Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Suspected Malware - Please help

Started by UKBobby , Nov 18 2011 11:16 AM

  • Please log in to reply

#16
UKBobby
Posted 20 November 2011 - 02:23 PM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the first ESET log

C:\_OTL\MovedFiles\11192011_110409\C_Program Files\6DF77\lvvm.exe a variant of Win32/Kryptik.VQC trojan cleaned by deleting - quarantined

and here is the second

ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
DLL:pipe not connected. attempts=1
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ddf3200c89793a418c3f857d1f54d9e9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-20 12:03:26
# local_time=2011-11-20 12:03:26 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 895009 895009 0 0
# compatibility_mode=768 16777215 100 0 79270659 79270659 0 0
# compatibility_mode=4609 16776533 60 61 52668 34871070 0 0
# compatibility_mode=8192 67108863 100 0 3738 3738 0 0
# scanned=155436
# found=1
# cleaned=1
# scan_time=41677
C:\Documents and Settings\Dave\My Documents\Downloads\PC_Stalker-Clear Sky (eng)-.direct.play.- ToeD\SCS_1504.7z probably a variant of Win32/TrojanDownloader.Obfuscated.HGKAUYG trojan (deleted - quarantined) 00000000000000000000000000000000 C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=ddf3200c89793a418c3f857d1f54d9e9
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-11-20 07:40:05
# local_time=2011-11-20 07:40:05 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 944151 944151 0 0
# compatibility_mode=768 16777215 100 0 79319801 79319801 0 0
# compatibility_mode=4609 16776533 60 61 101810 34920212 0 0
# compatibility_mode=8192 67108863 100 0 52880 52880 0 0
# scanned=242885
# found=1
# cleaned=1
# scan_time=19933
C:\_OTL\MovedFiles\11192011_110409\C_Program Files\6DF77\lvvm.exe a variant of Win32/Kryptik.VQC trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
  • 0

Advertisements

#17
UKBobby
Posted 20 November 2011 - 02:27 PM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Here is the quickscan/bitdefender log


QuickScan 32-bit v0.9.9.100
---------------------------
Scan date: Sun Nov 20 20:26:03 2011
Machine ID: E026DF77



No infection found.
-------------------



Processes
---------
A4Tech X7-Works Mouse Driver 932 C:\Program Files\A4Tech\Mouse\Amoumain.exe
Adobe Photoshop Elements 1184 C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
Bonjour 416 C:\Program Files\Bonjour\mDNSResponder.exe
BullGuard 440 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
BullGuard 2536 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
BullGuard 108 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
Creative Service for CDROM Access 1516 C:\WINDOWS\system32\CTSVCCDA.EXE
Creative Volume Control 1372 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
Folder Size for Windows 1548 C:\Program Files\FolderSize\FolderSizeSvc.exe
iTunes 3152 C:\Program Files\iPod\bin\iPodService.exe
iTunes 1260 C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE 6 U29 548 C:\Program Files\Java\jre6\bin\jqs.exe
Java™ Platform SE Auto Updater 2 0 956 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies TrayAgent 1060 C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
Logitech SetPoint 3928 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
Logitech SetPoint 2216 C:\Program Files\Logitech\SetPoint\SetPoint.exe
MBCameraMonitor.exe 2732 C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
Microsoft Xbox 360 Accessories 924 C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Microsoft® Windows Live ID 3380 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
Microsoft® Windows Live ID 2324 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
Microsoft® Windows® Operating System 140 C:\WINDOWS\system32\spoolsv.exe
MobileDeviceService 364 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
NVIDIA Driver Helper Service, Version 2 1688 C:\WINDOWS\system32\nvsvc32.exe
NVIDIA Update Components 2236 C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PnkBstrA.exe 2408 C:\WINDOWS\system32\PnkBstrA.exe
SMax4PNP Application 980 C:\Program Files\Analog Devices\Core\smax4pnp.exe
TomTom HOME 3200 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
VIA Telecom Service 1188 C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
(verified) GoogleToolbarNotifier 196 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® .NET Framework 3888 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(verified) Microsoft® Windows® Operating System 648 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3164 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 1036 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 1872 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 1352 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1016 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 996 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 1128 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 912 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 236 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 612 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1404 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1444 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1324 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1568 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1608 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2836 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1952 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1692 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3580 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1084 C:\WINDOWS\system32\winlogon.exe
(verified) Windows® Internet Explorer 2576 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 2816 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3588 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 3896 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process iexplore.exe (3588) connected on port 80 (HTTP) --> 173.194.35.5
Process iexplore.exe (3588) connected on port 443 (HTTP over SSL) --> 173.194.67.95
Process iexplore.exe (3588) connected on port 80 (HTTP) --> 69.171.224.14
Process iexplore.exe (3588) connected on port 80 (HTTP) --> 217.156.169.195
Process iexplore.exe (3588) connected on port 80 (HTTP) --> 63.140.35.28

Process svchost.exe (1444) listens on ports: 135 (RPC)
Process svchost.exe (1952) listens on ports: 2869 (SSDP event notification, UPNP)


