NOS\bin\getPlus_Helper.dll
MD5: 4335afb554d748642e89881970f73bdd C:\Program Files\Online Armor\oacat.exe
MD5: d2340b4f838be84a10f45c944f7d77c0 C:\Program Files\Online Armor\oaevent.dll
MD5: 7509d87a3d14161517326e97578ff031 C:\Program Files\Online Armor\oahlp.exe
MD5: c0f3782764b094ceb2aa12d36fe3878e C:\Program Files\Online Armor\oasrv.exe
MD5: 41360215dd7739344668252fe4cf202e C:\Program Files\Online Armor\oaui.exe
MD5: 86f2bf4d5f3ad1fb8f93e43cd0c789de C:\Program Files\Online Armor\OAwatch.dll
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: 964621e8b2415feaa99026ed4f29d198 C:\Program Files\SpywareGuard\dlprotect.dll
MD5: cde968df7ea866320efb8762b50e0ad7 C:\Program Files\SpywareGuard\spywareguard.dll
MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
MD5: 994ad0d8550b8b26990a6e3aa0791502 C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
MD5: d43a2b9e1b9f36a9a61dae7bc5c4f1d0 C:\Program Files\WS_FTP Pro\LIBEAY32.dll
MD5: 82641b068f5bc08d5414dd4d5e000ba9 C:\Program Files\WS_FTP Pro\nsftpch.dll
MD5: 368c274dd054148d8007d862f8df6bfe C:\Program Files\WS_FTP Pro\Res0409.DLL
MD5: a6614ba85bdf69688e2d1371ae1eb456 C:\Program Files\WS_FTP Pro\SSLEAY32.dll
MD5: 6554baf271ffe10fd3cb940cc99ecccb C:\Program Files\WS_FTP Pro\sslsvc.dll
MD5: 831bd37ea4d7707831fd5879ee3daf33 C:\Program Files\WS_FTP Pro\wsbho2K0.dll
MD5: 62b68fe6f190c90b51aaae2f6ab50ab0 C:\Program Files\WS_FTP Pro\wsfirscr.dll
MD5: f3003ff98841fbe15d41ca769a772e83 C:\Program Files\WS_FTP Pro\wsftpext.dll
MD5: 547bd3da6dec1fbbd0f7365c53ca810f C:\Program Files\WS_FTP Pro\wsftplib.dll
MD5: 2a45615c91363a942fadf58ad8bde681 C:\Program Files\WS_FTP Pro\wshosts.dll
MD5: 7d21171da91a625692daa6e0f27d27b2 C:\Program Files\Yahoo!\Common\YMailAdvisor.exe
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 939522429b24a97d57e84c2a2daec45e C:\WINDOWS\Downloaded Program Files\clearadjust.dll
MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll
MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe
MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll
MD5: 5d1347aa5ae6e2f77d7f4f8372d95ac9 C:\WINDOWS\ehome\ehrecvr.exe
MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe
MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll
MD5: 7e48b4958c131e9643ddcd2e7ca3fe9f C:\WINDOWS\ehome\ehtray.exe
MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe
MD5: 34a14cd6b6e9c8bfbabeaf6eed5149bb C:\WINDOWS\Logi_MwX.Exe
MD5: 9a2d686c89acc36e3aa7cde3d1c45c1a c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: a81135541c9d4ebce43efa8ad31395b4 C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE
MD5: 0f869e88fa4489fbe231a42646488ce8 C:\WINDOWS\stsystra.exe
MD5: c0d44791c969d65e63f250bc8ba0dc57 C:\WINDOWS\system32\AdobePDF.dll
MD5: 68a4886e62ab6279a695f18733a9faba C:\WINDOWS\system32\advpack.dll
MD5: 01cfa88f8dee91ec9f8e0988f49d106e C:\WINDOWS\system32\AVICAP32.DLL
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll
MD5: c28aef8f74d851bb3feec3f9053c8915 C:\WINDOWS\system32\COMNCTR.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll
MD5: f423702417504a4c57b3af2e0491cbd4 C:\WINDOWS\system32\corpol.dll
MD5: b373075cc1c45c1a8f3147088e85bb15 C:\WINDOWS\system32\cpwmon2k.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll
MD5: 11a9e0581f6441876ffbf331d294c10a C:\WINDOWS\System32\dhcpqec.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 30698355067d07da5f9eb81132c9fdd6 C:\WINDOWS\system32\dla\tfsnboio.sys
MD5: fb9d825bb4a2abdf24600f7505050e2b C:\WINDOWS\system32\dla\tfsncofs.sys
MD5: cafd8cca11aa1e8b6d2ea1ba8f70ec33 C:\WINDOWS\system32\dla\tfsndrct.sys
MD5: 8db1e78fbf7c426d8ec3d8f1a33d6485 C:\WINDOWS\system32\dla\tfsndres.sys
MD5: b92f67a71cc8176f331b8aa8d9f555ad C:\WINDOWS\system32\dla\tfsnifs.sys
MD5: 85985faa9a71e2358fcc2edefc2a3c5c C:\WINDOWS\system32\dla\tfsnopio.sys
MD5: bba22094f0f7c210567efdaf11f64495 C:\WINDOWS\system32\dla\tfsnpool.sys
MD5: 81340bef80b9811e98ce64611e67e3ff C:\WINDOWS\system32\dla\tfsnudf.sys
MD5: c035fd116224ccc8325f384776b6a8bb C:\WINDOWS\system32\dla\tfsnudfa.sys
MD5: 37943b990d318145d1efcbeef8f9566a c:\windows\system32\dla\tfswshx.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys
MD5: 08e6891421d44ac3e044bd8790b3c46d C:\WINDOWS\system32\DRIVERS\athw.sys
MD5: f934d1b230f84e1d19dd00ac5a7a83ed C:\WINDOWS\system32\DRIVERS\bridge.sys
MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys
MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\drvnddm.sys
MD5: 95974e66d3de4951d29e28e8bc0b644c C:\WINDOWS\system32\DRIVERS\e100b325.sys
MD5: 197583f4039e80d55ba19a39898d18ca C:\WINDOWS\system32\drivers\InCDFs.sys
MD5: b08611bfdc4834abebd764d7c897c45e C:\WINDOWS\system32\drivers\InCDPass.sys
MD5: f8f84098640887b109c96a87456f0269 C:\WINDOWS\system32\drivers\InCDRm.sys
MD5: 7509c548400f4c9e0211e3f6e66abbe6 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
MD5: 9584ffdd41d37f2c239681d0dac2513e C:\WINDOWS\system32\DRIVERS\IntelC52.sys
MD5: cf0b937710cec6ef39416edecd803cbb C:\WINDOWS\system32\DRIVERS\IntelC53.sys
MD5: ad67795900aa8c05cc4570f5349e0639 C:\WINDOWS\system32\DRIVERS\jswscimd.sys
MD5: 3c357dfdbbf2b4b01aa4b9c8a26e4416 C:\WINDOWS\system32\DRIVERS\LHidFlt2.Sys
MD5: aef09673376a4d93c09e8341854f1bf4 C:\WINDOWS\system32\DRIVERS\LMouFlt2.Sys
MD5: 8fd868e32459ece2a1bb0169f513d31e C:\WINDOWS\system32\DRIVERS\mcdbus.sys
MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys
MD5: 59b8b11ff70728eec60e72131c58b716 C:\WINDOWS\system32\DRIVERS\mohfilt.sys
MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: 23b7f6e15bac00564def87be3d99c020 C:\WINDOWS\system32\drivers\OADriver.sys
MD5: 9cc719b8a5ec37ca236e42f53d335e02 C:\WINDOWS\system32\drivers\oahlp32.sys
MD5: 7892b33d20b73e336ad2eedc451b7673 C:\WINDOWS\system32\drivers\OAmon.sys
MD5: 18eb23ec320af150a1a658457fe61124 C:\WINDOWS\system32\drivers\OAnet.sys
MD5: d970470f8f39470bdae94d313a1ccdce C:\WINDOWS\System32\Drivers\PxHelp20.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys
MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\ssrtln.sys
MD5: 2a2dc39623adef8ab3703ab9fac4b440 C:\WINDOWS\system32\drivers\sthda.sys
MD5: 4c0b8ef721783f52f8e531fbdc4b1f74 C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
MD5: bb2c5a7a555b387b85481b8bde5370d7 C:\WINDOWS\system32\DRIVERS\wlndis50.sys
MD5: 791cc487ffb2faafb21697b269f565ad C:\WINDOWS\system32\Dxtmsft.dll
MD5: 05a0ee1013a64b9b64a16ac9e31fe3a6 C:\WINDOWS\system32\Dxtrans.dll
MD5: 3b06cdd1a41618944a906589c052f2b3 C:\WINDOWS\System32\eapqec.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll
MD5: 035029d2b692a5c73becf7331f9c65b5 C:\WINDOWS\system32\hccutils.DLL
MD5: 82adc58b63e069ac4641a33ea9841e54 C:\WINDOWS\system32\hkcmd.exe
MD5: 277a1742c1db220d2cd1b04602f1e6e2 C:\WINDOWS\system32\ieapfltr.dll
MD5: 42958c214051d80bbb4f7cbbfecf672b C:\WINDOWS\system32\ieframe.dll
MD5: 5cf855ed94e3bddcd01e0bd1cfa9fa2f C:\WINDOWS\system32\iepeers.dll
MD5: 96ecae3c85692d7fc9d3d96617961919 C:\WINDOWS\system32\iertutil.dll
MD5: 4e89bf45219bb2cf4f931201e2f5755e C:\WINDOWS\system32\IEUI.dll
MD5: 18c288f56f1d670682d64807914413bf C:\WINDOWS\system32\igfxdev.dll
MD5: 6b3cdfd6a7903561b5acaf5535927204 C:\WINDOWS\system32\igfxres.dll
MD5: 965f92d5d32b3584eae533d9f37dddcf C:\WINDOWS\system32\igfxsrvc.dll
MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\jscript.dll
MD5: a8bb3add20d3ef31928abe7ddd3aa8ed C:\WINDOWS\system32\jsproxy.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: fddb97c7c9de181c180d6f00bd309ce5 C:\WINDOWS\system32\lmdimon8.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: efbef826c183cf8edab324ce514d69b7 C:\WINDOWS\system32\Macromed\Flash\Flash10t.ocx
MD5: 77b645b655759f574b2555276fa111d9 C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll
MD5: 2152542c06731d48ef55e8697d3490c3 C:\WINDOWS\system32\msfeedssync.exe
MD5: 855f6333e3a4dfc6f3c8b0520c261fcd C:\WINDOWS\system32\MSFTEDIT.DLL
MD5: 4c57eaf103103f4bcd084a9a353573b0 C:\WINDOWS\system32\mshtml.dll
MD5: 1a90cd8088fefef16c35855648b6a419 C:\WINDOWS\system32\mshtmled.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: f7bbaa9485f04e46a053e147cdfad079 C:\WINDOWS\System32\mssha.dll
MD5: 64b33cc5bf131def2721394cf9b3f8ed C:\WINDOWS\system32\MSVBVM60.DLL
MD5: e325bcdbb6ded6c89f679b8ae89e975c C:\WINDOWS\system32\msvidctl.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 87906187b3af89582380d156da601f68 C:\WINDOWS\System32\napipsec.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\oleaut32.dll
MD5: dc2de5b6527048b5aed4a5aca2fa9e52 C:\WINDOWS\system32\pngfilt.dll
MD5: fb8e05cedb3ef65c80febd2698c80998 C:\WINDOWS\System32\qagent.dll
MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\shell32.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: e9829b067d7d9a3221606b5ff7948102 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr8.dll
MD5: 4424ae65f7af8181ac99fe46bc2700c9 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 230eedee132305e3acce6bbbb10d6ab6 C:\WINDOWS\system32\stacapi.dll
MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll
MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll
MD5: 1396f781364754123e5180074fc3cb85 C:\WINDOWS\System32\tsgQec.dll
MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll
MD5: 34894d1273de45e333a7d109d970ec5a C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: a9d6a86051f59ae5f5682c92a39a3e24 C:\WINDOWS\system32\webcheck.dll
MD5: 791f5a173da00d2bb6959ee18a140ad2 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\System32\Wlanapi.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: 215422272bbadd7dda57d0372062d293 C:\WINDOWS\system32\xmllite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 8 sec
Total traffic - 0.02 MB sent, 1.38 KB recvd
Scanned 787 files and modules - 47 seconds

==============================================================================
  • 0

#53
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Click on the Avast ball and then on Scan Logs, select the Boot-time scan report then View Results. How many did it find?


I would uninstall the Adobe Download Manager. This is something they used to make you download in order to get adobe reader but they have stopped after a lot of protests. The thing is always loaded even when not downloading adobe.

Also uninstall Vuze. P2P programs like Vuze are a big source of malware.

Download Flash_Disinfector.exe by sUBs
http://download.blee...Disinfector.exe
and save it to your desktop.

* Double-click Flash_Disinfector.exe to run it and follow any prompts that may appear.
* The utility may ask you to insert your flash drive and/or other removable drives. Please do so and allow the utility to clean up those drives as well.
* Wait until it has finished scanning and then exit the program.
* Reboot your computer when done.


Note: Flash_Disinfector will create a hidden folder named autorun.inf in each partition and every USB drive plugged in when you ran it. Don't delete this folder...it will help protect your drives from future infection.
Also want to install AutoRun Eater v2.5
http://download.cnet...4-10752777.html
It will stay resident and prevent USB drives from infecting your PC.


Clear the Event logs, reboot and run VEW again and post the logs. Also I think it's time to run an OTL quick scan again to see where we stand. Do you have any problems other than the USB now?

Ron
  • 0

#54
SGProd

SGProd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Ron,
My deepest apologies for having been out of touch on this over the past week. Had to fly up north on the 4th to deal with a death in my family, along with the ensuing arrangements, estate matters etc. - just got back early this morning. I do hope your holiday and week were better.

So... The last process I was able to run was the Flash Disinfector. Upon completion the machine became v-e-r-y sluggish again - as it still is now. My wife swears she did not touch the machine in my absence (as per my request) and it's just the two of us here.

I also just tried to reboot - that took approximately 16 min to come back up to where the machine will accept input.
Keyboard input (as in typing this post) seems to work OK but response from mouse clicks on Windows Explorer (for example: double-clicking on the shortcut to open Internet Explorer) take anywhere from 8 to 30 seconds + for the system to respond (such as for the application to open).

Shall I still continue on with the remaining steps in your last post -and- should I perform them in safe mode instead of normal?
  • 0

#55
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,794 posts
  • MVP
Sorry to hear of the death in the family. Delays are no problem. I don't keep track. Also was off island the last three days so it's just as well.

I don't see why Flash Disinfector should have slowed things down. Skip the AutoRun Eater and go on with the others. Best to do it in regular mode if you can.

Ron
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP