Jump to content

mightymikedude

Members
  • Posts

    13
  • Joined

  • Last visited

Everything posted by mightymikedude

  1. Thank you very much D-Fred-Brown! I will be clicking on that Donate button! I very much appreciate your help. One question. I ran Defogger to disable CD-ROM Emulation Software. Should I now run it to enable it? I don't understand what the coders who create these viruses/maleware are trying to accomplish other than to waste everyone's time.
  2. Hi, Yes I did..that is what is installed. There didn't seem to be any updated versions then those for XP 32.
  3. i just updated all, including Java and Thunderbird....I don't think there is any newer version than those
  4. Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Security Scan Plus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 26 Out of date Java installed! Adobe Flash Player 10.3.181.26 Adobe Reader 6.0.1 Out of date Adobe Reader installed! Mozilla Thunderbird (5.0.) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log````````````
  5. Results of screen317's Security Check version 0.99.7 Windows XP Service Pack 3 Internet Explorer 6 Out of date! `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Disabled! McAfee Security Scan Plus Antivirus up to date! ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner (remove only) Java 6 Update 20 Java 6 Update 5 Java 2 Runtime Environment, SE v1.4.2_03 Out of date Java installed! Adobe Flash Player 10.3.181.26 Adobe Reader 6.0.1 Out of date Adobe Reader installed! Mozilla Thunderbird (1.0.7) Thunderbird Out of Date! ```````````````````````````````` Process Check: objlist.exe by Laurent Norton ccSvcHst.exe ``````````End of Log````````````
  6. QuickScan Beta 32-bit v0.9.9.96 ------------------------------- Scan date: Tue Jul 05 20:40:54 2011 Machine ID: 40B3C551 No infection found. ------------------- Processes --------- Bonjour 1712 C:\Program Files\Bonjour\mDNSResponder.exe BVRP Software TestLine 4056 C:\Program Files\Digital Line Detect\DLG.exe C-Major Audio 2368 C:\WINDOWS\stsystra.exe Canon Camera Access Library 8 2508 C:\Program Files\Canon\CAL\CALMAIN.exe Constant Guard™ Protection Suite 3804 C:\Program Files\Constant Guard Protection Suite\IDVault.exe Constant Guard™ Protection Suite 2652 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe Corel Photo Album 6 3348 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe Cyberlink PowerCinema 3.0 3212 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe Drive Letter Access Component 3284 C:\WINDOWS\system32\dla\tfswctrl.exe Firefox 3600 C:\Program Files\Mozilla Firefox\firefox.exe GID Desktop Application 3848 C:\Program Files\SFT\GuardedID\GIDD.exe Intuit Update Service 288 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe iTunes 3972 C:\Program Files\iPod\bin\iPodService.exe iTunes 308 C:\Program Files\iTunes\iTunesHelper.exe ktchnsnk.exe 2532 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe McAfee Security Scanner 984 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe Microsoft® Windows® Operating System 836 C:\Program Files\Internet Explorer\iexplore.exe Microsoft® Windows® Operating System 3352 C:\WINDOWS\ehome\ehmsas.exe Microsoft® Windows® Operating System 1760 C:\WINDOWS\ehome\ehrecvr.exe Microsoft® Windows® Operating System 1792 C:\WINDOWS\ehome\ehSched.exe Microsoft® Windows® Operating System 3168 C:\WINDOWS\ehome\ehtray.exe Microsoft® Windows® Operating System 328 C:\WINDOWS\ehome\mcrdsvc.exe Microsoft® Windows® Operating System 1540 C:\WINDOWS\system32\spoolsv.exe MobileDeviceService 1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe Nikon Monitor 2668 C:\Program Files\Nikon\NkView6\NkvMon.exe Norton Update Agent 2288 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe NVIDIA Driver Helper Service, Version 2 924 C:\WINDOWS\system32\nvsvc32.exe RealPlayer (32-bit) 2796 C:\Program Files\Real\RealPlayer\realplay.exe SSMMgr.exe 2612 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe SWAS.exe 1236 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe Symantec Security Technologies 516 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe Symantec Security Technologies 4004 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe WD Drive Manager 964 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe WD Drive Manager 3404 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe (verified) Java Platform SE 6 U20 492 C:\Program Files\Java\jre6\bin\jqs.exe (verified) Java Platform SE Auto Updater 2 0 3556 C:\Program Files\Common Files\Java\Java Update\jusched.exe (verified) Microsoft® .NET Framework 1944 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (verified) Microsoft® Windows® Operating System 296 C:\WINDOWS\explorer.exe (verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\alg.exe (verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\csrss.exe (verified) Microsoft® Windows® Operating System 3300 C:\WINDOWS\system32\dllhost.exe (verified) Microsoft® Windows® Operating System 724 C:\WINDOWS\system32\lsass.exe (verified) Microsoft® Windows® Operating System 3776 C:\WINDOWS\system32\rundll32.exe (verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\services.exe (verified) Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\smss.exe (verified) Microsoft® Windows® Operating System 1408 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 992 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 1656 C:\WINDOWS\system32\svchost.exe (verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\winlogon.exe Network activity ---------------- Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.149.33 Process iexplore.exe (836) connected on port 80 (HTTP) --> 69.171.228.13 Process iexplore.exe (836) connected on port 80 (HTTP) --> 74.125.226.160 Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.168.136 Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.149.33 Process firefox.exe (3600) connected on port 80 (HTTP) --> 74.125.226.137 Process firefox.exe (3600) connected on port 80 (HTTP) --> 72.14.204.100 Process firefox.exe (3600) connected on port 443 (HTTP over SSL) --> 74.125.226.108 Process IDVault.exe (3804) connected on port 80 (HTTP) --> 72.21.194.16 Process svchost.exe (1076) listens on ports: 135 (RPC) Process SWAS.exe (1236) listens on ports: 80 (HTTP), 7450 Autoruns and critical files --------------------------- Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe C-Major Audio C:\WINDOWS\stsystra.exe Constant Guard™ Protection Suite C:\Program Files\Constant Guard Protection Suite\IDVault.exe Corel Photo Album 6 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe Cyberlink PowerCinema 3.0 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe Drive Letter Access Component C:\WINDOWS\system32\dla\tfswctrl.exe GID Desktop Application C:\Program Files\SFT\GuardedID\GIDD.exe GuardedID C:\WINDOWS\system32\GIDLogonXP.dll InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe iTunes C:\Program Files\iTunes\iTunesHelper.exe ktchnsnk.exe C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe McAfee SpamKiller C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll Microsoft® Windows® Operating System c:\windows\system32\userinit.exe Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll Nikon Monitor C:\Program Files\Nikon\NkView6\NkvMon.exe Norton Update Agent C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe QuickBooks C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe QuickTime C:\Program Files\QuickTime\qttask.exe RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\realplay.exe SSMMgr.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe WD Drive Manager C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll (verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe (verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll (verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll Browser plugins --------------- Abacast v1.62 C:\Program Files\Mozilla Firefox\plugins\NPAbacheck.dll AcroIEHelper Library C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll ActiveTouch General Plugin Container C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe AOL Media Playback Plugin C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll atcliun C:\Program Files\Mozilla Firefox\plugins\atcliun.exe AtMgr Module C:\Program Files\Mozilla Firefox\plugins\atmgr.exe BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll Bonjour C:\Program Files\Bonjour\mdnsNSP.dll CGPS C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll frozen.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll googletoolbar-ff3.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll googletoolbar-ff4.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll Messenger C:\Program Files\Messenger\msmsgs.exe Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll Microsoft® Windows® Operating System C:\WINDOWS\system32\SHDOCVW.dll Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll Norton Confidential C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll Snapfish Plugin for Firefox C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll Symantec Intrusion Detection C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe WebEx Download Module C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll WebEx Download Module C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll WinampPlayer.