Autoruns and critical files
---------------------------
A4Tech X7-Works Mouse Driver C:\Program Files\A4Tech\Mouse\Amoumain.exe
AMD Dual-Core Optimizer C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe
BullGuard C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
Creative Updreg C:\WINDOWS\UpdReg.EXE
Creative Volume Control C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
HP DeskJet C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
iTunes C:\Program Files\iTunes\iTunesHelper.exe
Java™ Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe
Kies C:\Program Files\Samsung\Kies\KiesHelper.exe
Kies TrayAgent C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
Logitech SetPoint c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
Logitech SetPoint C:\Program Files\Logitech\SetPoint\SetPoint.exe
MBCameraMonitor.exe C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
Microsoft Office XP C:\Program Files\Microsoft Office\Office10\OSA.EXE
Microsoft Xbox 360 Accessories C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\nvcpl.dll
NVIDIA Media Center Library C:\WINDOWS\system32\NvMCTray.dll
nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
P17 AudioControlX2 Module C:\WINDOWS\system32\P17.dll
QuickTime C:\Program Files\QuickTime\qttask.exe
SMax4PNP Application C:\Program Files\Analog Devices\Core\smax4pnp.exe
VideoPad Video Editor C:\Program Files\NCH Software\VideoPad\videopad.exe
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
(verified) Ahead Software Gmbh NeroCheck C:\WINDOWS\system32\NeroCheck.exe
(verified) Google Update C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe
(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
AcroIEHelper Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
Battlefield Play4Free Updater C:\WINDOWS\Downloaded Program Files\BP4FUpdater.dll
Battlefield Play4Free Updater C:\WINDOWS\Downloaded Program Files\BP4FUpdater.exe
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
BullGuard C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
BullGuard C:\WINDOWS\system32\BGLsp.dll
Contact Extractor C:\WINDOWS\Downloaded Program Files\contactx.dll
Coupons Inc., Coupon Printer Manager C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
CTPID ActiveX Control Module C:\WINDOWS\Downloaded Program Files\CTPIDPDE.ocx
EA Battlefield Heroes Updater C:\WINDOWS\Downloaded Program Files\BFHUpdater.dll
EA Battlefield Heroes Updater C:\WINDOWS\Downloaded Program Files\BFHUpdater.exe
Facebook Photo Uploader 5 C:\WINDOWS\Downloaded Program Files\PhotoUploader5.ocx
Google Toolbar for Internet Explorer C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
Google Update C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
Google Update C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
Java Deployment Toolkit 6.0.290.11 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\jp2ssv.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
Java™ Platform SE 6 U29 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
Microsoft® Windows Live ID C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
Musicnotes C:\Program Files\Musicnotes\npmusicn.dll
npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
npsibelius.dll C:\Program Files\Musicnotes\npsibelius.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Pando Web Plugin C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
PhotoBox uploader C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
PhotoboxPhotowaysUploader5 C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
PicasaWeb Uploader Module C:\WINDOWS\Downloaded Program Files\UploaderX.dll
PicLens Installer for Internet Explorer C:\WINDOWS\Downloaded Program Files\plinstll.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
Symantec Shared Components C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Google Updater C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
(verified) Winamp Application Detector C:\Program Files\Mozilla Firefox\plugins\npwachk.dll


Scan
----
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Documents and Settings\Dave\Local Settings\Application Data\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: fad38f59492b14306f9ac55917426699 C:\Program Files\A4Tech\Mouse\Amoumain.exe
MD5: 180000e93ca1d32bcaa19a139f3287aa C:\Program Files\A4Tech\Mouse\Amoures.dll
MD5: 3fd8dc2c9735c2aa70155102cfb93eda C:\Program Files\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
MD5: c34984319992c4d07296d9cb9f4af4c3 C:\Program Files\Adobe\Photoshop Elements 7.0\platform.dll
MD5: ebc0e8c0a4dda2c32a7d5863462a321a C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MD5: 79858e0abad22cee51a814ac064a88d1 C:\Program Files\Analog Devices\Core\smax4pnp.exe
MD5: 264b89216fb683a9d2357a63656aafe5 C:\Program Files\Analog Devices\Core\SMWDMIF.dll
MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe
MD5: 9064d871ef0125b58cc58afc767f1e47 C:\Program Files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
MD5: 37bc9e0e4b3657b54037777135569d1e C:\Program Files\Bonjour\mdnsNSP.dll
MD5: f2060a34c8a75bc24a9222eb4f8c07bd C:\Program Files\Bonjour\mDNSResponder.exe
MD5: bd2ba9ef5e1fadab7c791fc631a994d8 C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll
MD5: de11f5c3e9bda993b65e1518d46bc438 C:\Program Files\BullGuard Ltd\BullGuard\antirootkit\profos.sys
MD5: a27e0189a80ae34736022a2c577e1564 C:\Program Files\BullGuard Ltd\BullGuard\Antivirus\Definitions1\bdcore.dll
MD5: b872571635934d9f95223eb5a7e6e11d C:\Program Files\BullGuard Ltd\BullGuard\BackupShellHook.dll
MD5: 9b965a2b39409bc1da2e451f426a4831 C:\Program Files\BullGuard Ltd\BullGuard\BgShellExt.dll
MD5: 5f15f8a2fe5d087f6ebdc3961a8b198e c:\program files\bullguard ltd\bullguard\bsbrowser.dll
MD5: 851d103e59788cb65b6f8f75f1ef984d c:\program files\bullguard ltd\bullguard\bsfilescan.dll
MD5: 06005732c3197e6a03dca40f73d55d01 c:\program files\bullguard ltd\bullguard\bsfire.dll
MD5: d2c80f17f24276c4d82e7b67c209561c c:\program files\bullguard ltd\bullguard\bsmailproxy\bsmailproxy.dll
MD5: b271b46a8bac9641e51989750a4c1654 c:\program files\bullguard ltd\bullguard\bsmain.dll
MD5: 664416378f8247754c9a9e774e062a6e C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe
MD5: 64371ba8f6f03a72110c74ab900e67f7 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
MD5: 173ee0192b8a172d1e7aea6f36e1058e C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
MD5: 84c23fdd6b9f484f8a9a35696c60bdd1 C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
MD5: f8d4fb701900336458b2951ce9ab9faa C:\Program Files\BullGuard Ltd\BullGuard\LIBBZ2.dll
MD5: 54d322cbbee04939f92743ca144cc6c1 C:\Program Files\BullGuard Ltd\BullGuard\libcurl.dll
MD5: 983cc2d00fdd0ca23773e9aeb28da437 C:\Program Files\BullGuard Ltd\BullGuard\LIBEAY32.dll
MD5: 944c1c62ec20f8a32c1be1c547787d2a C:\Program Files\BullGuard Ltd\BullGuard\libxml2.dll
MD5: 15db8298cab94e3ceaf910377b04b27b C:\Program Files\BullGuard Ltd\BullGuard\NSServ.dll
MD5: 75c3c9b17087e8830a3726240b945186 C:\Program Files\BullGuard Ltd\BullGuard\res\en\BGAntiphishingIEBHORes.dll
MD5: 271e57d8713c41c3d0aa10c09b0afeea C:\Program Files\BullGuard Ltd\BullGuard\res\en\BgShellExtRes.dll
MD5: 36a416127be56522d29e8c7d2e3fade7 C:\Program Files\BullGuard Ltd\BullGuard\res\en\BullGuardBhvScannerRes.dll
MD5: 8822b3808286bfc202d7b88ec10696f6 C:\Program Files\BullGuard Ltd\BullGuard\SSLEAY32.dll
MD5: c4f6b64f61934523e2dad838d4b23b12 C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe
MD5: a98569782d23c22cdb1064826d12b404 C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MD5: c11f6a1f61481e24be3fdc06ea6f7d2a C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll
MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL
MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll
MD5: d30dd708f05fb85ef2c53727ed3573d2 C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll
MD5: 38711bb50d27b7145186f61ce31b3336 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll
MD5: 9e515554a3ea7b70c975f61971c6977d C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll
MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll
MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll
MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll
MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll
MD5: 6e3245df783e58375b3465f03274743e C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: cf480a158502332be8afa589963bb0e1 c:\program files\common files\logishrd\bluetooth\LBTServ.dll
MD5: a0f7dc0080e4f97dc97de08b699e231b C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
MD5: 2acbfef9984f0fe9849da857206ccecc c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
MD5: 8a244848ba55750733fec7c2fcf39abd C:\Program Files\Common Files\Logishrd\KHAL2\KhalApi.dll
MD5: 2027fe3aeab821a35df6a6394e7bc07b C:\Program Files\Common Files\Logishrd\KHAL2\KHALHID.DLL
MD5: e80bd1af0ec504090654b747059a42e5 C:\Program Files\Common Files\Logishrd\KHAL2\KHALHPP.DLL
MD5: 148a9f671cf5f55a4089af2cea74df79 C:\Program Files\Common Files\Logishrd\KHAL2\KHALITCH.DLL
MD5: 19e0d28fe38f55ca4c63f77d3657959a C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
MD5: 29d15e2a9c8d8d72c1689b12599c8f63 C:\Program Files\Common Files\Logishrd\KHAL2\KHALMOU.DLL
MD5: c47f66c47a1d2f5f6cc95184cf0375be C:\Program Files\Common Files\Logishrd\KHAL2\KHALMW.DLL
MD5: 97cf0bc350d365d9c098f86d712bd297 C:\Program Files\Common Files\Logishrd\KHAL2\KHALUSB.DLL
MD5: f76d04f7413b07daa029f6520b64b4e8 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
MD5: fb4c7b747d17882f8c5e3644cf07012f C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: 5eb87ba0b93ca7e894fc8002e3ce4c2a C:\Program Files\Common Files\Microsoft Shared\Windows Live\sqmapi.dll
MD5: edafa57c298461a5ea448f4b546afb4b C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
MD5: a9c88d729b2afd9e80bda22400d7da49 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.crl
MD5: 06de1310e3f1ea208b3c3b3c3ade6b55 C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
MD5: 8084668d40e5eb157839c5519e533541 C:\Program Files\Creative\Shared Files\CTIniF.dll
MD5: ec046688c85011435dc8071eba02f833 C:\Program Files\Creative\Shared Files\CtrlSrc.dll
MD5: eeb43b761b01f7668a466a1439e4d675 C:\Program Files\Creative\Shared Files\CTTheme.dll
MD5: ebf4c4557fbfea9ccf642abd5a239471 C:\Program Files\Creative\Shared Files\GDICtrl.skc
MD5: 36854f9057f22ee937e0820f872b0f52 C:\Program Files\Creative\Shared Files\GDICtrl2.skc
MD5: 1602eecc8b71bda0947134871a5a1478 C:\Program Files\Creative\Shared Files\GDICtrl3.skc
MD5: 4dd881b1918d195682ea7e696000d342 C:\Program Files\Creative\Shared Files\mxlib.dll
MD5: 4f9f52be3e01b724cfd15268d95d8cdf C:\Program Files\Creative\Shared Files\RtxCtrl.skc
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: c32446289c6da22be6ec9df8e147adb1 C:\Program Files\FolderSize\FolderSizeColumn.dll
MD5: 7c2b319ef1f62837aad0cdd76f0b84c6 C:\Program Files\FolderSize\FolderSizeSvc.exe
MD5: c3ae580c6383e40e738d2f9ecbdc6ec0 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_32_180E402F04DFD0EC.dll
MD5: e0929d3026599b26c0c2478b5e0e5329 C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll
MD5: c097df5cd7dcb95e0d95644a993ac7ec C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
MD5: 872e0242259f0cdda05354dd1a5f3b89 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\gtn.dll
MD5: a953e104137df406b70477d60bc29008 C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll
MD5: 8c2044169be2224c8a7cb8e81e7581af C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll
MD5: 23c7c424d37a7675622ca97355d96bdd C:\Program Files\Google\Update\1.3.21.79\psmachine.dll
MD5: ed377b3c83fdea8d906109a085d219ba C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
MD5: ee4c7a4cf2316701ffde90f404520265 C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
MD5: 8eb0a2a9040cf4b66690fc80ca355902 C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
MD5: 1115eea4ae0da72e416b210adba424a2 C:\Program Files\Internet Explorer\xpshims.dll
MD5: b84a28b3984185eda8867541af14cddb C:\Program Files\iPod\bin\iPodService.exe
MD5: 84cb60e2abc023e81fdf5c335568fb94 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL
MD5: 14c7e5cef764ae4708e820f61d048319 C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL
MD5: ba0f6dcc3181a4e3cbb02ec41153bb72 C:\Program Files\iTunes\iTunesHelper.dll
MD5: 53d96678fb89f056d5285101481297d9 C:\Program Files\iTunes\iTunesHelper.exe
MD5: 99aaa6c83d40be9db1ba81141b2aebc8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL
MD5: 562814461db20253b42bb806c994d20d C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL
MD5: 7f8aefd3bbc0f30c42c59fd27a828dcf C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
MD5: dc365b6e595683f67bc21a203432e336 C:\Program Files\Java\jre6\bin\jp2ssv.dll
MD5: 381b25dc8e958d905b33130d500bbf29 C:\Program Files\Java\jre6\bin\jqs.exe
MD5: 1e96525ae85d402f9f8047f8caef5f06 C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
MD5: e3a7850421a4ab8b15fc174eb587bc6b C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
MD5: 01e9b4de8290767bd05f1eff4eeca521 C:\Program Files\Logitech\SetPoint\GameHook.dll
MD5: b1efb8afe95483b29c96cf85e81e0a36 C:\Program Files\Logitech\SetPoint\IMHook.dll
MD5: cc84d6fb94ff29d0a7fca2b363aab7fd C:\Program Files\Logitech\SetPoint\KEMHook.dll
MD5: 8eb7717bac088a69646f1d5474e8b50e C:\Program Files\Logitech\SetPoint\kgame.dll
MD5: 8fe1f0decabaec25ca50df2a0901a761 C:\Program Files\Logitech\SetPoint\LCabHandler.dll
MD5: 1318c19ccc2e74f55137268c41ccf86f C:\Program Files\Logitech\SetPoint\lgscroll.dll
MD5: 0c56004a95702b35e99bafe09f92ae87 C:\Program Files\Logitech\SetPoint\Macros\MacroCore.dll