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll (verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe (verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll (verified) Java Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll (verified) Java Platform SE 6 U20 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL (verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe Scan ---- MD5: 6092c64d4c2d4e24445365a17a855aa9 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe MD5: 890ee58468e0b6426fed724f71343941 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll MD5: 68c53529158ca19a8d9b727df9224ab1 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHEngine.dll MD5: b9ba869eb7b66c5740e904a79f9245b4 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys MD5: 61518e77e90d33abba26ff26b6f5cd94 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110704.032\IDSxpx86.dll MD5: e170dbbe40f08b084fe5bb308e4f1745 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110704.032\Scxpx86.dll MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll MD5: de3b8e41165d9c61fb7c77fc0765e6e3 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll MD5: 20b2c339361e82a6707533bac481fce4 C:\Program Files\7-Zip\7-zip.dll MD5: fc7850324464e4d19a24a03d882b5cc4 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe MD5: 8ef654045e518ac00e52e7a1e2d3ad70 C:\Program Files\Canon\CAL\CALMAIN.exe MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll MD5: 90e11d62f692f5a0b7dfc548f776baaf C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll MD5: c7b2c357f485a3046da50da779068648 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll MD5: 0ef9d6c6c04cab0b87c57330910d20a6 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll MD5: 583b7d111304be63d7d9cb65482d2187 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe MD5: 9e109b03018763fdcb075ce74547be22 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe MD5: f88f642f9bede17255d1a447f2579fc1 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe MD5: fc035d73e2d57e09fb09dc6c917a6f2f C:\Program Files\Common Files\Real\Common\pnen3260.dll MD5: c569002a381628a7d563053b9c4a81bc C:\Program Files\Common Files\Real\Common\pngu3266.dll MD5: 6978e778055563a9505890a9df8f59de C:\Program Files\Common Files\Real\Common\pnrs3260.dll MD5: 2c76f63b90ce49a293625ef212dac996 C:\Program Files\Common Files\Real\Common\rpcl3260.dll MD5: 1a0e05df11304f80acffb4beb1e8aa58 C:\Program Files\Common Files\Real\Plugins\audp3260.dll MD5: be4120dfe0a2d77e68405d09599ff355 C:\Program Files\Common Files\Real\Plugins\auth3260.dll MD5: 9c32643c6daaef689ac1a631ac65f789 C:\Program Files\Common Files\Real\Plugins\basc3260.dll MD5: daeb76aa826d6a2811a377f41450599a C:\Program Files\Common Files\Real\Plugins\Dbc_hbrf.dll MD5: b3d4513c24f4629187091b13c8b7a276 C:\Program Files\Common Files\Real\Plugins\Dbc_hbrr.dll MD5: 9232889003ad81635b0c2ef15cb45c44 C:\Program Files\Common Files\Real\Plugins\http3260.dll MD5: 39ce32f384c2a719801e0f0df56e5406 C:\Program Files\Common Files\Real\Plugins\memf3260.dll MD5: b76e62f74713bcb3a5577b375df92fde C:\Program Files\Common Files\Real\Plugins\meta3260.dll MD5: 06f1fe774c71b228e2ec952ce0b9cc5b C:\Program Files\Common Files\Real\Plugins\mp3f3260.dll MD5: dd383002c5558c6c55b7547cf84832e7 C:\Program Files\Common Files\Real\Plugins\mp3m3260.dll MD5: 2e8e733736b722290505d40a63621682 C:\Program Files\Common Files\Real\Plugins\mp3r3260.dll MD5: 1c7e46ca0ea5a8094b11a1e838cc499c C:\Program Files\Common Files\Real\Plugins\ntau3260.dll MD5: 6820f36dd611081d9a4c2c6e625cafad C:\Program Files\Common Files\Real\Plugins\plus3260.dll MD5: a794a935c65ebf3ddcd4592088d9369e C:\Program Files\Common Files\Real\Plugins\pnxr3260.dll MD5: d670cf2cc42b1156be70539c0bbf121a C:\Program Files\Common Files\Real\Plugins\ppff3260.dll MD5: 85a0025d45a5d812b7a33dce8d541237 C:\Program Files\Common Files\Real\Plugins\pxcg3260.dll MD5: 66f7d4be5cfa423705e459219f943f91 C:\Program Files\Common Files\Real\Plugins\pxcj3260.dll MD5: 5f0bc94cf469bfd00223be4f9e3f8b11 C:\Program Files\Common Files\Real\Plugins\pxcp3260.dll MD5: 55dfa0e7f934d02993cd991af2d877ef C:\Program Files\Common Files\Real\Plugins\pxff3260.dll MD5: 5c5090a4c46bc3a6c8ad5e5d6e891976 C:\Program Files\Common Files\Real\Plugins\pxgf3260.dll MD5: b91fc43ef8a98af10bd29afa0382abfd C:\Program Files\Common Files\Real\Plugins\pxgr3260.dll MD5: c7bf37634173f7a6548a50db88859a83 C:\Program Files\Common Files\Real\Plugins\pxjf3260.dll MD5: 5f8aa37ac207d5b986d2769b4a38d9fa C:\Program Files\Common Files\Real\Plugins\pxjr3260.dll MD5: e7702a44c69fc3d9771332c940d656a5 C:\Program Files\Common Files\Real\Plugins\pxpf3260.dll MD5: 109519e73ddec05a5726189ab33adc05 C:\Program Files\Common Files\Real\Plugins\pxpr3260.dll MD5: 9fe1bfc1b173e90439df6d2c1c72f507 C:\Program Files\Common Files\Real\Plugins\pxre3260.dll MD5: 65598e58f90f280d129aa2efb19017f2 C:\Program Files\Common Files\Real\Plugins\rare3260.dll MD5: 8c63bd33a1a31b800aff636aa8c04f97 C:\Program Files\Common Files\Real\Plugins\rmff3260.dll MD5: 4030384ec43052e3db496c507f7ad8f8 C:\Program Files\Common Files\Real\Plugins\rn5a3260.dll MD5: 04dc75108d0b521e912c2a27b8937420 C:\Program Files\Common Files\Real\Plugins\rtff3260.dll MD5: 9ef9275939a09c6eff44447420dc9fd5 C:\Program Files\Common Files\Real\Plugins\rtre3260.dll MD5: 7c368cb8afe5595eebe12a6d6a44ad66 C:\Program Files\Common Files\Real\Plugins\rupf3260.dll MD5: da7b70b6fb1b660a721a55de0e550ee2 C:\Program Files\Common Files\Real\Plugins\rupr3260.dll MD5: 5026f1e6c736b0b2b2e4e951b376f129 C:\Program Files\Common Files\Real\Plugins\rvre3260.dll MD5: 2a7ab5143aed13e5ecb3a19f9412215d C:\Program Files\Common Files\Real\Plugins\sdpp3260.dll MD5: 158af568ad04bbf5b2409dfc337c2b70 C:\Program Files\Common Files\Real\Plugins\smlf3260.dll MD5: b9282ef358b0410a418524424ac06ad4 C:\Program Files\Common Files\Real\Plugins\smlr3260.dll MD5: 1236d8a30f46102f684c9350a76ae451 C:\Program Files\Common Files\Real\Plugins\smmr3260.dll MD5: 25fe72bacddf256caa21d9731239e43c C:\Program Files\Common Files\Real\Plugins\smpl3260.dll MD5: f4d6668304062003c2c926bd9613089e C:\Program Files\Common Files\Real\Plugins\stub3260.dll MD5: c8e241fb54432e49adfdee4c1ecce999 C:\Program Files\Common Files\Real\Update\rnqu3260.dll MD5: 4db36d0e0732c857fd66a07069a8396a C:\Program Files\Common Files\Real\Update\rpup3260.dll MD5: 4d9d7d974cc094069fe984e475612489 C:\Program Files\Common Files\Real\Update\setu3260.dll MD5: 7e99a54db6c29a3921efff5d603cf9a5 C:\Program Files\Common Files\Real\Update\upgr3260.dll MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys MD5: 9c1ac7cc0393b0eeb32d74e574969972 C:\Program Files\Constant Guard Protection Suite\CommonDotNET.dll MD5: e6679fc10fd2150f2e98e306d02ef198 C:\Program Files\Constant Guard Protection Suite\IdVault.BHO.dll MD5: 5fa1e460a53a9ddc55949040de95dc76 C:\Program Files\Constant Guard Protection Suite\IDVault.exe MD5: 03e4a9188178551fee77d6f1e4ee8734 C:\Program Files\Constant Guard Protection Suite\IdVaultCore.dll MD5: 1445337b8ad48c92ba9e761453859685 C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll MD5: 8a2cc15f5d0b907d65c90f88332195e3 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe MD5: 6c75dd388c2005545a80c111365191a7 C:\Program Files\Constant Guard Protection Suite\IDVaultSvcLib.dll MD5: 4b8862af70dc4832a60c888b95a98d8a C:\Program Files\Constant Guard Protection Suite\Interop.SHDocVw.dll MD5: af4516aef26c929af857d966d9cc3d53 C:\Program Files\Constant Guard Protection Suite\Interop.Shell32.dll MD5: 3bf7213044dd0701e9e03cfed78bb088 C:\Program Files\Constant Guard Protection Suite\Microsoft.mshtml.dll MD5: 3447fdd7288dd91e3ce214c1963062ce C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll MD5: 02458afcaabc0e6f5a836dd1062f05cc C:\Program Files\Constant Guard Protection Suite\WebServiceProxies.dll MD5: a40a9283a759742aa9813ba00bcbcd34 C:\Program Files\Corel\Corel Photo Album 6\LangDLLs\MediaDetectRC.dll MD5: a14db520786fad113401495d93debbf3 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Corel\Corel Photo Album 6\MFC71.DLL MD5: b3e3c57fd22e71ce20389372d972c6dc C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe MD5: a476968c08667b1e09f2a95234e8ceef C:\Program Files\Digital Line Detect\BVRPDIAG.dll MD5: b66e56733e2cd6a10fda5919625fbf46 C:\Program Files\Digital Line Detect\DLG.exe MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll MD5: 924d260b79601ecf32ddf12306c9e2a5 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe MD5: 55794b97a7faabd2910873c85274f409 C:\Program Files\Internet Explorer\iexplore.exe MD5: a2ea5c73896ac06d2811a2ac157350bf C:\Program Files\Internet Explorer\plugins\nppdf32.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe MD5: 8a902eae00a28c96c375dd4e7b38a6f5 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL MD5: 3ccc253c106ca03eb9b1842c682a2a0d C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL MD5: 55520af0f65d5bd7a337dcedde886125 C:\Program Files\iTunes\iTunesHelper.dll MD5: 0cfbe2d135a73ca98381fc8cc8bc5a03 C:\Program Files\iTunes\iTunesHelper.exe MD5: 4f99047d255b77fda6e51ea97721e3d8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL MD5: 795aea2511a1c5082fa690d6bd8d202e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files\Mozilla Firefox\components\browsercomps.dll MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files\Mozilla Firefox\firefox.exe MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files\Mozilla Firefox\freebl3.dll MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files\Mozilla Firefox\mozalloc.dll MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files\Mozilla Firefox\MOZCPP19.dll MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files\Mozilla Firefox\MOZCRT19.dll MD5: 1919d815996470088d20a59e992a9695 C:\Program Files\Mozilla Firefox\mozjs.dll MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files\Mozilla Firefox\mozsqlite3.dll MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files\Mozilla Firefox\nspr4.dll MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files\Mozilla Firefox\nss3.dll MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files\Mozilla Firefox\nssckbi.dll MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files\Mozilla Firefox\nssdbm3.dll MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files\Mozilla Firefox\nssutil3.dll MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files\Mozilla Firefox\plc4.dll MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files\Mozilla Firefox\plds4.dll MD5: ea135efdd053bda6b4fef71a07076ed3 C:\Program Files\Mozilla Firefox\plugins\atcliun.exe MD5: 4503883f4367a7ab20256527709a7701 C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll MD5: 9abca9a61e846121552c1bf346462305 C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll MD5: cdbff219aec2511c9ee0d72aa05a9003 C:\Program Files\Mozilla Firefox\plugins\atmgr.exe MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll MD5: 9e9fc4dd63c50da5ef66b2b82d7f7b49 C:\Program Files\Mozilla Firefox\plugins\NPAbacheck.dll MD5: ff4847181881ab366b98253ddeae36f0 C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll MD5: d72763cc7bdfc4679a2a8bcd0b49244b C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll MD5: f25cee059b6b39368bfba0b176508eb9 C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll MD5: c98ca7ddb7dacd34ae27da88b08f1ad0 C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files\Mozilla Firefox\smime3.dll MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files\Mozilla Firefox\softokn3.dll MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files\Mozilla Firefox\ssl3.dll MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files\Mozilla Firefox\xpcom.dll MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files\Mozilla Firefox\xul.dll MD5: 29ab460bb765ee9289407b1b1532b4a6 C:\Program Files\Nikon\NkView6\NkvMon.exe MD5: df9478973abc2799050a70c242ac2be2 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ACCTMGR.DLL MD5: fc70af25788c4d5a344df954cd07ff08 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\APPMGR32.DLL MD5: a986c53858ad3ed0982d1992cf63d0eb C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asEngine.dll MD5: 1b97727a841b43c71c34aa6d840fa1c2 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asHelper.dll MD5: 333357a31e94100ed4dc44ad503ca9a9 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ASOEHOOK.DLL MD5: e7dab27aad98abeeaf2bc6403c9722be C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVIfc.dll MD5: f628e2b046d646e98e1101e94ac35d8d C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVMail.dll MD5: 7cecb6bef1ba147fecd1aeecea4f14bb C:\Program Files\Norton Security Suite\Engine\4.3.0.5\avModule.dll MD5: a691244a64cebe06b7451645f5f6d3d8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVPAPP32.dll MD5: c40f97f7d659e9dd4fd5cb6b9764f36f C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\AVPSVC32.DLL MD5: 58db550052a7d514e2c98bc5b6e68dcf C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buComm.dll MD5: a342bb3c3181e19b34bdf42772ccb803 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buDataCl.dll MD5: 9f7018bc3b89db280bc3034d5315c54d C:\Program Files\Norton Security Suite\Engine\4.3.0.5\BuEng.dll MD5: aedc44d24b1f21a6bf432972da523718 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buProv.dll MD5: 9328656cc6d1f35c5c05143a03611188 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buShell.dll MD5: d88bf477159d548043093be6f9387267 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\BUSVC.DLL MD5: 6af907a5a669b14f9e291f616561baa7 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\BUUIPLG.DLL MD5: 04a3cc2971562fd62dde645b49f23e14 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CCJOBMGR.DLL MD5: b751fd7b9e2eb4ca4d0c6853f510bcd0 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvc.dll MD5: d50efaaa861b2b229883b545ec0bb782 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CLTALDIS.DLL MD5: 8996bd7e594da511b9a060ae59e346a3 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltElPrv.dll MD5: 3a809d7048bf42edb971838b90f649b9 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltLMC.dll MD5: 85160e8682fa5609dae3f40c5dc80633 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CLTLMS.DLL MD5: 4b07391d6c2bbd0ffab81d9028e86c91 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltWzHlp.dll MD5: d9a7b8584df600c40cf0f7f22aa463c3 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coDataPr.dll MD5: f36295d5519dba6d9ae59d845aa22364 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll MD5: d7f6aa8bbdbed3ce02fd0338f9eae661 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\coParse.dll MD5: 2b7a227d347c7af3b55ab7847ffef3ba C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\COSVCPLG.DLL MD5: fb7f84aa2e9aa58c0f55c077940a7cb8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coUICtlr.dll MD5: 3738ad1fbf624bf109ebb108349e9842 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coWPPlg.dll MD5: 807a33f4543f2e7bc35d42337d831b31 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FFPrefs.dll MD5: 4152df019867365560a37c418020a032 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\FWCORE.DLL MD5: a6450bb83fec7e38196edc479e706526 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWGenPlg.dll MD5: c6df3a8d8fbaf32f90699caf3fea8da8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWHelper.dll MD5: 15621acdcc2a2d5a4cc0fb082c37bbd1 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\FWSESAL.DLL MD5: e37c4f37fc033f1127efd29c9be629a4 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWSetup.dll MD5: 4eebc33232a50fd9faa7568690493947 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\HNCORE.DLL MD5: d440da817cde91c8c982137a48b25abd C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IMCfg.dll MD5: 2fd127a996c5f6493b996bc003526408 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\IPSPLUG.DLL MD5: 5b4d72599d87cb72095b3234b7f96bce C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISDATAPR.DLL MD5: edda3605e3ff99c7e2a5d273923c90f5 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISDATASV.DLL MD5: 2b31cd03b6a7d1f26a08f2b5ab9f4feb C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISERROR.DLL MD5: 9e31cb5cc688515ad9d01f412f78c572 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IVPlugin.dll MD5: d79ca3928599bc70665c287208518786 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\LUE.DLL MD5: f66db87fd56023316e3b69eea4ef234a C:\Program Files\Norton Security Suite\Engine\4.3.0.5\McStatus.dll MD5: 9e4aa806debb531b8fb1349249d846a9 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NavShExt.dll MD5: 6bf837c11c88c9c59130ca40eb2fab55 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\NCW.DLL MD5: 2d721913e6ecc13111d468a56be07866 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NPC360ui.dll MD5: f8ca81376e3a0b64ec639c12c68b6fde C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\NPCTRAY.DLL MD5: c52051b96cdf533d7fceb8710ff7586e C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NUMEng.dll MD5: 2712ebfb422c1071c15675561ad0105b C:\Program Files\Norton Security Suite\Engine\4.3.0.5\QBackup.dll MD5: db7b87eed46d2d91dd99c1a2825abd5c C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\QSPLUGIN.DLL MD5: 580e1d1b492f80691c62512b87aee067 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\rf.dll MD5: 806548daea6422addab42ee2e9673543 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\TUDATAPR.DLL MD5: 95a8bb80c4c0abbf322534d05ec92095 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\UIALERT.DLL MD5: 0e116f4aaca32438457a9b523212c410 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\UIHOST.DLL MD5: 3a3f869c699417fdf272f5206f8244a9 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe MD5: 849d97fe4cc09cfc2772d10f641e1baf C:\Program Files\Real\RealPlayer\realplay.exe MD5: 9265248e670255b8c1a792af948099db C:\Program Files\Real\RealPlayer\rnms3260.dll MD5: 1508c5c385c860c68e0978ec81ab9e0a C:\Program Files\Real\RealPlayer\rpap3260.dll MD5: 3edcb8315ab51d5b4ac00820c2b958e8 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\boost_thread-vc71-mt-1_32.dll MD5: d8b6c8e7614bd15108310176b8e355d5 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\LIBEAY32.dll MD5: daebe2cf406984446f4610e99e2cc2e5 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\qt-mt333.dll MD5: 84dc41c2e41b47cfc05f78373608febb C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\slp.dll MD5: 7ed74fbb135560154e1eb737d25869be C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SSLEAY32.dll MD5: 160afdf08789c02835a640005593a16c C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe MD5: 4f43d3c8326025f497c7f919b2a6322f C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\Xalan-C_1_9.dll MD5: 20b4d24cdf96c3f36ad4015551863832 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\XalanMessages_1_9.dll MD5: e21cb48a5d1523a8819a24ed72164551 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\xerces-c_2_6.dll MD5: 5d36f337b6839cfeb533a22ab9de6e96 C:\Program Files\SFT\GuardedID\GIDD.exe MD5: 78fac39d52fd2fc169971986079270da C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe MD5: e43c37d35e3a41c447d50b38466adea1 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe MD5: 0e3d30f8cdd82e7e64938459ca90d9f0 C:\Program Files\Windows Media Player\wmpband.dll MD5: a5f0ef1a69f6707f27e53ee54b8f8ac4 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL MD5: dc426a365577f27187f99eb506ecd5d1 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll MD5: bd1e2bb8c96105353078ad23ff5489d0 C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll MD5: 937fbd23997a91af923d5e89286126bd C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MD5: 9631b15db7c43c267636ff43c3075e07 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll MD5: 090f0c209849df6bf42c4bc3a212ed24 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MD5: 0c06a80dffa51e0eb9c5ce3df703bc46 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MD5: 12500e86fafeb5cb22c0aba370cfffbd C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll MD5: 375fd11c25f5e43e0d1620fd6114baba C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MD5: a71a91c57d2832c5d6d3f1917830bee8 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MD5: 26d2b399e87f2df5dbce2dac24d94cff C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll MD5: d773437cf8acad89d87a830b663fd225 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MD5: ce652d887de875b24be66901c8c05f62 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MD5: c0770e006d0556d359f586ed86ead004 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll MD5: 7edf1a41e9c31dce28bd71d6142534cc C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll MD5: 68a84e7d86995088127f30e5d118c4e2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MD5: fe88e72f1b01ef8334e47ec44117559f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll MD5: 24291b61ab7a21cdeb3fac7a03995bbe C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MD5: e43c3d10e560dbeacfbc12bf888703a7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MD5: f71a731e236fb55e3585dc5391d286d3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll MD5: 54b21273aaf8a0ba1c06494ffb21bb29 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll MD5: 515d0e89532fa76488be97427de4207f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll MD5: 55c9b75102b54fa486a0bc5462e95fe4 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MD5: d6f5d2245d53b5f5d3939137a7ec97ec C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MD5: e5210eb71e2017951050550067c30093 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll MD5: e247301b09b5cffa332a00f1b7bb55f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MD5: 712fa98f6794152b349fd74a702f40f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MD5: b37a7c2b855fa1523a6840246c250fb2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll MD5: 34dcf0e4754f8fa599e33aa444742481 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll MD5: 58ed45bfb06ec7c6b7d151b77247e4b3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll MD5: 8da93d9a662e4ba18802bc6c2ccacd66 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll MD5: 5ac46a3a31bc58e512c4cafd87327922 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll MD5: 04de2774c2a6602da45e9e76d46bc071 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MD5: 333244713f41c02de8502061c0a11622 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MD5: 1d114e646e5cc8b6d18238eba210f9ae C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll MD5: 7e1174e9a3d17855680e144aa5d130a1 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MD5: b334fca2f0878c2af77826211dbe55bb C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MD5: bc204ce4cd9d08d6b178dfc77095b850 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll MD5: c1c4025b5f5311ac8bcc318b0c244d58 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MD5: 179cc375c81b39902825abfe3a7cd49d C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MD5: ebaadbbfb6c455e54eb6a0e47267d33c C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MD5: 4120a37565491ca998e226bcbe8ef6e8 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll MD5: 50d2943d426ba91771ad87fdec802ac3 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll MD5: a89dfa6db0c3d00559f770a214962a60 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll MD5: 2045a75f511fb99f5b3369e49e0837a2 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MD5: eb97291e3c9e0035b47b45dbb1af710d C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MD5: 17b9d4728cfcee1650f900e8edbd6686 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MD5: 5d8b81b70c76acd63fc8270bbc2231bb C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll MD5: f798be75656b0ccbc9e642b103b03385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll MD5: 9ffa9fb2b9470dbd346524cea1c06d61 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe MD5: 6ff6344fc906b12c162cab1f2561ee74 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll MD5: 4f2ce541c289069d4c77d6982ca47d60 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll MD5: f4c6f46f94b309c37b6599d532500a35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll MD5: 44a58010f7c2ede3b249283bdc26e4e4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll MD5: 60ef8f216e869239a3f1c60a82850145 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll MD5: 4ef41bc6300697746eb467f18efb88bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll MD5: 9ce4c55de31514bb4b8f1d5630a60db5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll MD5: f95efbc23c020e9a67ededb1229869a8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll MD5: 9825d93b9e45f74172cb7e5cd98b40f3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll MD5: 7655884a784ebd0a02ab68dafb3bba16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll MD5: c63b26c1415b930148dc224570f51bd2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll MD5: 7b002f0ed970f16bea864aa2eac4ac48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll MD5: fdd9c57338e28f8da409fe11a6a6a202 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll MD5: 43fbf126d8efe9cb2bca5fb1e365d832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll MD5: 6d42949f9c1ef02180c1a638c3f92e9d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll MD5: 40319828a7f63fcefe421f0ade8f35f3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll MD5: bf747c662068f4cf14bc1b8bf53626e5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll MD5: a0bffbbba64918230f3936191c1f34af C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll MD5: e596f44e263d2fb041c3f6c4eb44cda9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll MD5: f3ecee32b5d0594e755b9ac81b762b42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll MD5: 0f262aa8a99114fc33f0de8aa6fd95b4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll MD5: 5f179feb690c2df5f4be2e36ece55051 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe MD5: f9852cbc0e06660768dbb1e6fe9b1896 C:\WINDOWS\Downloaded Program Files\wlscBase.dll MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll MD5: 8301243bde5b6cd316d79c0191d50d9a C:\WINDOWS\ehome\ehrecvr.exe MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll MD5: 7e48b4958c131e9643ddcd2e7ca3fe9f C:\WINDOWS\ehome\ehtray.exe MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe MD5: 860fad57b4668a9f5f350a9d5444ae89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll MD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll MD5: 429e3efafcae6c89a57cd5d8e3442cae c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll MD5: 35a936c7c029a5b705d3ffd40518d660 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll MD5: 12c8cd3846d72bf03c4ad445193eda28 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe MD5: 0f869e88fa4489fbe231a42646488ce8 C:\WINDOWS\stsystra.exe MD5: 774348de1dea6262e06bfe1906d13d4d C:\WINDOWS\system32\ADVPACK.DLL MD5: 7304984c4f875860bc99658d2ffc4805 C:\WINDOWS\system32\BROWSEUI.dll MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll MD5: be7887da57a40f425f07b84b97e9a41b C:\WINDOWS\system32\corpol.dll MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll MD5: bc87db4759083525f96a159861670c5e C:\WINDOWS\system32\DINPUT.dll MD5: 30698355067d07da5f9eb81132c9fdd6 C:\WINDOWS\system32\dla\tfsnboio.sys MD5: fb9d825bb4a2abdf24600f7505050e2b C:\WINDOWS\system32\dla\tfsncofs.sys MD5: cafd8cca11aa1e8b6d2ea1ba8f70ec33 C:\WINDOWS\system32\dla\tfsndrct.sys MD5: 8db1e78fbf7c426d8ec3d8f1a33d6485 C:\WINDOWS\system32\dla\tfsndres.sys MD5: b92f67a71cc8176f331b8aa8d9f555ad C:\WINDOWS\system32\dla\tfsnifs.sys MD5: 85985faa9a71e2358fcc2edefc2a3c5c C:\WINDOWS\system32\dla\tfsnopio.sys MD5: bba22094f0f7c210567efdaf11f64495 C:\WINDOWS\system32\dla\tfsnpool.sys MD5: 81340bef80b9811e98ce64611e67e3ff C:\WINDOWS\system32\dla\tfsnudf.sys MD5: c035fd116224ccc8325f384776b6a8bb C:\WINDOWS\system32\dla\tfsnudfa.sys MD5: 32182cbbdc1dc700096ec3253e31cb3c C:\WINDOWS\system32\dla\tfswcres.dll MD5: 2ca827ba68d0cdb5437c40c6f53d7f20 C:\WINDOWS\system32\dla\tfswctrl.exe MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys MD5: 770471de2550820feeb7e5d24bf2e273 C:\WINDOWS\System32\Drivers\DgiVecp.sys MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\drvnddm.sys MD5: 95974e66d3de4951d29e28e8bc0b644c C:\WINDOWS\system32\DRIVERS\e100b325.sys MD5: f59ed5a43b988a18ef582bb07b2327a7 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys MD5: 60e1604729a15ef4a3b05f298427b3b1 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys MD5: 77e4ff0b73bc0aeaaf39bf0c8104231f C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys MD5: 240d0f5d7caafd87bd8d801a97bbe041 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys MD5: eeaea6514ba7c9d273b5e87c4e1aab30 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys MD5: 5e640f37801f2d4152d11595218915cd C:\WINDOWS\system32\DRIVERS\nv4_mini.sys MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\ssrtln.sys MD5: 352b663a81402be7cd7bd4ea27c9998c C:\WINDOWS\system32\drivers\sthda.sys MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys MD5: fb8b75d3be728e4d41c19afba339151e C:\WINDOWS\system32\dxtmsft.dll MD5: f3b0ac8a0c792544bf56999abdb25f0c C:\WINDOWS\system32\dxtrans.dll MD5: ebea54fbc053ce4d786b8d7fc65f4e6b C:\WINDOWS\system32\EasyHook32.dll MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll MD5: 94162403e8207cc304876bd5591377f8 C:\WINDOWS\system32\GIDBIN1.dll MD5: de7344c0ccbf452c16de7efb58760f4f C:\WINDOWS\system32\GIDBIN3.DLL MD5: ba1c7e7d85b6502fd2bc4f3c89dd5d91 C:\WINDOWS\system32\GIDHook.dll MD5: 81f94d35b846d767b8c165c288e269b6 C:\WINDOWS\system32\GIDHookLogon.dll MD5: fecda4818272f4cf22c3eac4a57378f0 C:\WINDOWS\system32\GIDLogonXP.dll MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll MD5: 42344ddf30337979216ea6afa58bb42a C:\WINDOWS\system32\hkcmd.exe MD5: f8bf9b14b75dfcff357c40673641cb43 C:\WINDOWS\system32\iepeers.dll MD5: bfc2a40fe739c453f5d02b7eef41ca28 C:\WINDOWS\system32\igfxdev.dll MD5: 4b10675852fe8862521024778e264d5f C:\WINDOWS\system32\igfxpers.exe MD5: 6e5a178e359ee42f748186a14449d848 C:\WINDOWS\system32\igfxtray.exe MD5: a4dd6c951201f5aa105eef561beaa342 C:\WINDOWS\system32\ImgUtil.dll MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\jscript.dll MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll MD5: ba6cd6b1fbe384bc2e0be5341e463325 C:\WINDOWS\system32\lmdimon.dll MD5: cc78a5c18f943c7c23d498794547d3a3 C:\WINDOWS\system32\lmdimon8.dll MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll MD5: 21a67095edc11a528f5434d28bb0ef3c C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll MD5: dcd15d648779f59808b50f1a9cc3698d C:\WINDOWS\system32\MdmXSdk.dll MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL MD5: 09aef167eb1531e965053d0dcf6cc573 C:\WINDOWS\system32\MFC70.DLL MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll MD5: 43039f6f4c753256a6ae0d69431d58e2 C:\WINDOWS\system32\ml2570lk.DLL MD5: f24b12786d60a17008319e3f2aee7799 C:\WINDOWS\system32\msapsspc.dll MD5: 815357be860415cbea0d25ffbc2f6cb2 C:\WINDOWS\system32\mshtml.dll MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll MD5: d04f7aaca2319a3bcdb2c5d5dd6f6026 C:\WINDOWS\system32\MSVCP70.dll MD5: 7a660edc0757849df5f8706fb6e9f740 C:\WINDOWS\system32\MSVCRT40.dll MD5: 91dcd979ffed13ab6f6e6b085a43525e C:\WINDOWS\system32\msvidctl.dll MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll MD5: a518ff7dc9ac82eff42b502f12d74363 C:\WINDOWS\system32\nvapi.dll MD5: b2322cdbdc828424532c6facc1b7ad88 C:\WINDOWS\system32\NvCpl.dll MD5: 5959ac3e90714971c6505c0f35029639 C:\WINDOWS\system32\NvMcTray.dll MD5: 400d95445c593d4c089013729d0da0b3 C:\WINDOWS\system32\nvsvc32.exe MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\oleaut32.dll MD5: b9807bddd55d3d4da93a0bf5f67e4144 C:\WINDOWS\system32\PNCRT.dll MD5: c230562517fee2fc4b472cd9b84e5bcb C:\WINDOWS\system32\pngfilt.dll MD5: 77de1f81666a4766bfed712dc7232f4e C:\WINDOWS\system32\PresentationNative_v0300.dll MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll MD5: a824fb0907738a39680b0609671f4740 C:\WINDOWS\system32\SHDOCVW.dll MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\shell32.dll MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll MD5: 9f453e0c5f9361cf860b7bbcc19e7389 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr.dll MD5: cd2f8b95f53e9b59084bdbac9e708494 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr8.dll MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll MD5: 578949c3c53218ed2823549d149a1322 C:\WINDOWS\system32\stacapi.dll MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll MD5: 43039f6f4c753256a6ae0d69431d58e2 C:\WINDOWS\system32\sugo2LMK.DLL MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll MD5: b5c05ce075f48cc44c154f0ce25c4cfe C:\WINDOWS\system32\tfswapi.dll MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll MD5: 025fbac2441b438aebf1ab92dc387b51 C:\WINDOWS\system32\urlmon.dll MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\usp10.dll MD5: 88de252338bb4f25a15099cad5a87d27 C:\WINDOWS\system32\wavemsp.dll MD5: e535e0a413655208d7180154150881c6 C:\WINDOWS\system32\webcheck.dll MD5: b68b06d15593032e9f6cc031d9968bb4 C:\WINDOWS\system32\WgaLogon.dll MD5: 5f63e2b2a72e1e6448123e0920d31530 C:\WINDOWS\system32\WindowsCodecs.dll MD5: eb2d2e05e471208cd651ddcdf77904bf C:\WINDOWS\system32\WindowsCodecsExt.dll MD5: 6878542c5a86875716b51eff68d2ac00 C:\WINDOWS\system32\WININET.dll MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll MD5: 29f3ecd623330ad06005482a84c2a741 C:\WINDOWS\system32\xpsp1res.dll MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll No file uploaded. Scan finished - communication took 3 sec Total traffic - 0.03 MB sent, 1.81 KB recvd Scanned 975 files and modules - 96 seconds ==============================================================================
  7. What is maxhandle? My system seems to be running fine now. I think I'm good!
  8. ESET scan :\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\qqtss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\Qoobox\Quarantine\C\WINDOWS\system32\qqtss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1856\A0145666.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined
  9. Results of MBRcheck MBRCheck, version 1.2.3 © 2010, AD Command-line: Windows Version: Windows XP Professional Windows Information: Service Pack 3 (build 2600) Logical Drives Mask: 0x0000000c Kernel Drivers (total 146): 0x804D7000 \WINDOWS\system32\ntkrnlpa.exe 0x806E5000 \WINDOWS\system32\hal.dll 0xB85A8000 \WINDOWS\system32\KDCOM.DLL 0xB84B8000 \WINDOWS\system32\BOOTVID.dll 0xB7F79000 ACPI.sys 0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS 0xB7F68000 pci.sys 0xB80A8000 isapnp.sys 0xB8670000 pciide.sys 0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS 0xB80B8000 MountMgr.sys 0xB7F49000 ftdisk.sys 0xB85AC000 dmload.sys 0xB7F23000 dmio.sys 0xB8330000 PartMgr.sys 0xB80C8000 VolSnap.sys 0xB7F0B000 atapi.sys 0xB80D8000 disk.sys 0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS 0xB7EEB000 fltmgr.sys 0xB7E95000 SYMDS.SYS 0xB7E83000 sr.sys 0xB7E56000 SYMEFA.SYS 0xB7E41000 drvmcdb.sys 0xB8338000 PxHelp20.sys 0xB7E2A000 KSecDD.sys 0xB7D9D000 Ntfs.sys 0xB7D70000 NDIS.sys 0xB80F8000 Combo-Fix.sys 0xB7D56000 Mup.sys 0xB81C8000 \SystemRoot\system32\DRIVERS\intelppm.sys 0xB6A78000 \SystemRoot\system32\DRIVERS\nv4_mini.sys 0xB6A64000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS 0xB6A3C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys 0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys 0xB6A18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS 0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys 0xB69E4000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys 0xB69C1000 \SystemRoot\system32\DRIVERS\ks.sys 0xB68C2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys 0xB681B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys 0xB8460000 \SystemRoot\System32\Drivers\Modem.SYS 0xB67F5000 \SystemRoot\system32\DRIVERS\e100b325.sys 0xB81D8000 \SystemRoot\system32\DRIVERS\imapi.sys 0xB85E2000 \SystemRoot\system32\drivers\sscdbhk5.sys 0xB81E8000 \SystemRoot\system32\DRIVERS\cdrom.sys 0xB81F8000 \SystemRoot\system32\DRIVERS\redbook.sys 0xB8468000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys 0xB8716000 \SystemRoot\system32\DRIVERS\audstub.sys 0xB8208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys 0xB8544000 \SystemRoot\system32\DRIVERS\ndistapi.sys 0xB67DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys 0xB8218000 \SystemRoot\system32\DRIVERS\raspppoe.sys 0xB8228000 \SystemRoot\system32\DRIVERS\raspptp.sys 0xB8470000 \SystemRoot\system32\DRIVERS\TDI.SYS 0xB67CD000 \SystemRoot\system32\DRIVERS\psched.sys 0xB8238000 \SystemRoot\system32\DRIVERS\msgpc.sys 0xB8478000 \SystemRoot\system32\DRIVERS\ptilink.sys 0xB8480000 \SystemRoot\system32\DRIVERS\raspti.sys 0xB679D000 \SystemRoot\system32\DRIVERS\rdpdr.sys 0xB8248000 \SystemRoot\system32\DRIVERS\termdd.sys 0xB8488000 \SystemRoot\system32\DRIVERS\kbdclass.sys 0xB8490000 \SystemRoot\system32\DRIVERS\mouclass.sys 0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys 0xB673F000 \SystemRoot\system32\DRIVERS\update.sys 0xB75D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys 0xB8258000 \SystemRoot\System32\Drivers\NDProxy.SYS 0xB45AC000 \SystemRoot\system32\drivers\sthda.sys 0xB4588000 \SystemRoot\system32\drivers\portcls.sys 0xB8268000 \SystemRoot\system32\drivers\drmk.sys 0xB8564000 \SystemRoot\system32\drivers\MODEMCSA.sys 0xB8288000 \SystemRoot\system32\DRIVERS\usbhub.sys 0xB85EA000 \SystemRoot\system32\DRIVERS\USBD.SYS 0xB8578000 \SystemRoot\System32\Drivers\i2omgmt.SYS 0xB85EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS 0xB86A2000 \SystemRoot\System32\Drivers\Null.SYS 0xB85F0000 \SystemRoot\System32\Drivers\Beep.SYS 0xB84A0000 \SystemRoot\system32\drivers\ssrtln.sys 0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS 0xB84B0000 \SystemRoot\System32\drivers\vga.sys 0xB85F4000 \SystemRoot\System32\Drivers\mnmdd.SYS 0xB85F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys 0xB8348000 \SystemRoot\System32\Drivers\Msfs.SYS 0xB8368000 \SystemRoot\System32\Drivers\Npfs.SYS 0xB8588000 \SystemRoot\system32\DRIVERS\rasacd.sys 0xB4555000 \SystemRoot\system32\DRIVERS\ipsec.sys 0xB44FC000 \SystemRoot\system32\DRIVERS\tcpip.sys 0xB44A5000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS 0xB4480000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 0xB43FE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys 0xB43D8000 \SystemRoot\system32\DRIVERS\ipnat.sys 0xB82C8000 \SystemRoot\system32\DRIVERS\wanarp.sys 0xB8598000 \SystemRoot\system32\DRIVERS\hidusb.sys 0xB82D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS 0xB43B0000 \SystemRoot\system32\DRIVERS\netbt.sys 0xB85A4000 \SystemRoot\System32\drivers\ws2ifsl.sys 0xB438E000 \SystemRoot\System32\drivers\afd.sys 0xB82E8000 \SystemRoot\system32\DRIVERS\netbios.sys 0xB436F000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS 0xB7D21000 \SystemRoot\system32\DRIVERS\mouhid.sys 0xB7D19000 \SystemRoot\system32\DRIVERS\kbdhid.sys 0xB8380000 \SystemRoot\System32\Drivers\GIDv2.SYS 0xB8308000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS 0xB4344000 \SystemRoot\system32\DRIVERS\rdbss.sys 0xB42D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys 0xB8318000 \SystemRoot\System32\Drivers\Fips.SYS 0xB4276000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 0xB4258000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 0xB41D9000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys 0xB410F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 0xB7477000 \SystemRoot\System32\Drivers\Cdfs.SYS 0xB40CF000 \SystemRoot\System32\Drivers\dump_atapi.sys 0xB8620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS 0xBF800000 \SystemRoot\System32\win32k.sys 0xB4470000 \SystemRoot\System32\drivers\Dxapi.sys 0xB83A8000 \SystemRoot\System32\watchdog.sys 0xBD000000 \SystemRoot\System32\drivers\dxg.sys 0xB86C7000 \SystemRoot\System32\drivers\dxgthk.sys 0xBD012000 \SystemRoot\System32\nv4_disp.dll 0xBD62D000 \SystemRoot\System32\ATMFD.DLL 0xB81A8000 \SystemRoot\system32\drivers\drvnddm.sys 0xB86B0000 \SystemRoot\system32\dla\tfsndres.sys 0xB34AE000 \SystemRoot\system32\dla\tfsnifs.sys 0xB40B3000 \SystemRoot\system32\dla\tfsnopio.sys 0xB85D2000 \SystemRoot\system32\dla\tfsnpool.sys 0xB83D8000 \SystemRoot\system32\dla\tfsnboio.sys 0xB35B4000 \SystemRoot\system32\dla\tfsncofs.sys 0xB870D000 \SystemRoot\system32\dla\tfsndrct.sys 0xB33F5000 \SystemRoot\system32\dla\tfsnudf.sys 0xB33DC000 \SystemRoot\system32\dla\tfsnudfa.sys 0xB34EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys 0xB31A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys 0xB866A000 \SystemRoot\System32\Drivers\ASCTRM.SYS 0xB2F0E000 \SystemRoot\System32\Drivers\HTTP.sys 0xB2FF7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys 0xB2E3E000 \SystemRoot\system32\DRIVERS\srv.sys 0xB2F9F000 \SystemRoot\system32\DRIVERS\secdrv.sys 0xB27C1000 \SystemRoot\system32\drivers\wdmaud.sys 0xB285E000 \SystemRoot\system32\drivers\sysaudio.sys 0xB8498000 \??\C:\ComboFix\catchme.sys 0xB85C8000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS 0xB1D6F000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS 0xB1BF8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110704.003\NAVEX15.SYS 0xB1BE4000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110704.003\NAVENG.SYS 0xB1AED000 \SystemRoot\System32\Drivers\Fastfat.SYS 0x7C900000 \WINDOWS\system32\ntdll.dll Processes (total 54): 0 System Idle Process 4 System 580 C:\WINDOWS\system32\smss.exe 644 csrss.exe 668 C:\WINDOWS\system32\winlogon.exe 712 C:\WINDOWS\system32\services.exe 724 C:\WINDOWS\system32\lsass.exe 924 C:\WINDOWS\system32\nvsvc32.exe 992 C:\WINDOWS\system32\svchost.exe 1076 svchost.exe 1172 C:\WINDOWS\system32\svchost.exe 1232 svchost.exe 1408 svchost.exe 1540 C:\WINDOWS\system32\spoolsv.exe 1656 svchost.exe 1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 1712 C:\Program Files\Bonjour\mDNSResponder.exe 1760 C:\WINDOWS\ehome\ehrecvr.exe 1792 C:\WINDOWS\ehome\ehSched.exe 1944 PresentationFontCache.exe 288 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe 492 C:\Program Files\Java\jre6\bin\jqs.exe 516 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe 1148 svchost.exe 1160 C:\WINDOWS\system32\svchost.exe 1236 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe 964 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe 328 mcrdsvc.exe 2508 C:\Program Files\Canon\CAL\CALMAIN.exe 2652 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe 3300 C:\WINDOWS\system32\dllhost.exe 3488 alg.exe 4004 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe 2532 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe 2368 C:\WINDOWS\stsystra.exe 2796 C:\Program Files\Real\RealPlayer\realplay.exe 3168 C:\WINDOWS\ehome\ehtray.exe 3212 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe 3284 C:\WINDOWS\system32\dla\tfswctrl.exe 3348 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe 3352 C:\WINDOWS\ehome\ehmsas.exe 2612 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe 3404 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe 3556 C:\Program Files\Common Files\Java\Java Update\jusched.exe 308 C:\Program Files\iTunes\iTunesHelper.exe 3776 C:\WINDOWS\system32\rundll32.exe 3848 C:\Program Files\SFT\GuardedID\GIDD.exe 3804 C:\Program Files\Constant Guard Protection Suite\IDVault.exe 4056 C:\Program Files\Digital Line Detect\DLG.exe 984 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe 2668 C:\Program Files\Nikon\NkView6\NkvMon.exe 3972 C:\Program Files\iPod\bin\iPodService.exe 296 C:\WINDOWS\explorer.exe 2216 C:\Documents and Settings\Family\Desktop\MBRCheck.exe \\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS) PhysicalDrive0 Model Number: ST380819AS, Rev: 8.03 Size Device Name MBR Status -------------------------------------------- 74 GB \\.\PhysicalDrive0 Dell MBR code detected SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E Done!
  10. Still seems to be running fine! ComboBox log ComboFix 11-07-03.04 - Family 07/04/2011 11:49:26.1.2 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1168 [GMT -4:00] Running from: c:\documents and settings\Family\Desktop\ComboFix.exe AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8} FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\WD c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\BackupRules.xml c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-errors.db3 c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-inq.db3 c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-outq.bin c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-preinq.db3 c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6.xml c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\manifest.db3 c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\sourceq.db3 c:\documents and settings\Family\Application Data\JuniperSetup.exe c:\documents and settings\Family\WINDOWS c:\program files\Mozilla Firefox\searchplugins\search.xml c:\windows\system32\bszip.dll c:\windows\system32\gjkkj.bak2 c:\windows\system32\gjkkj.ini2 c:\windows\system32\gjkkj.tmp c:\windows\system32\qqtss.bak1 c:\windows\system32\qqtss.ini . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_MSDIRECT . . ((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 ))))))))))))))))))))))))))))))) . . 2011-06-28 00:41 . 2011-06-28 00:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer 2011-06-28 00:41 . 2011-06-28 00:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer 2011-06-27 03:20 . 2011-06-27 03:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault 2011-06-27 03:10 . 2011-06-27 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage 2011-06-27 03:10 . 2011-06-27 03:11 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\ID Vault 2011-06-27 03:09 . 2011-06-14 19:24 87624 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll 2011-06-27 03:09 . 2011-06-14 19:24 1590856 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll 2011-06-27 03:09 . 2011-06-14 19:24 129608 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll 2011-06-27 03:09 . 2011-06-14 19:23 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll 2011-06-27 03:09 . 2011-06-27 03:22 -------- d-----w- c:\documents and settings\Family\Application Data\ID Vault 2011-06-27 03:09 . 2011-03-03 23:02 25232 ------w- c:\windows\system32\drivers\gidv2.sys 2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\documents and settings\All Users\GID 2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\program files\SFT 2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\program files\Constant Guard Protection Suite 2011-06-27 03:08 . 2011-06-27 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc 2011-06-27 02:23 . 2011-06-27 02:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe 2011-06-23 01:07 . 2011-06-23 01:07 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll 2011-06-23 01:07 . 2011-06-23 01:07 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll 2011-06-15 21:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-15 21:24 . 2011-04-29 19:07 852480 ------w- c:\windows\system32\dllcache\vgx.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19 . 2005-12-17 17:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 14:47 . 2009-04-06 03:09 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-04-25 14:47 . 2005-08-16 10:18 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47 . 2005-08-16 10:18 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-04-25 12:56 . 2005-08-16 10:18 369664 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys 2007-06-01 12:43 . 2006-09-12 01:56 44624 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll 2007-06-01 12:43 . 2006-09-12 01:56 108184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll 2011-06-23 01:07 . 2011-05-02 03:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}] 2011-06-14 19:24 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HP OfficeJet Series 600"="c:\program files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet Series 600\Install" [X] "MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792] "SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968] "RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-17 26112] "ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920] "igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208] "igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688] "igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824] "ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584] "DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248] "dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035] "Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496] "Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904] "WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272] "ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160] "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424] "nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192] "GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-03-03 393992] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "RunNarrator"="Narrator.exe" [2008-04-14 53760] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-6-14 3231816] Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-17 24576] McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-2-9 241664] QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP] 2011-03-03 23:03 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "MskService"=2 (0x2) "MpfService"=2 (0x2) "mcupdmgr.exe"=3 (0x3) "McTskshd.exe"=2 (0x2) "McShield"=2 (0x2) "McDetect.exe"=2 (0x2) . [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) "DisableNotifications"= 1 (0x1) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 5:38 PM 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 5:38 PM 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 7:12 PM 810616] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 5:38 PM 501888] R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [6/26/2011 11:09 PM 25232] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 5:38 PM 116784] R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [6/14/2011 3:24 PM 60488] R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:38 PM 126392] R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [1/26/2008 7:35 PM 1314816] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/24/2011 8:25 PM 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSXpx86.sys [7/1/2011 5:41 PM 355256] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:17 PM 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:17 PM 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232] . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg] 2011-03-03 23:04 433416 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}] 2008-04-14 00:11 99840 ----a-w- c:\windows\system32\advpack.dll . Contents of the 'Scheduled Tasks' folder . 2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34] . 2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 00:16] . 2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 00:16] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mStart Page = hxxp://www.dell4me.com/myway mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com TCP: DhcpNameServer = 192.168.0.1 FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\ . - - - - ORPHANS REMOVED - - - - . HKU-Default-Run-DriverLoad - (no file) HKU-Default-Run-DriverCheck - (no file) HKU-Default-Run-SystemDriverLoad - (no file) HKU-Default-Run-SystemDriver - (no file) HKU-Default-Run-FDriver - (no file) HKU-Default-Run-ADriver - (no file) HKU-Default-Run-CDriver - c:\z_drivers\svchost.exe HKU-Default-Run-DDriver - c:\z_drivers\svchost.exe HKU-Default-Run-alpha - c:\z_drivers\svchost.exe HKU-Default-Run-beta - c:\z_drivers\svchost.exe HKU-Default-Run-gamma - c:\z_drivers\svchost.exe Notify-ddcyx - ddcyx.dll Notify-sstqq - c:\windows\system32\sstqq.dll SafeBoot-mcmscsvc SafeBoot-MCODS AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-07-04 12:01 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR kernel: MBR read successfully user != kernel MBR !!! . ************************************************************************** . [HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360] "ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1" . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(668) c:\windows\system32\GIDLogonXP.dll c:\windows\system32\GIDHookLogon.dll c:\windows\system32\GIDBIN1.dll . - - - - - - - > 'explorer.exe'(296) c:\windows\system32\GIDHook.dll c:\windows\system32\GIDBIN1.dll c:\windows\system32\EasyHook32.dll c:\progra~1\WINDOW~3\wmpband.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\nvsvc32.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\eHome\ehRecvr.exe c:\windows\eHome\ehSched.exe c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe c:\program files\Java\jre6\bin\jqs.exe c:\windows\ehome\mcrdsvc.exe c:\program files\Canon\CAL\CALMAIN.exe c:\windows\system32\dllhost.exe c:\program files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe c:\windows\stsystra.exe c:\windows\eHome\ehmsas.exe c:\windows\system32\RUNDLL32.EXE c:\program files\iPod\bin\iPodService.exe . ************************************************************************** . Completion time: 2011-07-04 12:08:52 - machine was rebooted ComboFix-quarantined-files.txt 2011-07-04 16:08 . Pre-Run: 23,617,400,832 bytes free Post-Run: 24,432,975,872 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect . - - End Of File - - 0EF1F7FC907EAA8C72661F0A8E1E45A8
  11. Log from TDSS killer below...The PC seems to be running fine now Fingers crossed. should i also run the ComboFix even if it seems to be running better now? 2011/07/04 10:35:16.0272 2668 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:212011/07/04 10:35:16.0350 2668 ================================================================================ 2011/07/04 10:35:16.0350 2668 SystemInfo: 2011/07/04 10:35:16.0350 2668 2011/07/04 10:35:16.0350 2668 OS Version: 5.1.2600 ServicePack: 3.0 2011/07/04 10:35:16.0350 2668 Product type: Workstation 2011/07/04 10:35:16.0350 2668 ComputerName: FAMILYROOM 2011/07/04 10:35:16.0350 2668 UserName: Family 2011/07/04 10:35:16.0350 2668 Windows directory: C:\WINDOWS 2011/07/04 10:35:16.0350 2668 System windows directory: C:\WINDOWS 2011/07/04 10:35:16.0350 2668 Processor architecture: Intel x86 2011/07/04 10:35:16.0350 2668 Number of processors: 2 2011/07/04 10:35:16.0350 2668 Page size: 0x1000 2011/07/04 10:35:16.0350 2668 Boot type: Normal boot 2011/07/04 10:35:16.0350 2668 ================================================================================ 2011/07/04 10:35:16.0944 2668 Initialize success 2011/07/04 10:35:19.0475 3280 ================================================================================ 2011/07/04 10:35:19.0475 3280 Scan started 2011/07/04 10:35:19.0475 3280 Mode: Manual; 2011/07/04 10:35:19.0475 3280 ================================================================================ 2011/07/04 10:35:20.0350 3280 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS 2011/07/04 10:35:20.0459 3280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys 2011/07/04 10:35:20.0553 3280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys 2011/07/04 10:35:20.0616 3280 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys 2011/07/04 10:35:20.0678 3280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys 2011/07/04 10:35:20.0741 3280 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys 2011/07/04 10:35:20.0803 3280 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys 2011/07/04 10:35:20.0850 3280 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys 2011/07/04 10:35:20.0912 3280 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys 2011/07/04 10:35:20.0944 3280 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys 2011/07/04 10:35:20.0975 3280 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys 2011/07/04 10:35:21.0022 3280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys 2011/07/04 10:35:21.0069 3280 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys 2011/07/04 10:35:21.0100 3280 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys 2011/07/04 10:35:21.0162 3280 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys 2011/07/04 10:35:21.0256 3280 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys 2011/07/04 10:35:21.0287 3280 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys 2011/07/04 10:35:21.0303 3280 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys 2011/07/04 10:35:21.0366 3280 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys 2011/07/04 10:35:21.0491 3280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys 2011/07/04 10:35:21.0522 3280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys 2011/07/04 10:35:21.0600 3280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys 2011/07/04 10:35:21.0647 3280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys 2011/07/04 10:35:21.0678 3280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys 2011/07/04 10:35:22.0006 3280 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys 2011/07/04 10:35:22.0241 3280 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys 2011/07/04 10:35:22.0287 3280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys 2011/07/04 10:35:22.0428 3280 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys 2011/07/04 10:35:22.0631 3280 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys 2011/07/04 10:35:22.0694 3280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys 2011/07/04 10:35:22.0756 3280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys 2011/07/04 10:35:22.0803 3280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys 2011/07/04 10:35:22.0897 3280 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys 2011/07/04 10:35:22.0959 3280 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys 2011/07/04 10:35:23.0053 3280 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys 2011/07/04 10:35:23.0084 3280 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys 2011/07/04 10:35:23.0147 3280 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys 2011/07/04 10:35:23.0256 3280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys 2011/07/04 10:35:23.0350 3280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys 2011/07/04 10:35:23.0397 3280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys 2011/07/04 10:35:23.0412 3280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys 2011/07/04 10:35:23.0475 3280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys 2011/07/04 10:35:23.0569 3280 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys 2011/07/04 10:35:23.0600 3280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys 2011/07/04 10:35:23.0647 3280 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys 2011/07/04 10:35:23.0678 3280 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys 2011/07/04 10:35:23.0709 3280 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys 2011/07/04 10:35:23.0850 3280 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys 2011/07/04 10:35:23.0944 3280 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 2011/07/04 10:35:24.0084 3280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys 2011/07/04 10:35:24.0147 3280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys 2011/07/04 10:35:24.0194 3280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys 2011/07/04 10:35:24.0272 3280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys 2011/07/04 10:35:24.0334 3280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys 2011/07/04 10:35:24.0366 3280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys 2011/07/04 10:35:24.0412 3280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys 2011/07/04 10:35:24.0459 3280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys 2011/07/04 10:35:24.0537 3280 GIDv2 (936ca0dc0acce06fe55de222ca5e56df) C:\WINDOWS\system32\drivers\GIDv2.sys 2011/07/04 10:35:24.0616 3280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys 2011/07/04 10:35:24.0694 3280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 2011/07/04 10:35:24.0741 3280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys 2011/07/04 10:35:24.0834 3280 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys 2011/07/04 10:35:24.0866 3280 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys 2011/07/04 10:35:24.0975 3280 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys 2011/07/04 10:35:25.0084 3280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys 2011/07/04 10:35:25.0131 3280 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys 2011/07/04 10:35:25.0178 3280 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys 2011/07/04 10:35:25.0241 3280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys 2011/07/04 10:35:25.0334 3280 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys 2011/07/04 10:35:25.0631 3280 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys 2011/07/04 10:35:25.0709 3280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys 2011/07/04 10:35:25.0772 3280 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys 2011/07/04 10:35:25.0819 3280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys 2011/07/04 10:35:25.0850 3280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys 2011/07/04 10:35:25.0897 3280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys 2011/07/04 10:35:25.0944 3280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys 2011/07/04 10:35:26.0006 3280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys 2011/07/04 10:35:26.0053 3280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys 2011/07/04 10:35:26.0116 3280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys 2011/07/04 10:35:26.0162 3280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys 2011/07/04 10:35:26.0209 3280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys 2011/07/04 10:35:26.0272 3280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys 2011/07/04 10:35:26.0303 3280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys 2011/07/04 10:35:26.0334 3280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys 2011/07/04 10:35:26.0397 3280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys 2011/07/04 10:35:26.0522 3280 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 2011/07/04 10:35:26.0631 3280 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys 2011/07/04 10:35:26.0678 3280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys 2011/07/04 10:35:26.0741 3280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys 2011/07/04 10:35:26.0803 3280 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys 2011/07/04 10:35:26.0866 3280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys 2011/07/04 10:35:26.0928 3280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys 2011/07/04 10:35:26.0959 3280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys 2011/07/04 10:35:27.0022 3280 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys 2011/07/04 10:35:27.0037 3280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys 2011/07/04 10:35:27.0116 3280 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 2011/07/04 10:35:27.0162 3280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys 2011/07/04 10:35:27.0209 3280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys 2011/07/04 10:35:27.0256 3280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys 2011/07/04 10:35:27.0287 3280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys 2011/07/04 10:35:27.0350 3280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys 2011/07/04 10:35:27.0397 3280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys 2011/07/04 10:35:27.0678 3280 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110702.002\NAVENG.SYS 2011/07/04 10:35:27.0772 3280 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110702.002\NAVEX15.SYS 2011/07/04 10:35:28.0022 3280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys 2011/07/04 10:35:28.0053 3280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys 2011/07/04 10:35:28.0131 3280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys 2011/07/04 10:35:28.0194 3280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys 2011/07/04 10:35:28.0256 3280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys 2011/07/04 10:35:28.0319 3280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys 2011/07/04 10:35:28.0350 3280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys 2011/07/04 10:35:28.0428 3280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys 2011/07/04 10:35:28.0459 3280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys 2011/07/04 10:35:28.0553 3280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys 2011/07/04 10:35:28.0944 3280 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys 2011/07/04 10:35:29.0475 3280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys 2011/07/04 10:35:29.0506 3280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys 2011/07/04 10:35:29.0569 3280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys 2011/07/04 10:35:29.0600 3280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys 2011/07/04 10:35:29.0647 3280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys 2011/07/04 10:35:29.0709 3280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys 2011/07/04 10:35:29.0772 3280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys 2011/07/04 10:35:29.0819 3280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys 2011/07/04 10:35:29.0944 3280 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys 2011/07/04 10:35:29.0975 3280 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys 2011/07/04 10:35:30.0053 3280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys 2011/07/04 10:35:30.0084 3280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys 2011/07/04 10:35:30.0116 3280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys 2011/07/04 10:35:30.0178 3280 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys 2011/07/04 10:35:30.0272 3280 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys 2011/07/04 10:35:30.0287 3280 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys 2011/07/04 10:35:30.0319 3280 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys 2011/07/04 10:35:30.0350 3280 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys 2011/07/04 10:35:30.0412 3280 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys 2011/07/04 10:35:30.0459 3280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys 2011/07/04 10:35:30.0506 3280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 2011/07/04 10:35:30.0537 3280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys 2011/07/04 10:35:30.0553 3280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys 2011/07/04 10:35:30.0600 3280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys 2011/07/04 10:35:30.0616 3280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys 2011/07/04 10:35:30.0647 3280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys 2011/07/04 10:35:30.0741 3280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys 2011/07/04 10:35:30.0803 3280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys 2011/07/04 10:35:30.0897 3280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys 2011/07/04 10:35:30.0975 3280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys 2011/07/04 10:35:31.0022 3280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys 2011/07/04 10:35:31.0084 3280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys 2011/07/04 10:35:31.0178 3280 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys 2011/07/04 10:35:31.0272 3280 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys 2011/07/04 10:35:31.0319 3280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys 2011/07/04 10:35:31.0381 3280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys 2011/07/04 10:35:31.0475 3280 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS 2011/07/04 10:35:31.0522 3280 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS 2011/07/04 10:35:31.0584 3280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys 2011/07/04 10:35:31.0616 3280 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys 2011/07/04 10:35:31.0647 3280 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys 2011/07/04 10:35:31.0725 3280 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys 2011/07/04 10:35:31.0803 3280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys 2011/07/04 10:35:31.0866 3280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys 2011/07/04 10:35:31.0959 3280 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys 2011/07/04 10:35:31.0991 3280 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys 2011/07/04 10:35:32.0069 3280 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS 2011/07/04 10:35:32.0147 3280 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS 2011/07/04 10:35:32.0209 3280 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS 2011/07/04 10:35:32.0319 3280 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS 2011/07/04 10:35:32.0381 3280 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS 2011/07/04 10:35:32.0491 3280 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys 2011/07/04 10:35:32.0522 3280 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys 2011/07/04 10:35:32.0600 3280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys 2011/07/04 10:35:32.0694 3280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys 2011/07/04 10:35:32.0772 3280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys 2011/07/04 10:35:32.0834 3280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys 2011/07/04 10:35:32.0912 3280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys 2011/07/04 10:35:32.0975 3280 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys 2011/07/04 10:35:33.0022 3280 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys 2011/07/04 10:35:33.0053 3280 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys 2011/07/04 10:35:33.0084 3280 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys 2011/07/04 10:35:33.0116 3280 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys 2011/07/04 10:35:33.0147 3280 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys 2011/07/04 10:35:33.0162 3280 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys 2011/07/04 10:35:33.0194 3280 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys 2011/07/04 10:35:33.0241 3280 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys 2011/07/04 10:35:33.0287 3280 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys 2011/07/04 10:35:33.0366 3280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys 2011/07/04 10:35:33.0444 3280 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys 2011/07/04 10:35:33.0491 3280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys 2011/07/04 10:35:33.0584 3280 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys 2011/07/04 10:35:33.0631 3280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys 2011/07/04 10:35:33.0694 3280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys 2011/07/04 10:35:33.0756 3280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys 2011/07/04 10:35:33.0819 3280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys 2011/07/04 10:35:33.0866 3280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys 2011/07/04 10:35:33.0912 3280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 2011/07/04 10:35:33.0959 3280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys 2011/07/04 10:35:33.0991 3280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys 2011/07/04 10:35:34.0053 3280 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys 2011/07/04 10:35:34.0084 3280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys 2011/07/04 10:35:34.0131 3280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys 2011/07/04 10:35:34.0256 3280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys 2011/07/04 10:35:34.0428 3280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys 2011/07/04 10:35:34.0491 3280 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 2011/07/04 10:35:34.0631 3280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys 2011/07/04 10:35:34.0709 3280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys 2011/07/04 10:35:34.0756 3280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys 2011/07/04 10:35:34.0834 3280 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0 2011/07/04 10:35:34.0850 3280 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2011/07/04 10:35:34.0866 3280 MBR (0x1B8) (bdbeaec32a836c2ccdc95b561bbadf1e) \Device\Harddisk1\DR4 2011/07/04 10:35:35.0116 3280 Boot (0x1200) (c1da82fb77647671ce1bc6086ec9f28f) \Device\Harddisk0\DR0\Partition0 2011/07/04 10:35:35.0131 3280 ================================================================================ 2011/07/04 10:35:35.0131 3280 Scan finished 2011/07/04 10:35:35.0131 3280 ================================================================================ 2011/07/04 10:35:35.0147 2248 Detected object count: 1 2011/07/04 10:35:35.0147 2248 Actual detected object count: 1 2011/07/04 10:35:48.0694 2248 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot 2011/07/04 10:35:48.0694 2248 \Device\Harddisk0\DR0 - ok 2011/07/04 10:35:48.0694 2248 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure 2011/07/04 10:36:11.0022 3784 Deinitialize success
  12. Yes, thanks, I'm still with you. I had Suspended my machine and it would not allow me to resume. It would just get stuck at the Resuming screen and not budge. I finally was able to get an F8 keystroke in there yesterday and force a cold boot. I'm about to try your suggestions.
  13. Note that svchost.exe seems to all of a sudden every 5 minutes or so start to grow and grow consuming everything...i killed the process C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe svchost.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe C:\Program Files\Canon\CAL\CALMAIN.exe C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe C:\WINDOWS\stsystra.exe C:\Program Files\Real\RealPlayer\RealPlay.exe C:\WINDOWS\ehome\ehtray.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\iTunes\iTunesHelper.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\Program Files\SFT\GuardedID\gidd.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Constant Guard Protection Suite\IDVault.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files\Nikon\NkView6\NkvMon.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\system32\taskmgr.exe C:\WINDOWS\system32\svchost.exe -k netsvcs C:\Documents and Settings\Family\Desktop\Defogger.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8 uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8 uSearch Page = uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uWindow Title = Windows Internet Explorer provided by Yahoo! mDefault_Page_URL = hxxp://www.dell4me.com/myway mStart Page = hxxp://www.dell4me.com/myway mSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f uInternet Settings,ProxyServer = http=127.0.0.1:5555 uInternet Settings,ProxyOverride = <local>;*.local uSearchAssistant = mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f mSearchAssistant = mWinlogon: Userinit=c:\windows\system32\userinit.exe BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [HP OfficeJet Series 600] "c:\program files\hewlett-packard\hp officejet series 600\bin\ktchnsnk.exe" -reg "software\hewlett-packard\officejet series 600\Install" mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup mRun: [sigmatelSysTrayApp] stsystra.exe mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [ehTray] c:\windows\ehome\ehtray.exe mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [dla] c:\windows\system32\dla\tfswctrl.exe mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s dRun: [DriverLoad] dRun: [DriverCheck] dRun: [systemDriverLoad] dRun: [systemDriver] dRun: [FDriver] dRun: [ADriver] dRun: [CDriver] c:\z_drivers\svchost.exe dRun: [DDriver] c:\z_drivers\svchost.exe dRun: [alpha] c:\z_drivers\svchost.exe dRun: [beta] c:\z_drivers\svchost.exe dRun: [gamma] c:\z_drivers\svchost.exe dRunOnce: [RunNarrator] Narrator.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{9D84B5BB-EB67-4965-829E-941125D4386E} : DhcpNameServer = 192.168.0.1 Notify: ddcyx - ddcyx.dll Notify: GIDLogonXP - GIDLogonXP.dll Notify: igfxcui - igfxdev.dll Notify: sstqq - c:\windows\system32\sstqq.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12 . ================= FIREFOX =================== . FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\ FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\NPAbacheck.dll FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll . ============= SERVICES / DRIVERS =============== . R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752] R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104] R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616] R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888] R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-26 25232] R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784] R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-6-14 60488] R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328] R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392] R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\samsung network printer utilities\syncthru web admin service\SWAS.exe [2008-1-26 1314816] R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496] R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-24 105592] R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110628.050\IDSXpx86.sys [2011-6-29 355256] R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110627.004\NAVENG.SYS [2011-6-27 86008] R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110627.004\NAVEX15.SYS [2011-6-27 1542392] S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176] S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] . =============== File Associations =============== . regfile=regedit.exe "%1" %* scrfile="%1" %* . =============== Created Last 30 ================ . 2011-06-27 03:10:19 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage 2011-06-27 03:10:17 -------- d-----w- c:\documents and settings\family\local settings\application data\ID Vault 2011-06-27 03:09:57 87624 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll 2011-06-27 03:09:57 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll 2011-06-27 03:09:57 1590856 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll 2011-06-27 03:09:57 129608 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll 2011-06-27 03:09:50 -------- d-----w- c:\documents and settings\family\application data\ID Vault 2011-06-27 03:09:31 25232 ------w- c:\windows\system32\drivers\gidv2.sys 2011-06-27 03:09:24 -------- d-----w- c:\documents and settings\all users\GID 2011-06-27 03:09:21 -------- d-----w- c:\program files\SFT 2011-06-27 03:09:06 -------- d-----w- c:\program files\Constant Guard Protection Suite 2011-06-27 03:08:57 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc 2011-06-27 01:31:12 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin 2011-06-27 01:31:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation 2011-06-27 01:27:49 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin 2011-06-27 01:27:49 1 ----a-w- c:\windows\system32\nvdrssel.bin 2011-06-27 01:27:06 -------- d-----w- c:\program files\NVIDIA Corporation 2011-06-25 14:53:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2011-06-23 01:07:32 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll 2011-06-23 01:07:31 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll 2011-06-15 21:24:44 105472 ------w- c:\windows\system32\dllcache\mup.sys 2011-06-15 21:24:29 852480 ------w- c:\windows\system32\dllcache\vgx.dll . ==================== Find3M ==================== . 2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll 2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll 2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys 2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll 2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll 2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx 2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec 2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys . =================== ROOTKIT ==================== . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 . CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process. device: opened successfully user: error reading MBR . Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA014D0]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa077d0]; MOV EAX, [0x8aa0784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA2AAB8] 3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A9BD958] \Driver\atapi[0x8AA5E320] -> IRP_MJ_CREATE -> 0x8AA014D0 kernel: MBR read successfully _asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; } detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x8AA0131B user != kernel MBR !!! Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. . ============= FINISH: 21:42:47.25 =============== attach.zip.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.