MD5: 529932af45384f41151b71e2416e8575 C:\Program Files\Logitech\SetPoint\Macros\MacroMedia.dll
MD5: d0948be9b3547b9669195d7f84fc09f7 C:\Program Files\Logitech\SetPoint\SetPoint.exe
MD5: 9261ce6e86e7caf12be049055be7b8fc C:\Program Files\Logitech\SetPoint\SetPointCOM.dll
MD5: 38f2c84db3b6f94d12336df0a03c1595 C:\Program Files\Logitech\SetPoint\WebBrowserSupport.dll
MD5: 167d24a045499ebef438f231976158df C:\Program Files\MAGIX\Common\Database\bin\fbserver.exe
MD5: 844c363b47960cafcd81e5285269f280 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
MD5: 5bc65464354a9fd3beaa28e18839734a C:\Program Files\Microsoft Office\Office10\OSA.EXE
MD5: ce6db25ffa35fd051c503f11db745862 c:\Program Files\Microsoft Silverlight\4.0.60831.0\npctrl.dll
MD5: c4aa81ea4434c2c14b6648ad7cd8294e C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
MD5: efb611e35d084e9118011c5f470580b6 C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
MD5: 47aff25b68ce4885fec6cfdef8febb5c C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
MD5: 6c859c6fce6d694eafd7ea3ae66d54db C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
MD5: 99cfd68041a113cae232bc806629ddd3 C:\Program Files\Musicnotes\npmusicn.dll
MD5: 288b2ae6741c5910978e5efc274b2ee1 C:\Program Files\Musicnotes\npsibelius.dll
MD5: ab150c5b4b04b303300975dbbf793ba6 C:\Program Files\NCH Software\VideoPad\videopad.exe
MD5: 3c09cc7992a8adecd1fddfd5d8e69bae C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
MD5: baa6dd20f3b9e5f65becf4b1884d0ed1 C:\Program Files\NVIDIA Corporation\nView\nview.dll
MD5: eb4487413773a7a68fb5cbd7552aa648 C:\Program Files\NVIDIA Corporation\nView\nvshell.dll
MD5: d72dd0931224a8eaa81711a40590bbe2 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe
MD5: 4f5dd281dc40dd225fa9614111752769 C:\Program Files\NVIDIA Corporation\NvUpdate\NvUpdt.dll
MD5: bae48cf32f1a13f7987cebf2f8509dc4 C:\Program Files\NVIDIA Corporation\NvUpdate\NVUPDTR.DLL
MD5: 6dc9f21bc671355223bb2aa6964d227a C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll
MD5: 8c7a8a2424aea48b413b0e1d3aa62e3a C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll
MD5: 8530b9736917e2a86384a9a837bf518a C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
MD5: 01cd3123949bec27845c5f6e0be1983a C:\Program Files\PIXELA\Everio MediaBrowser\GetUSBDeviceID.DLL
MD5: 6af647ea7b8875c5ee5c1c746f104b54 C:\Program Files\PIXELA\Everio MediaBrowser\MBCameraMonitor.exe
MD5: 8e0c32c649d0ea53e8dba2f213e7a577 C:\Program Files\PIXELA\Everio MediaBrowser\pxl_m17n_tool.dll
MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll
MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts
MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe
MD5: d87963d9464f29deabfd0f8241405bdf C:\Program Files\Samsung\Kies\External\DeviceModules\UPNPDevice_Kies.dll
MD5: dcea8fd211b42d249b7c51e0f5a88013 C:\Program Files\Samsung\Kies\KiesHelper.exe
MD5: acd3675d56d1ec37197c43e553ec171a C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
MD5: 871a8aabe38ef9ead4400a32778f9546 C:\Program Files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
MD5: bb402688e25e6a58188a4fbe8cfb58df C:\Program Files\Samsung\USB Drivers\26_VIA_driver2\x86\VIAService.exe
MD5: 747e60b773e95f6c93d5621b550d6865 C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
MD5: 6f222e21a57ebe48c2589a28165dd5ea C:\Program Files\WinZip\WZSHLSTB.DLL
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: 516fd7927172bbbe2d335ea94d816b9e C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\ca87ba84221991839abbe7d4bc9c6721\mscorlib.ni.dll
MD5: 28a631eeb905d3ba01841ce54b07b676 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\b2f0318713eca304eaa9d86fc17edb96\PresentationCore.ni.dll
MD5: 9badda1687826598892badde1ca102b3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\66873b557d5c7013e4c630361473b0c2\PresentationFontCache.ni.exe
MD5: e26d6062aaba181a666636eaed07189a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\abef85f2fb8ba830eda73e2d12e8d41e\System.ServiceProcess.ni.dll
MD5: 7400c2b29c0024ebc98b94f3ae6034d5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\af39f6e644af02873b9bae319f2bfb13\System.ni.dll
MD5: 34b106f407a2dbcf855f919d782c09c1 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\1adc4ae51a5ac63e896a1402749ca495\WindowsBase.ni.dll
MD5: f4ab8e6e00a3c0b2625f988ff1e2e939 C:\WINDOWS\Downloaded Program Files\BFHUpdater.dll
MD5: ef30fd972b2170fc6e9c9892adaf8151 C:\WINDOWS\Downloaded Program Files\BFHUpdater.exe
MD5: e8bad584c676a776a4ad3d164f400ec2 C:\WINDOWS\Downloaded Program Files\BP4FUpdater.dll
MD5: bd5990d8ec063727895443918464a515 C:\WINDOWS\Downloaded Program Files\BP4FUpdater.exe
MD5: 238a6ffc7ee17330c1c5859c7827ee2d C:\WINDOWS\Downloaded Program Files\contactx.dll
MD5: 6a3ad6dabe21b7f0d19c3072c02f9d52 C:\WINDOWS\Downloaded Program Files\CTPIDPDE.ocx
MD5: e65dd6cb09c1c7056147840d88fd53f6 C:\WINDOWS\Downloaded Program Files\ImageUploader4.ocx
MD5: bdff925dcdd534b1c49bb5bfbaa64d20 C:\WINDOWS\Downloaded Program Files\ImageUploader5.ocx
MD5: 9a2c2e1b331fa3cdd967fd5974e9f6dc C:\WINDOWS\Downloaded Program Files\plinstll.dll
MD5: 1fa2274532e71bc48bbcc0046a5d4c4a C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: 2c58372f36fa9ac9937a188fae31ec06 C:\WINDOWS\Downloaded Program Files\symdlmgr.dll
MD5: 4314a3b6073bdb452725f8efd4b77c34 C:\WINDOWS\Downloaded Program Files\UploaderX.dll
MD5: bf88feadc7786ea328bdcc5cb116de89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: d9a87688c9b2311998cb8589287df5b7 C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
MD5: 248408896f47f7315a9ee73008308ebd C:\WINDOWS\system32\Amhooker.dll
MD5: 6be28bbf8113d818bb207709c9ac4f9a C:\WINDOWS\system32\BgGamingMonitor.dll
MD5: 16e2762656a798ae44611749b9391438 C:\WINDOWS\system32\BGLsp.dll
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: a90e118f12d355f9946dfb30a8f94609 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll
MD5: 2a9e427681169f02274ad8c17d52fa2d C:\WINDOWS\system32\CSRSRV.dll
MD5: 3c8b6609712f4ff78e521f6dcfc4032b C:\WINDOWS\system32\CTSVCCDA.EXE
MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll
MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll
MD5: ce03d313a12cbc886c3beba3b4967a8a C:\WINDOWS\system32\drivers\ADIHdAud.sys
MD5: 058cdc314672a28a90566a787d9876e7 C:\WINDOWS\system32\drivers\AEAudio.sys
MD5: a7b8a3a79d35215d798a300df49ed23f C:\WINDOWS\system32\drivers\Afc.sys
MD5: 1e44bc1e83d8fd2305f8d452db109cf9 C:\WINDOWS\System32\drivers\afd.sys
MD5: 14ba5ca5d11771ce8e8b6cc6830a2436 C:\WINDOWS\system32\DRIVERS\afw.sys
MD5: 1f3d61965a9bd278a205d3062176e45c C:\WINDOWS\system32\DRIVERS\afwcore.sys
MD5: 0940030d5a5869067ccc03e3b0b8dec7 C:\WINDOWS\system32\DRIVERS\alcan5wn.sys
MD5: 4c9577888c53243e2991456f510488a1 C:\WINDOWS\system32\DRIVERS\alcaudsl.sys
MD5: ad8fa28d8ed0d0a689a0559085ce0f18 C:\WINDOWS\system32\DRIVERS\AmdLLD.sys
MD5: 779e01016ffc3eaf8190b2dbd852b9d0 C:\WINDOWS\system32\DRIVERS\Amfilter.sys
MD5: 7c3547a212d92184adb362dbcae16854 C:\WINDOWS\system32\DRIVERS\Amusbprt.sys
MD5: 42175a3b56922a8c9a294fa6f0b18344 C:\WINDOWS\system32\DRIVERS\BdSpy.sys
MD5: fdc06e2ada8c468ebb161624e03976cf C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
MD5: c2eb4539a4f6ab6edd01bdc191619975 C:\WINDOWS\system32\drivers\cpuz135_x32.sys
MD5: 3649eefa90990249267dd6c7808cbc86 C:\WINDOWS\system32\DRIVERS\ctoss2k.sys
MD5: fcbb8ea6fe935d2c531d3a4dee9f985b C:\WINDOWS\system32\DRIVERS\ctsfm2k.sys
MD5: 24e0ddb99aeccf86bb37702611761459 C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys
MD5: 144011d14bd35f4e36136ae057b1aadd C:\WINDOWS\System32\Drivers\LUsbFilt.Sys
MD5: 956bd3a1db91f7e2b9153ee7600d5648 C:\WINDOWS\system32\DRIVERS\Moufiltr.sys
MD5: d0ac7ac40fff21056b1a3401361958ca C:\WINDOWS\System32\Drivers\MouseCap.sys
MD5: 7d304a5eb4344ebeeab53a2fe3ffb9f0 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
MD5: d5059366b361f0e1124753447af08aa2 C:\WINDOWS\system32\drivers\MSTEE.sys
MD5: ac31b352ce5e92704056d409834beb74 C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
MD5: abd7629cf2796250f315c1dd0b6cf7a0 C:\WINDOWS\system32\DRIVERS\NdisIP.sys
MD5: 0109c4f3850dfbab279542515386ae22 C:\WINDOWS\system32\DRIVERS\ndistapi.sys
MD5: de84e8384d2125ff7f98e5cb7d1a0da0 C:\WINDOWS\system32\DRIVERS\NSKernel.sys
MD5: b42b5e7fd56da5a27ffa398f158b9784 C:\WINDOWS\system32\DRIVERS\NSNetmon.sys
MD5: 6733e80a193fc36f41c24142b0c45c0e C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
MD5: fddd1aeb9f81ef1e6e48ae1edc2a97d6 C:\WINDOWS\system32\DRIVERS\OVCD.sys
MD5: 9a1c06e3888891757913ef08cb9f8a81 C:\WINDOWS\system32\drivers\P17.sys
MD5: 71ddb3a663ddce1651cfe35993fb1c31 C:\WINDOWS\system32\drivers\p17filt.sys
MD5: 6c1618a07b49e3873582b6449e744088 C:\WINDOWS\system32\drivers\pfc.sys
MD5: 0087f01d35a65b32393cc8bba46ee4a6 C:\WINDOWS\system32\DRIVERS\qv2kux.sys
MD5: cb9310a5a910648d359c99a857e22a54 C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys
MD5: d3fa9fb502ad62001101f495bbbac42e C:\WINDOWS\system32\drivers\ScreamingBAudio.sys
MD5: b6a6b409fda9d9ebd3aadb838d3d7173 C:\WINDOWS\system32\drivers\Senfilt.sys
MD5: 1ffc44d6787ec1ea9a2b1440a90fa5c1 C:\WINDOWS\system32\DRIVERS\SLIP.sys
MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: c9f9cafafbffaf7e380efc353ccc940c C:\WINDOWS\system32\DRIVERS\ssudbus.sys
MD5: 91970cc4a3a30a01c1573184a62f5143 C:\WINDOWS\system32\DRIVERS\ssudmdm.sys
MD5: a9f9fd0212e572b84edb9eb661f6bc04 C:\WINDOWS\system32\DRIVERS\StreamIP.sys
MD5: 5d8c820e2d885c25ffc6bbc5d4fe073c C:\WINDOWS\system32\drivers\tbhsd.sys
MD5: d391f1171a2e3a7080df6faae7a20c0b C:\WINDOWS\system32\DRIVERS\Trufos.sys
MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys
MD5: dc7f91b2ed24a738c807ea07f298928c C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
MD5: 56fb00bec891a38b54c68e52bce2b0a4 C:\WINDOWS\system32\DRIVERS\WPN111.sys
MD5: 233cdd1c06942115802eb7ce6669e099 C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
MD5: 09e5340bd9b2cb730bf4dc6be7721291 C:\WINDOWS\system32\DRIVERS\xusb21.sys
MD5: 27248878e8420bffc2feeed07cafc2d6 C:\WINDOWS\system32\easyUpdatusAPIU.dll
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: c66379ef23be14ce93788b35c2f60a11 C:\WINDOWS\system32\hpinksts8911LM.dll
MD5: 1a3f7c562c78cb2b96ec31541373aad5 C:\WINDOWS\system32\HPScanMiniDrv_DJ1050_J410.dll
MD5: 3183bfa7bdf50662f9094bc720eb7af9 C:\WINDOWS\system32\hpzll5ha.dll
MD5: 0217cd51d55ca3e693a682664d3de2bf C:\WINDOWS\system32\ieframe.dll
MD5: aaf56985933f7d3e953e1b994d22e4f4 C:\WINDOWS\system32\iepeers.dll
MD5: 7cfdeb1560eacad6006d653ec55d12d0 C:\WINDOWS\system32\iertutil.dll
MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll
MD5: a7db3812b8b4a2990120f59365f697d3 C:\WINDOWS\system32\kemutb.dll
MD5: a8cc23eec3eeade85b9cbe11ce7e7036 C:\WINDOWS\system32\KemUtil.dll
MD5: 9c6030f6a16cb0b834695aa9d767f8f7 C:\WINDOWS\system32\KemWnd.dll
MD5: 2607f1d062fcc0d474993b6e2fe9a4cf C:\WINDOWS\system32\KemXML.dll
MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll
MD5: 15914e0bf4dda56cf797993dccb637d1 C:\WINDOWS\system32\KsUser.dll
MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll
MD5: bd007d624e4cd905ab2e8df2c6de891c C:\WINDOWS\system32\Macromed\Flash\Flash11c.ocx
MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL
MD5: 3f790874a85819e94574f3e7af9c5806 C:\WINDOWS\system32\msctfime.ime
MD5: 9e0d70607f833470963672d170bc035d C:\WINDOWS\system32\msfeeds.dll
MD5: 4963cb503600fc3bcbdbfba51fba1fac C:\WINDOWS\system32\mshtml.dll
MD5: 8c22083ed515dc94d575438662f0be6a C:\WINDOWS\system32\msi.dll
MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll
MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll
MD5: 93ee430371fa5a724f843316490372c0 C:\WINDOWS\system32\nvapi.dll
MD5: 99b2552e9b3cd482e292d17a732a9607 C:\WINDOWS\system32\nvcpl.dll
MD5: f2902946619e2ce58f28f1151ea0d075 C:\WINDOWS\system32\NvMCTray.dll
MD5: f82a449c1b4c3b7f30dbde684eca8da1 C:\WINDOWS\system32\NVRSENG.DLL
MD5: 2e6ed9fe65a9b3ec606603ed0f33dd7d C:\WINDOWS\system32\nvsvc32.exe
MD5: c2102164f9ac83b39e0d29c44fb4d490 C:\WINDOWS\system32\nvwddi.dll
MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: 20200ee3cfe10e9f0c028d8653be11c6 C:\WINDOWS\system32\OLEACC.dll
MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll
MD5: f20aed482116d0702fa6ef1dc02bd699 C:\WINDOWS\system32\P17.dll
MD5: 1713d9de407313138118d501b0e3c05b C:\WINDOWS\system32\PnkBstrA.exe
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll
MD5: 0e3605a5e7c23f1139c5c448e1eaf494 C:\WINDOWS\system32\shimgvw.dll
MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll
MD5: fe26945cd0cf666856c3cd82d67f583b C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb05.exe
MD5: d0e39177c896d2f8191a9c96636276df C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5ha.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll
MD5: 31b6e9e116a3d6f8eb13202c9b5db403 C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll
MD5: 1a377838b4b468e37c3eeb5baa24f925 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 95cf3446911a6e25ee4086df8a45b2aa C:\WINDOWS\system32\winsrv.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 5caf91e865fe0c85048a233e594544d2 c:\windows\system32\WUDFPlatform.dll
MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll
MD5: 77f595dee5ffacea72b135b1fce1312e C:\WINDOWS\system32\XINPUT1_3.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: c419df63e0121d72411285780c2fc6cc C:\WINDOWS\UpdReg.EXE
MD5: d5e459bed3db9cf7fc6cc1455f177d2d C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_a4c618fa\ATL80.DLL
MD5: 0b3595a4ff0b36d68e5fc67fd7d70fdc C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCP80.dll
MD5: c9564cf4976e7e96b4052737aa2492b4 C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
MD5: e2c48cd0132d4d1dc7d0df9a6bef686a C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_150c9e8b\MFC80U.DLL
MD5: 28a09777d2d952122567a8a82f1a2c7b C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFCLOC_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_6a5bb789\MFC80ENU.DLL
MD5: 4c39358ebdd2ffcd9132a30e1ec31e16 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCP90.dll
MD5: cdbe9690cf2b8409facad94fac9479c9 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_31a54e43\MSVCR90.dll
MD5: ca6ade4f7761bb15b3325356dc3b82bb C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_028bc148\mfc90u.dll
MD5: fbfca1a574d47ee575448b719cbbf2e4 C:\WINDOWS\WinSxS\x86_Microsoft.VC90.MFCLOC_1fc8b3b9a1e18e3b_9.0.30729.6161_x-ww_730c3508\MFC90ENU.DLL
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll


No file uploaded.

Scan finished - communication took 1 sec
Total traffic - 0.02 MB sent, 1.14 KB recvd
Scanned 733 files and modules - 24 seconds

==============================================================================
  • 0

#18
RKinner
Posted 20 November 2011 - 02:36 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
That should be all of the infection. The last part starting with :Start, Run, eventvwr.msc, OK to bring up the Event Viewer." is more of a checkup. Any sign of the original problem?

Ron
  • 0

#19
UKBobby
Posted 20 November 2011 - 02:44 PM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Ron

Just trying to do the sfc /scannow part but cannot get past a loop - asking for xp home disc (which I have and have in the CD ROM drive) but tells me not corect - can I leave this out as cannot get past it?

Do I need to do the last parts of your previous post?

"Start, Run, sigverif, OK

Press Start. This will check your drivers. If you just get a few when it finishes tell me what they are. If you get a lot just look for those with newish dates (since about the time the problem started.)


1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning


Then use the 'Number of events' as follows:


1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.


Please post the Output log in your next reply then repeat but select Application.


Ron "

Or just your last post?

Dave
  • 0

#20
RKinner
Posted 20 November 2011 - 03:01 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Just skip down to where it starts with
1. Please download the Event Viewer Tool by Vino Rosso
  • 0

#21
UKBobby
Posted 20 November 2011 - 03:02 PM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Had a look at the drivers - nothing since 2006 without verification so no issues there

the link http://images.malwar...om/vino/VEW.exe does not seem to work - and have had a look at event veiwer and cannot see any issues relating to the issue

cheers
  • 0

#22
RKinner
Posted 20 November 2011 - 03:12 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
The original link I gave you works. The copies don't because the forum software abbreviates them.

http://images.malwar...om/vino/VEW.exe
  • 0

#23
UKBobby
Posted 20 November 2011 - 03:17 PM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Hi Ron

Yes - it worked - here is the log

Vino's Event Viewer v01c run on Windows XP in English
Report run at 20/11/2011 21:16:50

Note: All dates below are in the format dd/mm/yyyy

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - error Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Log: 'System' Date/Time: 20/11/2011 20:31:25
Type: error Category: 0
Event: 7000 Source: Service Control Manager
The adfs service failed to start due to the following error: The system cannot find the file specified.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
'System' Log - warning Type
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#24
RKinner
Posted 20 November 2011 - 03:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,624 posts
  • MVP
Copy the next line:

reg delete HKLM\SYSTEM\CurrentControlSet\Services\adfs

Start, Run, cmd, OK to bring up a command window. Right click and Paste or Edit then Paste and the copied line should appear. Hit Enter. This should work and remove the service which is not starting. (It's not anything we need - probably left over from an old printer.) That should get rid of the last error. You can clear the event logs, reboot and run Vino's again to make sure but it should be clean now. Time for the cleanup:


We need to clean up System Restore. Follow Jim's procedure here:
http://aumha.net/vie...581099691bf108f


You can uninstall or delete any tools we had you download and their logs.
To uninstall combofix, copy the next line:

"%userprofile%\Desktop\combofix.exe" /Uninstall

Start, Run, cmd, OK then right click, Paste, then hit Enter.

OTL has a cleanup tab so if you run it again and select cleanup it will remove itself and its backup files.

To hide hidden files again (If you do not run OTL cleanup):

XP

# Close all programs so that you are at your desktop.
# Double-click on the My Computer icon.
# Select the Tools menu and click Folder Options.
# After the new window appears select the View tab.
# Uncheck the checkbox labeled Display the contents of system folders.
# Under the Hidden files and folders section select the 'Hide protected operating system files (recommended)' option.
# Check the checkbox labeled Hide protected operating system files.
# Press the Apply button and then the OK button and shutdown My Computer.

You probably do not have the latest Java (Java™ 6 Update 29 or 7 update 1). Get the latest at:
http://www.java.com/en/

Save it to your PC then close all browsers and install it. Note on Java and Firefox. For some reason Java does not remove old consoles from Firefox. Any time you update Java you should do Firefox, Add-ons, Extensions and disable any old Java Consoles

They will look like: Java Console 6.xx. The xx corresponds to the update number. When they switch to 7 update 0 then it will be Java Console 7.

Multiple Java Consoles will slow down the Firefox boot. After any change to Firefox or its extension you should run Speedyfox. (Mentioned later.)



Also make sure you have the latest versions of any adobe.com products you use like Shockwave, Flash or Acrobat.

Whether you use adobe reader, acrobat or fox-it to read pdf files you need to disable Javascript in the program. There is an exploit out there now that can use it to get on your PC. For Adobe Reader: Start, All Programs, Adobe Reader, Edit, Preferences, Click on Javascript in the left column and uncheck Enable Acrobat Javascript. OK Close program. It's the same for Foxit reader except you uncheck Enable Javascript Actions.

To help keep your programs up-to-date you should download and run the UpdateChecker:
http://www.filehippo.../updatechecker/
(You don't need to download Betas and if there is a program you don't use you can just uninstall it rather than update it. You can right click on the updatechecker icon (looks like a downward green arrowhead) and select Settings and tell it no betas. If you don't use MSN Messenger I would not upgdate it. MS installs a bunch of stuff when you do. You can tell the program to not show you that update.)
If you use Firefox or Chome then get the AdBlock Plus Add-on. WOT (Web of Trust) is another you might want to try.
The equivalent to AdBlock Plus for IE is called Simple Adblock and you should install it too: Adhttp://simple-adblock.com/

If Firefox is slow loading make sure it only has the current Java add-on. Then download and run Speedy Fox.
http://www.crystalidea.com/speedyfox . Click on Speedup my Firefox. When it finishes click on Exit.

Be warned: If you use Limewire, utorrent or any of the other P2P programs you will almost certain be coming back to the Malware Removal forum. If you must use P2P then submit any files you get to http://virustotal.com before you open them.

If you have a router, log on to it today and change the default password! If using a Wireless router you really should be using encryption on the link. Use the strongest (newest) encryption method that your router and PC wireless adapter support especially if you own a business. See http://www.king5.com...-120637284.html and http://www.seattlepi...ted-1344185.php for why encryption is important. If you don't know how, visit the router maker's website. They all have detailed step by step instructions or a wizard you can download.

Ron
  • 0

#25
UKBobby
Posted 24 November 2011 - 07:01 AM

UKBobby

    Member

  • Topic Starter
  • Member
  • PipPip
  • 36 posts
Many thanks Ron - looks like all is OK now
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP