Jump to content

TDL4 rootkit infection


Recommended Posts

Note that svchost.exe seems to all of a sudden every 5 minutes or so start to grow and grow consuming everything...i killed the process

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

svchost.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

svchost.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

C:\Program Files\Canon\CAL\CALMAIN.exe

C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

C:\WINDOWS\system32\dllhost.exe

C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe

C:\WINDOWS\stsystra.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\WINDOWS\ehome\ehtray.exe

C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

C:\WINDOWS\system32\dla\tfswctrl.exe

C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

C:\WINDOWS\Samsung\PanelMgr\ssmmgr.exe

C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\SFT\GuardedID\gidd.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Constant Guard Protection Suite\IDVault.exe

C:\Program Files\Digital Line Detect\DLG.exe

C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

C:\Program Files\Nikon\NkView6\NkvMon.exe

C:\WINDOWS\eHome\ehmsas.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

C:\Documents and Settings\Family\Desktop\Defogger.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uDefault_Page_URL = hxxp://www.yahoo.com/?fr=fp-yie8

uSearch Page =

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uWindow Title = Windows Internet Explorer provided by Yahoo!

mDefault_Page_URL = hxxp://www.dell4me.com/myway

mStart Page = hxxp://www.dell4me.com/myway

mSearch Page = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant =

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchAssistant =

mWinlogon: Userinit=c:\windows\system32\userinit.exe

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll

BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton security suite\engine\4.3.0.5\IPSBHO.DLL

BHO: Constant Guard Protection Suite (COM): {b84cdbe7-1b46-494b-a188-01d4c52deb61} - c:\program files\constant guard protection suite\NativeBHO.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton security suite\engine\4.3.0.5\coIEPlg.dll

TB: {E1BACF55-35E1-4E47-9247-2D48660E5545} - No File

EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll

uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [HP OfficeJet Series 600] "c:\program files\hewlett-packard\hp officejet series 600\bin\ktchnsnk.exe" -reg "software\hewlett-packard\officejet series 600\Install"

mRun: [MSKDetectorExe] c:\progra~1\mcafee\spamki~1\MSKDetct.exe /startup

mRun: [sigmatelSysTrayApp] stsystra.exe

mRun: [RealTray] c:\program files\real\realplayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

mRun: [iSUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start

mRun: [igfxtray] c:\windows\system32\igfxtray.exe

mRun: [igfxpers] c:\windows\system32\igfxpers.exe

mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe

mRun: [ehTray] c:\windows\ehome\ehtray.exe

mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe"

mRun: [dla] c:\windows\system32\dla\tfswctrl.exe

mRun: [Corel Photo Downloader] c:\program files\corel\corel photo album 6\MediaDetect.exe

mRun: [samsung PanelMgr] c:\windows\samsung\panelmgr\ssmmgr.exe /autorun

mRun: [WD Drive Manager] c:\program files\western digital\wd drive manager\WDBtnMgrUI.exe

mRun: [iSUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [GIDDesktop] c:\program files\sft\guardedid\gidd.exe /s

dRun: [DriverLoad]

dRun: [DriverCheck]

dRun: [systemDriverLoad]

dRun: [systemDriver]

dRun: [FDriver]

dRun: [ADriver]

dRun: [CDriver] c:\z_drivers\svchost.exe

dRun: [DDriver] c:\z_drivers\svchost.exe

dRun: [alpha] c:\z_drivers\svchost.exe

dRun: [beta] c:\z_drivers\svchost.exe

dRun: [gamma] c:\z_drivers\svchost.exe

dRunOnce: [RunNarrator] Narrator.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\consta~1.lnk - c:\program files\constant guard protection suite\IDVault.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\nkvmon~1.lnk - c:\program files\nikon\nkview6\NkvMon.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL

IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 192.168.0.1

TCP: Interfaces\{9D84B5BB-EB67-4965-829E-941125D4386E} : DhcpNameServer = 192.168.0.1

Notify: ddcyx - ddcyx.dll

Notify: GIDLogonXP - GIDLogonXP.dll

Notify: igfxcui - igfxdev.dll

Notify: sstqq - c:\windows\system32\sstqq.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SecurityProviders: msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

mASetup: {9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg - c:\program files\sft\guardedid\gidi.exe /v

mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\coffplgn\components\coFFPlgn.dll

FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\ipsffplgn\components\IPSFFPl.dll

FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

FF - component: c:\documents and settings\family\application data\mozilla\firefox\profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll

FF - plugin: c:\program files\google\update\1.3.21.57\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\microsoft silverlight\4.0.60531.0\npctrlui.dll

FF - plugin: c:\program files\mozilla firefox\plugins\NPAbacheck.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npatgpc.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll

.

============= SERVICES / DRIVERS ===============

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0403000.005\symds.sys [2010-10-26 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0403000.005\symefa.sys [2010-10-26 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\bashdefs\20110616.003\BHDrvx86.sys [2011-6-16 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0403000.005\cchpx86.sys [2010-10-26 501888]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [2011-6-26 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0403000.005\ironx86.sys [2010-10-26 116784]

R2 IDVaultSvc;CGPS Service;c:\program files\constant guard protection suite\IDVaultSvc.exe [2011-6-14 60488]

R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]

R2 N360;Norton Security Suite;c:\program files\norton security suite\engine\4.3.0.5\ccsvchst.exe [2010-10-26 126392]

R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\samsung network printer utilities\syncthru web admin service\SWAS.exe [2008-1-26 1314816]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\western digital\wd drive manager\WDBtnMgrSvc.exe [2008-1-30 106496]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2011-5-24 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\ipsdefs\20110628.050\IDSXpx86.sys [2011-6-29 355256]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110627.004\NAVENG.SYS [2011-6-27 86008]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_4.0.0.127\definitions\virusdefs\20110627.004\NAVEX15.SYS [2011-6-27 1542392]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-5-18 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232]

.

=============== File Associations ===============

.

regfile=regedit.exe "%1" %*

scrfile="%1" %*

.

=============== Created Last 30 ================

.

2011-06-27 03:10:19 -------- d-----w- c:\documents and settings\all users\application data\IsolatedStorage

2011-06-27 03:10:17 -------- d-----w- c:\documents and settings\family\local settings\application data\ID Vault

2011-06-27 03:09:57 87624 ----a-w- c:\program files\mozilla firefox\IdVaultCore.XmlSerializers.dll

2011-06-27 03:09:57 8007680 ----a-w- c:\program files\mozilla firefox\Microsoft.mshtml.dll

2011-06-27 03:09:57 1590856 ----a-w- c:\program files\mozilla firefox\IdVaultCore.dll

2011-06-27 03:09:57 129608 ----a-w- c:\program files\mozilla firefox\CommonDotNET.dll

2011-06-27 03:09:50 -------- d-----w- c:\documents and settings\family\application data\ID Vault

2011-06-27 03:09:31 25232 ------w- c:\windows\system32\drivers\gidv2.sys

2011-06-27 03:09:24 -------- d-----w- c:\documents and settings\all users\GID

2011-06-27 03:09:21 -------- d-----w- c:\program files\SFT

2011-06-27 03:09:06 -------- d-----w- c:\program files\Constant Guard Protection Suite

2011-06-27 03:08:57 -------- d-----w- c:\documents and settings\all users\application data\White Sky, Inc

2011-06-27 01:31:12 252316 ----a-w- c:\windows\system32\nvdrsdb0.bin

2011-06-27 01:31:10 -------- d-----w- c:\documents and settings\all users\application data\NVIDIA Corporation

2011-06-27 01:27:49 252316 ----a-w- c:\windows\system32\nvdrsdb1.bin

2011-06-27 01:27:49 1 ----a-w- c:\windows\system32\nvdrssel.bin

2011-06-27 01:27:06 -------- d-----w- c:\program files\NVIDIA Corporation

2011-06-25 14:53:05 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-23 01:07:32 2106216 ----a-w- c:\program files\mozilla firefox\D3DCompiler_43.dll

2011-06-23 01:07:31 1998168 ----a-w- c:\program files\mozilla firefox\d3dx9_43.dll

2011-06-15 21:24:44 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-15 21:24:29 852480 ------w- c:\windows\system32\dllcache\vgx.dll

.

==================== Find3M ====================

.

2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25:27 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47:19 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47:19 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47:19 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56:44 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37:43 105472 ----a-w- c:\windows\system32\drivers\mup.sys

.

=================== ROOTKIT ====================

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

.

Disk trace:

called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8AA014D0]<<

_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8aa077d0]; MOV EAX, [0x8aa0784c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }

1 ntkrnlpa!IofCallDriver[0x804EF1A6] -> \Device\Harddisk0\DR0[0x8AA2AAB8]

3 CLASSPNP[0xB80E8FD7] -> ntkrnlpa!IofCallDriver[0x804EF1A6] -> [0x8A9BD958]

\Driver\atapi[0x8AA5E320] -> IRP_MJ_CREATE -> 0x8AA014D0

kernel: MBR read successfully

_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }

detected disk devices:

detected hooks:

\Driver\atapi DriverStartIo -> 0x8AA0131B

user != kernel MBR !!!

Warning: possible TDL4 rootkit infection !

TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix.

.

============= FINISH: 21:42:47.25 ===============

attach.zip.zip

Link to post
Share on other sites

Hello mightymikedude and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Log from TDSS killer below...The PC seems to be running fine now :) Fingers crossed. should i also run the ComboFix even if it seems to be running better now?

2011/07/04 10:35:16.0272 2668 TDSS rootkit removing tool 2.5.9.0 Jul 1 2011 18:45:212011/07/04 10:35:16.0350 2668 ================================================================================

2011/07/04 10:35:16.0350 2668 SystemInfo:

2011/07/04 10:35:16.0350 2668

2011/07/04 10:35:16.0350 2668 OS Version: 5.1.2600 ServicePack: 3.0

2011/07/04 10:35:16.0350 2668 Product type: Workstation

2011/07/04 10:35:16.0350 2668 ComputerName: FAMILYROOM

2011/07/04 10:35:16.0350 2668 UserName: Family

2011/07/04 10:35:16.0350 2668 Windows directory: C:\WINDOWS

2011/07/04 10:35:16.0350 2668 System windows directory: C:\WINDOWS

2011/07/04 10:35:16.0350 2668 Processor architecture: Intel x86

2011/07/04 10:35:16.0350 2668 Number of processors: 2

2011/07/04 10:35:16.0350 2668 Page size: 0x1000

2011/07/04 10:35:16.0350 2668 Boot type: Normal boot

2011/07/04 10:35:16.0350 2668 ================================================================================

2011/07/04 10:35:16.0944 2668 Initialize success

2011/07/04 10:35:19.0475 3280 ================================================================================

2011/07/04 10:35:19.0475 3280 Scan started

2011/07/04 10:35:19.0475 3280 Mode: Manual;

2011/07/04 10:35:19.0475 3280 ================================================================================

2011/07/04 10:35:20.0350 3280 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS

2011/07/04 10:35:20.0459 3280 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys

2011/07/04 10:35:20.0553 3280 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys

2011/07/04 10:35:20.0616 3280 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys

2011/07/04 10:35:20.0678 3280 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys

2011/07/04 10:35:20.0741 3280 AFD (355556d9e580915118cd7ef736653a89) C:\WINDOWS\System32\drivers\afd.sys

2011/07/04 10:35:20.0803 3280 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys

2011/07/04 10:35:20.0850 3280 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys

2011/07/04 10:35:20.0912 3280 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys

2011/07/04 10:35:20.0944 3280 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys

2011/07/04 10:35:20.0975 3280 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys

2011/07/04 10:35:21.0022 3280 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys

2011/07/04 10:35:21.0069 3280 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys

2011/07/04 10:35:21.0100 3280 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys

2011/07/04 10:35:21.0162 3280 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys

2011/07/04 10:35:21.0256 3280 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys

2011/07/04 10:35:21.0287 3280 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys

2011/07/04 10:35:21.0303 3280 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys

2011/07/04 10:35:21.0366 3280 ASCTRM (d880831279ed91f9a4190a2db9539ea9) C:\WINDOWS\system32\drivers\ASCTRM.sys

2011/07/04 10:35:21.0491 3280 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys

2011/07/04 10:35:21.0522 3280 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys

2011/07/04 10:35:21.0600 3280 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys

2011/07/04 10:35:21.0647 3280 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys

2011/07/04 10:35:21.0678 3280 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys

2011/07/04 10:35:22.0006 3280 BHDrvx86 (ad73b4cd214de82d003fdadbaeab6410) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys

2011/07/04 10:35:22.0241 3280 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys

2011/07/04 10:35:22.0287 3280 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys

2011/07/04 10:35:22.0428 3280 ccHP (e941e709847fa00e0dd6d58d2b8fb5e1) C:\WINDOWS\system32\drivers\N360\0403000.005\ccHPx86.sys

2011/07/04 10:35:22.0631 3280 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys

2011/07/04 10:35:22.0694 3280 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys

2011/07/04 10:35:22.0756 3280 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys

2011/07/04 10:35:22.0803 3280 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys

2011/07/04 10:35:22.0897 3280 CmdIde (e5dcb56c533014ecbc556a8357c929d5) C:\WINDOWS\system32\DRIVERS\cmdide.sys

2011/07/04 10:35:22.0959 3280 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys

2011/07/04 10:35:23.0053 3280 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys

2011/07/04 10:35:23.0084 3280 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys

2011/07/04 10:35:23.0147 3280 DgiVecp (770471de2550820feeb7e5d24bf2e273) C:\WINDOWS\system32\Drivers\DgiVecp.sys

2011/07/04 10:35:23.0256 3280 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys

2011/07/04 10:35:23.0350 3280 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys

2011/07/04 10:35:23.0397 3280 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys

2011/07/04 10:35:23.0412 3280 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys

2011/07/04 10:35:23.0475 3280 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys

2011/07/04 10:35:23.0569 3280 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys

2011/07/04 10:35:23.0600 3280 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys

2011/07/04 10:35:23.0647 3280 drvmcdb (e814854e6b246ccf498874839ab64d77) C:\WINDOWS\system32\drivers\drvmcdb.sys

2011/07/04 10:35:23.0678 3280 drvnddm (ee83a4ebae70bc93cf14879d062f548b) C:\WINDOWS\system32\drivers\drvnddm.sys

2011/07/04 10:35:23.0709 3280 E100B (95974e66d3de4951d29e28e8bc0b644c) C:\WINDOWS\system32\DRIVERS\e100b325.sys

2011/07/04 10:35:23.0850 3280 eeCtrl (5461f01b7def17dc90d90b029f874c3b) C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

2011/07/04 10:35:23.0944 3280 EraserUtilRebootDrv (17fcc372d03ba39f3aee85198c0ec594) C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

2011/07/04 10:35:24.0084 3280 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys

2011/07/04 10:35:24.0147 3280 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys

2011/07/04 10:35:24.0194 3280 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys

2011/07/04 10:35:24.0272 3280 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys

2011/07/04 10:35:24.0334 3280 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys

2011/07/04 10:35:24.0366 3280 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys

2011/07/04 10:35:24.0412 3280 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys

2011/07/04 10:35:24.0459 3280 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys

2011/07/04 10:35:24.0537 3280 GIDv2 (936ca0dc0acce06fe55de222ca5e56df) C:\WINDOWS\system32\drivers\GIDv2.sys

2011/07/04 10:35:24.0616 3280 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys

2011/07/04 10:35:24.0694 3280 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys

2011/07/04 10:35:24.0741 3280 HidUsb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys

2011/07/04 10:35:24.0834 3280 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys

2011/07/04 10:35:24.0866 3280 HSFHWBS2 (77e4ff0b73bc0aeaaf39bf0c8104231f) C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

2011/07/04 10:35:24.0975 3280 HSF_DP (60e1604729a15ef4a3b05f298427b3b1) C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

2011/07/04 10:35:25.0084 3280 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys

2011/07/04 10:35:25.0131 3280 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys

2011/07/04 10:35:25.0178 3280 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys

2011/07/04 10:35:25.0241 3280 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys

2011/07/04 10:35:25.0334 3280 ialm (240d0f5d7caafd87bd8d801a97bbe041) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

2011/07/04 10:35:25.0631 3280 IDSxpx86 (b9ba869eb7b66c5740e904a79f9245b4) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys

2011/07/04 10:35:25.0709 3280 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys

2011/07/04 10:35:25.0772 3280 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys

2011/07/04 10:35:25.0819 3280 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys

2011/07/04 10:35:25.0850 3280 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys

2011/07/04 10:35:25.0897 3280 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys

2011/07/04 10:35:25.0944 3280 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys

2011/07/04 10:35:26.0006 3280 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys

2011/07/04 10:35:26.0053 3280 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys

2011/07/04 10:35:26.0116 3280 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys

2011/07/04 10:35:26.0162 3280 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys

2011/07/04 10:35:26.0209 3280 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys

2011/07/04 10:35:26.0272 3280 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys

2011/07/04 10:35:26.0303 3280 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys

2011/07/04 10:35:26.0334 3280 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys

2011/07/04 10:35:26.0397 3280 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys

2011/07/04 10:35:26.0522 3280 mdmxsdk (eeaea6514ba7c9d273b5e87c4e1aab30) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

2011/07/04 10:35:26.0631 3280 MHNDRV (7f2f1d2815a6449d346fcccbc569fbd6) C:\WINDOWS\system32\DRIVERS\mhndrv.sys

2011/07/04 10:35:26.0678 3280 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys

2011/07/04 10:35:26.0741 3280 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys

2011/07/04 10:35:26.0803 3280 MODEMCSA (1992e0d143b09653ab0f9c5e04b0fd65) C:\WINDOWS\system32\drivers\MODEMCSA.sys

2011/07/04 10:35:26.0866 3280 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys

2011/07/04 10:35:26.0928 3280 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys

2011/07/04 10:35:26.0959 3280 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys

2011/07/04 10:35:27.0022 3280 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys

2011/07/04 10:35:27.0037 3280 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys

2011/07/04 10:35:27.0116 3280 MRxSmb (0dc719e9b15e902346e87e9dcd5751fa) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

2011/07/04 10:35:27.0162 3280 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys

2011/07/04 10:35:27.0209 3280 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys

2011/07/04 10:35:27.0256 3280 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys

2011/07/04 10:35:27.0287 3280 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys

2011/07/04 10:35:27.0350 3280 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys

2011/07/04 10:35:27.0397 3280 Mup (de6a75f5c270e756c5508d94b6cf68f5) C:\WINDOWS\system32\drivers\Mup.sys

2011/07/04 10:35:27.0678 3280 NAVENG (920d9701bba90dbb7ccfd3536ea4d6f9) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110702.002\NAVENG.SYS

2011/07/04 10:35:27.0772 3280 NAVEX15 (31b1a9b53c3319b97f7874347cd992d2) C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110702.002\NAVEX15.SYS

2011/07/04 10:35:28.0022 3280 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys

2011/07/04 10:35:28.0053 3280 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys

2011/07/04 10:35:28.0131 3280 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys

2011/07/04 10:35:28.0194 3280 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys

2011/07/04 10:35:28.0256 3280 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys

2011/07/04 10:35:28.0319 3280 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys

2011/07/04 10:35:28.0350 3280 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys

2011/07/04 10:35:28.0428 3280 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys

2011/07/04 10:35:28.0459 3280 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys

2011/07/04 10:35:28.0553 3280 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys

2011/07/04 10:35:28.0944 3280 nv (5e640f37801f2d4152d11595218915cd) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

2011/07/04 10:35:29.0475 3280 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys

2011/07/04 10:35:29.0506 3280 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys

2011/07/04 10:35:29.0569 3280 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys

2011/07/04 10:35:29.0600 3280 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys

2011/07/04 10:35:29.0647 3280 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys

2011/07/04 10:35:29.0709 3280 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys

2011/07/04 10:35:29.0772 3280 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\DRIVERS\pciide.sys

2011/07/04 10:35:29.0819 3280 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys

2011/07/04 10:35:29.0944 3280 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys

2011/07/04 10:35:29.0975 3280 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys

2011/07/04 10:35:30.0053 3280 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys

2011/07/04 10:35:30.0084 3280 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys

2011/07/04 10:35:30.0116 3280 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys

2011/07/04 10:35:30.0178 3280 PxHelp20 (86724469cd077901706854974cd13c3e) C:\WINDOWS\system32\Drivers\PxHelp20.sys

2011/07/04 10:35:30.0272 3280 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys

2011/07/04 10:35:30.0287 3280 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys

2011/07/04 10:35:30.0319 3280 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys

2011/07/04 10:35:30.0350 3280 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys

2011/07/04 10:35:30.0412 3280 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys

2011/07/04 10:35:30.0459 3280 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys

2011/07/04 10:35:30.0506 3280 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys

2011/07/04 10:35:30.0537 3280 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys

2011/07/04 10:35:30.0553 3280 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys

2011/07/04 10:35:30.0600 3280 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys

2011/07/04 10:35:30.0616 3280 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys

2011/07/04 10:35:30.0647 3280 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys

2011/07/04 10:35:30.0741 3280 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys

2011/07/04 10:35:30.0803 3280 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys

2011/07/04 10:35:30.0897 3280 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys

2011/07/04 10:35:30.0975 3280 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys

2011/07/04 10:35:31.0022 3280 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys

2011/07/04 10:35:31.0084 3280 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys

2011/07/04 10:35:31.0178 3280 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys

2011/07/04 10:35:31.0272 3280 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys

2011/07/04 10:35:31.0319 3280 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys

2011/07/04 10:35:31.0381 3280 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys

2011/07/04 10:35:31.0475 3280 SRTSP (ec5c3c6260f4019b03dfaa03ec8cbf6a) C:\WINDOWS\System32\Drivers\N360\0403000.005\SRTSP.SYS

2011/07/04 10:35:31.0522 3280 SRTSPX (55d5c37ed41231e3ac2063d16df50840) C:\WINDOWS\system32\drivers\N360\0403000.005\SRTSPX.SYS

2011/07/04 10:35:31.0584 3280 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys

2011/07/04 10:35:31.0616 3280 sscdbhk5 (d7968049be0adbb6a57cee3960320911) C:\WINDOWS\system32\drivers\sscdbhk5.sys

2011/07/04 10:35:31.0647 3280 ssrtln (c3ffd65abfb6441e7606cf74f1155273) C:\WINDOWS\system32\drivers\ssrtln.sys

2011/07/04 10:35:31.0725 3280 STHDA (352b663a81402be7cd7bd4ea27c9998c) C:\WINDOWS\system32\drivers\sthda.sys

2011/07/04 10:35:31.0803 3280 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys

2011/07/04 10:35:31.0866 3280 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys

2011/07/04 10:35:31.0959 3280 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys

2011/07/04 10:35:31.0991 3280 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys

2011/07/04 10:35:32.0069 3280 SymDS (56890bf9d9204b93042089d4b45ae671) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMDS.SYS

2011/07/04 10:35:32.0147 3280 SymEFA (1c91df5188150510a6f0cf78f7d94b69) C:\WINDOWS\system32\drivers\N360\0403000.005\SYMEFA.SYS

2011/07/04 10:35:32.0209 3280 SymEvent (961b48b86f94d4cc8ceb483f8aa89374) C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

2011/07/04 10:35:32.0319 3280 SymIRON (dc80fbf0a348e54853ef82eed4e11e35) C:\WINDOWS\system32\drivers\N360\0403000.005\Ironx86.SYS

2011/07/04 10:35:32.0381 3280 SYMTDI (41aad61f87ca8e3b5d0f7fe7fba0797d) C:\WINDOWS\System32\Drivers\N360\0403000.005\SYMTDI.SYS

2011/07/04 10:35:32.0491 3280 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys

2011/07/04 10:35:32.0522 3280 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys

2011/07/04 10:35:32.0600 3280 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys

2011/07/04 10:35:32.0694 3280 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys

2011/07/04 10:35:32.0772 3280 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys

2011/07/04 10:35:32.0834 3280 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys

2011/07/04 10:35:32.0912 3280 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys

2011/07/04 10:35:32.0975 3280 tfsnboio (30698355067d07da5f9eb81132c9fdd6) C:\WINDOWS\system32\dla\tfsnboio.sys

2011/07/04 10:35:33.0022 3280 tfsncofs (fb9d825bb4a2abdf24600f7505050e2b) C:\WINDOWS\system32\dla\tfsncofs.sys

2011/07/04 10:35:33.0053 3280 tfsndrct (cafd8cca11aa1e8b6d2ea1ba8f70ec33) C:\WINDOWS\system32\dla\tfsndrct.sys

2011/07/04 10:35:33.0084 3280 tfsndres (8db1e78fbf7c426d8ec3d8f1a33d6485) C:\WINDOWS\system32\dla\tfsndres.sys

2011/07/04 10:35:33.0116 3280 tfsnifs (b92f67a71cc8176f331b8aa8d9f555ad) C:\WINDOWS\system32\dla\tfsnifs.sys

2011/07/04 10:35:33.0147 3280 tfsnopio (85985faa9a71e2358fcc2edefc2a3c5c) C:\WINDOWS\system32\dla\tfsnopio.sys

2011/07/04 10:35:33.0162 3280 tfsnpool (bba22094f0f7c210567efdaf11f64495) C:\WINDOWS\system32\dla\tfsnpool.sys

2011/07/04 10:35:33.0194 3280 tfsnudf (81340bef80b9811e98ce64611e67e3ff) C:\WINDOWS\system32\dla\tfsnudf.sys

2011/07/04 10:35:33.0241 3280 tfsnudfa (c035fd116224ccc8325f384776b6a8bb) C:\WINDOWS\system32\dla\tfsnudfa.sys

2011/07/04 10:35:33.0287 3280 TosIde (f2790f6af01321b172aa62f8e1e187d9) C:\WINDOWS\system32\DRIVERS\toside.sys

2011/07/04 10:35:33.0366 3280 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys

2011/07/04 10:35:33.0444 3280 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys

2011/07/04 10:35:33.0491 3280 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys

2011/07/04 10:35:33.0584 3280 USBAAPL (d4fb6ecc60a428564ba8768b0e23c0fc) C:\WINDOWS\system32\Drivers\usbaapl.sys

2011/07/04 10:35:33.0631 3280 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys

2011/07/04 10:35:33.0694 3280 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys

2011/07/04 10:35:33.0756 3280 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys

2011/07/04 10:35:33.0819 3280 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys

2011/07/04 10:35:33.0866 3280 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys

2011/07/04 10:35:33.0912 3280 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS

2011/07/04 10:35:33.0959 3280 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys

2011/07/04 10:35:33.0991 3280 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys

2011/07/04 10:35:34.0053 3280 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys

2011/07/04 10:35:34.0084 3280 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys

2011/07/04 10:35:34.0131 3280 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys

2011/07/04 10:35:34.0256 3280 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys

2011/07/04 10:35:34.0428 3280 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys

2011/07/04 10:35:34.0491 3280 winachsf (f59ed5a43b988a18ef582bb07b2327a7) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

2011/07/04 10:35:34.0631 3280 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys

2011/07/04 10:35:34.0709 3280 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys

2011/07/04 10:35:34.0756 3280 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys

2011/07/04 10:35:34.0834 3280 MBR (0x1B8) (87f75abb087c82bee3a1fbec42bbabd0) \Device\Harddisk0\DR0

2011/07/04 10:35:34.0850 3280 \Device\Harddisk0\DR0 - detected Rootkit.Win32.TDSS.tdl4 (0)

2011/07/04 10:35:34.0866 3280 MBR (0x1B8) (bdbeaec32a836c2ccdc95b561bbadf1e) \Device\Harddisk1\DR4

2011/07/04 10:35:35.0116 3280 Boot (0x1200) (c1da82fb77647671ce1bc6086ec9f28f) \Device\Harddisk0\DR0\Partition0

2011/07/04 10:35:35.0131 3280 ================================================================================

2011/07/04 10:35:35.0131 3280 Scan finished

2011/07/04 10:35:35.0131 3280 ================================================================================

2011/07/04 10:35:35.0147 2248 Detected object count: 1

2011/07/04 10:35:35.0147 2248 Actual detected object count: 1

2011/07/04 10:35:48.0694 2248 \Device\Harddisk0\DR0 (Rootkit.Win32.TDSS.tdl4) - will be cured after reboot

2011/07/04 10:35:48.0694 2248 \Device\Harddisk0\DR0 - ok

2011/07/04 10:35:48.0694 2248 Rootkit.Win32.TDSS.tdl4(\Device\Harddisk0\DR0) - User select action: Cure

2011/07/04 10:36:11.0022 3784 Deinitialize success

Link to post
Share on other sites

Still seems to be running fine!

ComboBox log

ComboFix 11-07-03.04 - Family 07/04/2011 11:49:26.1.2 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1168 [GMT -4:00]

Running from: c:\documents and settings\Family\Desktop\ComboFix.exe

AV: Norton Security Suite *Disabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}

FW: Norton Security Suite *Disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\WD

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\BackupRules.xml

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-errors.db3

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-inq.db3

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-outq.bin

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2bb701b3-839d-43b2-bbdd-bcbcc790a3b6-preinq.db3

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6.xml

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\instances\2BB701B3-839D-43B2-BBDD-BCBCC790A3B6\manifest.db3

c:\documents and settings\All Users\Application Data\WD\WD Anywhere Backup\sourceq.db3

c:\documents and settings\Family\Application Data\JuniperSetup.exe

c:\documents and settings\Family\WINDOWS

c:\program files\Mozilla Firefox\searchplugins\search.xml

c:\windows\system32\bszip.dll

c:\windows\system32\gjkkj.bak2

c:\windows\system32\gjkkj.ini2

c:\windows\system32\gjkkj.tmp

c:\windows\system32\qqtss.bak1

c:\windows\system32\qqtss.ini

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_MSDIRECT

.

.

((((((((((((((((((((((((( Files Created from 2011-06-04 to 2011-07-04 )))))))))))))))))))))))))))))))

.

.

2011-06-28 00:41 . 2011-06-28 00:41 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple Computer

2011-06-28 00:41 . 2011-06-28 00:41 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Apple Computer

2011-06-27 03:20 . 2011-06-27 03:20 -------- d-----w- c:\documents and settings\LocalService\Application Data\ID Vault

2011-06-27 03:10 . 2011-06-27 03:10 -------- d-----w- c:\documents and settings\All Users\Application Data\IsolatedStorage

2011-06-27 03:10 . 2011-06-27 03:11 -------- d-----w- c:\documents and settings\Family\Local Settings\Application Data\ID Vault

2011-06-27 03:09 . 2011-06-14 19:24 87624 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.XmlSerializers.dll

2011-06-27 03:09 . 2011-06-14 19:24 1590856 ----a-w- c:\program files\Mozilla Firefox\IdVaultCore.dll

2011-06-27 03:09 . 2011-06-14 19:24 129608 ----a-w- c:\program files\Mozilla Firefox\CommonDotNET.dll

2011-06-27 03:09 . 2011-06-14 19:23 8007680 ----a-w- c:\program files\Mozilla Firefox\Microsoft.mshtml.dll

2011-06-27 03:09 . 2011-06-27 03:22 -------- d-----w- c:\documents and settings\Family\Application Data\ID Vault

2011-06-27 03:09 . 2011-03-03 23:02 25232 ------w- c:\windows\system32\drivers\gidv2.sys

2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\documents and settings\All Users\GID

2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\program files\SFT

2011-06-27 03:09 . 2011-06-27 03:09 -------- d-----w- c:\program files\Constant Guard Protection Suite

2011-06-27 03:08 . 2011-06-27 03:08 -------- d-----w- c:\documents and settings\All Users\Application Data\White Sky, Inc

2011-06-27 02:23 . 2011-06-27 02:23 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2011-06-23 01:07 . 2011-06-23 01:07 2106216 ----a-w- c:\program files\Mozilla Firefox\D3DCompiler_43.dll

2011-06-23 01:07 . 2011-06-23 01:07 1998168 ----a-w- c:\program files\Mozilla Firefox\d3dx9_43.dll

2011-06-15 21:24 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys

2011-06-15 21:24 . 2011-04-29 19:07 852480 ------w- c:\windows\system32\dllcache\vgx.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-05-02 15:31 . 2005-08-16 10:40 692736 ----a-w- c:\windows\system32\inetcomm.dll

2011-04-29 17:25 . 2005-08-16 10:18 151552 ----a-w- c:\windows\system32\schannel.dll

2011-04-29 16:19 . 2005-12-17 17:43 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2011-04-25 14:47 . 2009-04-06 03:09 81920 ----a-w- c:\windows\system32\ieencode.dll

2011-04-25 14:47 . 2005-08-16 10:18 667136 ----a-w- c:\windows\system32\wininet.dll

2011-04-25 14:47 . 2005-08-16 10:18 61952 ----a-w- c:\windows\system32\tdc.ocx

2011-04-25 12:56 . 2005-08-16 10:18 369664 ----a-w- c:\windows\system32\html.iec

2011-04-21 13:37 . 2005-08-16 10:18 105472 ----a-w- c:\windows\system32\drivers\mup.sys

2007-06-01 12:43 . 2006-09-12 01:56 44624 ----a-w- c:\program files\mozilla firefox\plugins\atgpcdec.dll

2007-06-01 12:43 . 2006-09-12 01:56 108184 ----a-w- c:\program files\mozilla firefox\plugins\atgpcext.dll

2011-06-23 01:07 . 2011-05-02 03:14 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B84CDBE7-1B46-494B-A188-01D4C52DEB61}]

2011-06-14 19:24 99912 ----a-w- c:\program files\Constant Guard Protection Suite\NativeBHO.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP OfficeJet Series 600"="c:\program files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe -reg Software\Hewlett-Packard\OfficeJet Series 600\Install" [X]

"MSKDetectorExe"="c:\progra~1\McAfee\SPAMKI~1\MSKDetct.exe" [2005-08-12 1121792]

"SigmatelSysTrayApp"="stsystra.exe" [2005-03-23 339968]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2005-12-17 26112]

"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]

"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-07-20 94208]

"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-07-20 114688]

"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-07-20 77824]

"ehTray"="c:\windows\ehome\ehtray.exe" [2005-09-29 67584]

"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]

"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]

"Corel Photo Downloader"="c:\program files\Corel\Corel Photo Album 6\MediaDetect.exe" [2005-08-31 106496]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2006-02-14 507904]

"WD Drive Manager"="c:\program files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe" [2008-01-30 438272]

"ISUSPM Startup"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 249856]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-07 421160]

"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-02-23 111208]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-02-23 13880424]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"GIDDesktop"="c:\program files\SFT\GuardedID\gidd.exe" [2011-03-03 393992]

.

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]

"RunNarrator"="Narrator.exe" [2008-04-14 53760]

.

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Constant Guard.lnk - c:\program files\Constant Guard Protection Suite\IDVault.exe [2011-6-14 3231816]

Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-12-17 24576]

McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]

NkvMon.exe.lnk - c:\program files\Nikon\NkView6\NkvMon.exe [2006-2-9 241664]

QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 806912]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GIDLogonXP]

2011-03-03 23:03 53528 ----a-w- c:\windows\system32\GIDLogonXP.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

"MskService"=2 (0x2)

"MpfService"=2 (0x2)

"mcupdmgr.exe"=3 (0x3)

"McTskshd.exe"=2 (0x2)

"McShield"=2 (0x2)

"McDetect.exe"=2 (0x2)

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

"DisableNotifications"= 1 (0x1)

.

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

.

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\N360\0403000.005\symds.sys [10/26/2010 5:38 PM 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\N360\0403000.005\symefa.sys [10/26/2010 5:38 PM 173104]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys [6/16/2011 7:12 PM 810616]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\N360\0403000.005\cchpx86.sys [10/26/2010 5:38 PM 501888]

R1 GIDv2;GIDv2;c:\windows\system32\drivers\gidv2.sys [6/26/2011 11:09 PM 25232]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\N360\0403000.005\ironx86.sys [10/26/2010 5:38 PM 116784]

R2 IDVaultSvc;CGPS Service;c:\program files\Constant Guard Protection Suite\IDVaultSvc.exe [6/14/2011 3:24 PM 60488]

R2 N360;Norton Security Suite;c:\program files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe [10/26/2010 5:38 PM 126392]

R2 SWAS_Core;SyncThru Web Admin Service;c:\program files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe [1/26/2008 7:35 PM 1314816]

R2 WDBtnMgrSvc.exe;WD Drive Manager Service;c:\program files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe [1/30/2008 4:52 AM 106496]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [5/24/2011 8:25 PM 105592]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSXpx86.sys [7/1/2011 5:41 PM 355256]

S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:17 PM 136176]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [5/18/2010 8:17 PM 136176]

S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [1/15/2010 8:49 AM 227232]

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{9191979D-821C-4EA8-B021-2DA1D859A7C5}-3Reg]

2011-03-03 23:04 433416 ----a-w- c:\program files\SFT\GuardedID\GIDI.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]

2008-04-14 00:11 99840 ----a-w- c:\windows\system32\advpack.dll

.

Contents of the 'Scheduled Tasks' folder

.

2011-06-24 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 16:34]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 00:16]

.

2011-07-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-19 00:16]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.yahoo.com/?fr=fp-yie8

uSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uDefault_Search_URL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mStart Page = hxxp://www.dell4me.com/myway

mSearch Bar = 687474703a2f2f7777772e676f6f676c652e636f6d2f

mSearchMigratedDefaultURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

uInternet Settings,ProxyServer = http=127.0.0.1:5555

uInternet Settings,ProxyOverride = <local>;*.local

uSearchAssistant =

mSearchURL = 687474703a2f2f7777772e676f6f676c652e636f6d2f

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\

.

- - - - ORPHANS REMOVED - - - -

.

HKU-Default-Run-DriverLoad - (no file)

HKU-Default-Run-DriverCheck - (no file)

HKU-Default-Run-SystemDriverLoad - (no file)

HKU-Default-Run-SystemDriver - (no file)

HKU-Default-Run-FDriver - (no file)

HKU-Default-Run-ADriver - (no file)

HKU-Default-Run-CDriver - c:\z_drivers\svchost.exe

HKU-Default-Run-DDriver - c:\z_drivers\svchost.exe

HKU-Default-Run-alpha - c:\z_drivers\svchost.exe

HKU-Default-Run-beta - c:\z_drivers\svchost.exe

HKU-Default-Run-gamma - c:\z_drivers\svchost.exe

Notify-ddcyx - ddcyx.dll

Notify-sstqq - c:\windows\system32\sstqq.dll

SafeBoot-mcmscsvc

SafeBoot-MCODS

AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2011-07-04 12:01

Windows 5.1.2600 Service Pack 3 NTFS

.

scanning hidden processes ...

.

scanning hidden autostart entries ...

.

scanning hidden files ...

.

scan completed successfully

hidden files: 0

.

**************************************************************************

.

Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net

Windows 5.1.2600

.

CreateFile("\\.\PHYSICALDRIVE0"): The process cannot access the file because it is being used by another process.

device: opened successfully

user: error reading MBR

kernel: MBR read successfully

user != kernel MBR !!!

.

**************************************************************************

.

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\N360]

"ImagePath"="\"c:\program files\Norton Security Suite\Engine\4.3.0.5\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton Security Suite\Engine\4.3.0.5\diMaster.dll\" /prefetch:1"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

.

- - - - - - - > 'winlogon.exe'(668)

c:\windows\system32\GIDLogonXP.dll

c:\windows\system32\GIDHookLogon.dll

c:\windows\system32\GIDBIN1.dll

.

- - - - - - - > 'explorer.exe'(296)

c:\windows\system32\GIDHook.dll

c:\windows\system32\GIDBIN1.dll

c:\windows\system32\EasyHook32.dll

c:\progra~1\WINDOW~3\wmpband.dll

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\nvsvc32.exe

c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files\Bonjour\mDNSResponder.exe

c:\windows\eHome\ehRecvr.exe

c:\windows\eHome\ehSched.exe

c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

c:\program files\Java\jre6\bin\jqs.exe

c:\windows\ehome\mcrdsvc.exe

c:\program files\Canon\CAL\CALMAIN.exe

c:\windows\system32\dllhost.exe

c:\program files\Hewlett-Packard\HP OfficeJet Series 600\bin\ktchnsnk.exe

c:\windows\stsystra.exe

c:\windows\eHome\ehmsas.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\iPod\bin\iPodService.exe

.

**************************************************************************

.

Completion time: 2011-07-04 12:08:52 - machine was rebooted

ComboFix-quarantined-files.txt 2011-07-04 16:08

.

Pre-Run: 23,617,400,832 bytes free

Post-Run: 24,432,975,872 bytes free

.

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

.

- - End Of File - - 0EF1F7FC907EAA8C72661F0A8E1E45A8

Link to post
Share on other sites

Let's run some more scans ;):

Please print out these instructions or copy them to a Notepad file for an easier reading and download MBRCheck by a_d_13 to your Desktop from one of these locations:

http://ad13.geekstogo.com/MBRCheck.exe

http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe

http://www.kernelmode.info/MBRCheck.exe

Close all opened programs/ windows and double-click on MBRCheck.exe.

It will produce a log file saved automatically on your Desktop as "MBRCheck_[Date]_[Time].txt".

Press the "Enter" key to close the MBRCheck window and post the contents of the log file.

--------

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

Link to post
Share on other sites

Results of MBRcheck

MBRCheck, version 1.2.3

© 2010, AD

Command-line:

Windows Version: Windows XP Professional

Windows Information: Service Pack 3 (build 2600)

Logical Drives Mask: 0x0000000c

Kernel Drivers (total 146):

0x804D7000 \WINDOWS\system32\ntkrnlpa.exe

0x806E5000 \WINDOWS\system32\hal.dll

0xB85A8000 \WINDOWS\system32\KDCOM.DLL

0xB84B8000 \WINDOWS\system32\BOOTVID.dll

0xB7F79000 ACPI.sys

0xB85AA000 \WINDOWS\system32\DRIVERS\WMILIB.SYS

0xB7F68000 pci.sys

0xB80A8000 isapnp.sys

0xB8670000 pciide.sys

0xB8328000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS

0xB80B8000 MountMgr.sys

0xB7F49000 ftdisk.sys

0xB85AC000 dmload.sys

0xB7F23000 dmio.sys

0xB8330000 PartMgr.sys

0xB80C8000 VolSnap.sys

0xB7F0B000 atapi.sys

0xB80D8000 disk.sys

0xB80E8000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS

0xB7EEB000 fltmgr.sys

0xB7E95000 SYMDS.SYS

0xB7E83000 sr.sys

0xB7E56000 SYMEFA.SYS

0xB7E41000 drvmcdb.sys

0xB8338000 PxHelp20.sys

0xB7E2A000 KSecDD.sys

0xB7D9D000 Ntfs.sys

0xB7D70000 NDIS.sys

0xB80F8000 Combo-Fix.sys

0xB7D56000 Mup.sys

0xB81C8000 \SystemRoot\system32\DRIVERS\intelppm.sys

0xB6A78000 \SystemRoot\system32\DRIVERS\nv4_mini.sys

0xB6A64000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS

0xB6A3C000 \SystemRoot\system32\DRIVERS\HDAudBus.sys

0xB8450000 \SystemRoot\system32\DRIVERS\usbuhci.sys

0xB6A18000 \SystemRoot\system32\DRIVERS\USBPORT.SYS

0xB8458000 \SystemRoot\system32\DRIVERS\usbehci.sys

0xB69E4000 \SystemRoot\system32\DRIVERS\HSFHWBS2.sys

0xB69C1000 \SystemRoot\system32\DRIVERS\ks.sys

0xB68C2000 \SystemRoot\system32\DRIVERS\HSF_DP.sys

0xB681B000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys

0xB8460000 \SystemRoot\System32\Drivers\Modem.SYS

0xB67F5000 \SystemRoot\system32\DRIVERS\e100b325.sys

0xB81D8000 \SystemRoot\system32\DRIVERS\imapi.sys

0xB85E2000 \SystemRoot\system32\drivers\sscdbhk5.sys

0xB81E8000 \SystemRoot\system32\DRIVERS\cdrom.sys

0xB81F8000 \SystemRoot\system32\DRIVERS\redbook.sys

0xB8468000 \SystemRoot\System32\Drivers\GEARAspiWDM.sys

0xB8716000 \SystemRoot\system32\DRIVERS\audstub.sys

0xB8208000 \SystemRoot\system32\DRIVERS\rasl2tp.sys

0xB8544000 \SystemRoot\system32\DRIVERS\ndistapi.sys

0xB67DE000 \SystemRoot\system32\DRIVERS\ndiswan.sys

0xB8218000 \SystemRoot\system32\DRIVERS\raspppoe.sys

0xB8228000 \SystemRoot\system32\DRIVERS\raspptp.sys

0xB8470000 \SystemRoot\system32\DRIVERS\TDI.SYS

0xB67CD000 \SystemRoot\system32\DRIVERS\psched.sys

0xB8238000 \SystemRoot\system32\DRIVERS\msgpc.sys

0xB8478000 \SystemRoot\system32\DRIVERS\ptilink.sys

0xB8480000 \SystemRoot\system32\DRIVERS\raspti.sys

0xB679D000 \SystemRoot\system32\DRIVERS\rdpdr.sys

0xB8248000 \SystemRoot\system32\DRIVERS\termdd.sys

0xB8488000 \SystemRoot\system32\DRIVERS\kbdclass.sys

0xB8490000 \SystemRoot\system32\DRIVERS\mouclass.sys

0xB85E4000 \SystemRoot\system32\DRIVERS\swenum.sys

0xB673F000 \SystemRoot\system32\DRIVERS\update.sys

0xB75D6000 \SystemRoot\system32\DRIVERS\mssmbios.sys

0xB8258000 \SystemRoot\System32\Drivers\NDProxy.SYS

0xB45AC000 \SystemRoot\system32\drivers\sthda.sys

0xB4588000 \SystemRoot\system32\drivers\portcls.sys

0xB8268000 \SystemRoot\system32\drivers\drmk.sys

0xB8564000 \SystemRoot\system32\drivers\MODEMCSA.sys

0xB8288000 \SystemRoot\system32\DRIVERS\usbhub.sys

0xB85EA000 \SystemRoot\system32\DRIVERS\USBD.SYS

0xB8578000 \SystemRoot\System32\Drivers\i2omgmt.SYS

0xB85EE000 \SystemRoot\System32\Drivers\Fs_Rec.SYS

0xB86A2000 \SystemRoot\System32\Drivers\Null.SYS

0xB85F0000 \SystemRoot\System32\Drivers\Beep.SYS

0xB84A0000 \SystemRoot\system32\drivers\ssrtln.sys

0xB84A8000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS

0xB84B0000 \SystemRoot\System32\drivers\vga.sys

0xB85F4000 \SystemRoot\System32\Drivers\mnmdd.SYS

0xB85F6000 \SystemRoot\System32\DRIVERS\RDPCDD.sys

0xB8348000 \SystemRoot\System32\Drivers\Msfs.SYS

0xB8368000 \SystemRoot\System32\Drivers\Npfs.SYS

0xB8588000 \SystemRoot\system32\DRIVERS\rasacd.sys

0xB4555000 \SystemRoot\system32\DRIVERS\ipsec.sys

0xB44FC000 \SystemRoot\system32\DRIVERS\tcpip.sys

0xB44A5000 \SystemRoot\System32\Drivers\N360\0403000.005\SYMTDI.SYS

0xB4480000 \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS

0xB43FE000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys

0xB43D8000 \SystemRoot\system32\DRIVERS\ipnat.sys

0xB82C8000 \SystemRoot\system32\DRIVERS\wanarp.sys

0xB8598000 \SystemRoot\system32\DRIVERS\hidusb.sys

0xB82D8000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS

0xB43B0000 \SystemRoot\system32\DRIVERS\netbt.sys

0xB85A4000 \SystemRoot\System32\drivers\ws2ifsl.sys

0xB438E000 \SystemRoot\System32\drivers\afd.sys

0xB82E8000 \SystemRoot\system32\DRIVERS\netbios.sys

0xB436F000 \SystemRoot\system32\drivers\N360\0403000.005\Ironx86.SYS

0xB7D21000 \SystemRoot\system32\DRIVERS\mouhid.sys

0xB7D19000 \SystemRoot\system32\DRIVERS\kbdhid.sys

0xB8380000 \SystemRoot\System32\Drivers\GIDv2.SYS

0xB8308000 \SystemRoot\system32\drivers\N360\0403000.005\SRTSPX.SYS

0xB4344000 \SystemRoot\system32\DRIVERS\rdbss.sys

0xB42D4000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

0xB8318000 \SystemRoot\System32\Drivers\Fips.SYS

0xB4276000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

0xB4258000 \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

0xB41D9000 \SystemRoot\system32\drivers\N360\0403000.005\ccHPx86.sys

0xB410F000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110616.003\BHDrvx86.sys

0xB7477000 \SystemRoot\System32\Drivers\Cdfs.SYS

0xB40CF000 \SystemRoot\System32\Drivers\dump_atapi.sys

0xB8620000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS

0xBF800000 \SystemRoot\System32\win32k.sys

0xB4470000 \SystemRoot\System32\drivers\Dxapi.sys

0xB83A8000 \SystemRoot\System32\watchdog.sys

0xBD000000 \SystemRoot\System32\drivers\dxg.sys

0xB86C7000 \SystemRoot\System32\drivers\dxgthk.sys

0xBD012000 \SystemRoot\System32\nv4_disp.dll

0xBD62D000 \SystemRoot\System32\ATMFD.DLL

0xB81A8000 \SystemRoot\system32\drivers\drvnddm.sys

0xB86B0000 \SystemRoot\system32\dla\tfsndres.sys

0xB34AE000 \SystemRoot\system32\dla\tfsnifs.sys

0xB40B3000 \SystemRoot\system32\dla\tfsnopio.sys

0xB85D2000 \SystemRoot\system32\dla\tfsnpool.sys

0xB83D8000 \SystemRoot\system32\dla\tfsnboio.sys

0xB35B4000 \SystemRoot\system32\dla\tfsncofs.sys

0xB870D000 \SystemRoot\system32\dla\tfsndrct.sys

0xB33F5000 \SystemRoot\system32\dla\tfsnudf.sys

0xB33DC000 \SystemRoot\system32\dla\tfsnudfa.sys

0xB34EC000 \SystemRoot\system32\DRIVERS\ndisuio.sys

0xB31A7000 \SystemRoot\system32\DRIVERS\mrxdav.sys

0xB866A000 \SystemRoot\System32\Drivers\ASCTRM.SYS

0xB2F0E000 \SystemRoot\System32\Drivers\HTTP.sys

0xB2FF7000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys

0xB2E3E000 \SystemRoot\system32\DRIVERS\srv.sys

0xB2F9F000 \SystemRoot\system32\DRIVERS\secdrv.sys

0xB27C1000 \SystemRoot\system32\drivers\wdmaud.sys

0xB285E000 \SystemRoot\system32\drivers\sysaudio.sys

0xB8498000 \??\C:\ComboFix\catchme.sys

0xB85C8000 \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS

0xB1D6F000 \SystemRoot\System32\Drivers\N360\0403000.005\SRTSP.SYS

0xB1BF8000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110704.003\NAVEX15.SYS

0xB1BE4000 \??\C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\VirusDefs\20110704.003\NAVENG.SYS

0xB1AED000 \SystemRoot\System32\Drivers\Fastfat.SYS

0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 54):

0 System Idle Process

4 System

580 C:\WINDOWS\system32\smss.exe

644 csrss.exe

668 C:\WINDOWS\system32\winlogon.exe

712 C:\WINDOWS\system32\services.exe

724 C:\WINDOWS\system32\lsass.exe

924 C:\WINDOWS\system32\nvsvc32.exe

992 C:\WINDOWS\system32\svchost.exe

1076 svchost.exe

1172 C:\WINDOWS\system32\svchost.exe

1232 svchost.exe

1408 svchost.exe

1540 C:\WINDOWS\system32\spoolsv.exe

1656 svchost.exe

1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1712 C:\Program Files\Bonjour\mDNSResponder.exe

1760 C:\WINDOWS\ehome\ehrecvr.exe

1792 C:\WINDOWS\ehome\ehSched.exe

1944 PresentationFontCache.exe

288 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

492 C:\Program Files\Java\jre6\bin\jqs.exe

516 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

1148 svchost.exe

1160 C:\WINDOWS\system32\svchost.exe

1236 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

964 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

328 mcrdsvc.exe

2508 C:\Program Files\Canon\CAL\CALMAIN.exe

2652 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

3300 C:\WINDOWS\system32\dllhost.exe

3488 alg.exe

4004 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

2532 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe

2368 C:\WINDOWS\stsystra.exe

2796 C:\Program Files\Real\RealPlayer\realplay.exe

3168 C:\WINDOWS\ehome\ehtray.exe

3212 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

3284 C:\WINDOWS\system32\dla\tfswctrl.exe

3348 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

3352 C:\WINDOWS\ehome\ehmsas.exe

2612 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

3404 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

3556 C:\Program Files\Common Files\Java\Java Update\jusched.exe

308 C:\Program Files\iTunes\iTunesHelper.exe

3776 C:\WINDOWS\system32\rundll32.exe

3848 C:\Program Files\SFT\GuardedID\GIDD.exe

3804 C:\Program Files\Constant Guard Protection Suite\IDVault.exe

4056 C:\Program Files\Digital Line Detect\DLG.exe

984 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

2668 C:\Program Files\Nikon\NkView6\NkvMon.exe

3972 C:\Program Files\iPod\bin\iPodService.exe

296 C:\WINDOWS\explorer.exe

2216 C:\Documents and Settings\Family\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`02738a00 (NTFS)

PhysicalDrive0 Model Number: ST380819AS, Rev: 8.03

Size Device Name MBR Status

--------------------------------------------

74 GB \\.\PhysicalDrive0 Dell MBR code detected

SHA1: 57BDF501CE769EF2720C705B6C71C893DA31574E

Done!

Link to post
Share on other sites

ESET scan

:\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.bak2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.ini2.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\gjkkj.tmp.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\qqtss.bak1.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\Qoobox\Quarantine\C\WINDOWS\system32\qqtss.ini.vir Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP1856\A0145666.ini Win32/Adware.Virtumonde.NEO application cleaned by deleting - quarantined

Link to post
Share on other sites

What is maxhandle?

My apologies, I got mixed up with something :blush:

Before we move on, lets run another online scan to make sure you're clean ;):

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

Link to post
Share on other sites

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Tue Jul 05 20:40:54 2011

Machine ID: 40B3C551

No infection found.

-------------------

Processes

---------

Bonjour 1712 C:\Program Files\Bonjour\mDNSResponder.exe

BVRP Software TestLine 4056 C:\Program Files\Digital Line Detect\DLG.exe

C-Major Audio 2368 C:\WINDOWS\stsystra.exe

Canon Camera Access Library 8 2508 C:\Program Files\Canon\CAL\CALMAIN.exe

Constant Guard™ Protection Suite 3804 C:\Program Files\Constant Guard Protection Suite\IDVault.exe

Constant Guard™ Protection Suite 2652 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

Corel Photo Album 6 3348 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

Cyberlink PowerCinema 3.0 3212 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

Drive Letter Access Component 3284 C:\WINDOWS\system32\dla\tfswctrl.exe

Firefox 3600 C:\Program Files\Mozilla Firefox\firefox.exe

GID Desktop Application 3848 C:\Program Files\SFT\GuardedID\GIDD.exe

Intuit Update Service 288 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

iTunes 3972 C:\Program Files\iPod\bin\iPodService.exe

iTunes 308 C:\Program Files\iTunes\iTunesHelper.exe

ktchnsnk.exe 2532 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe

McAfee Security Scanner 984 C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe

Microsoft® Windows® Operating System 836 C:\Program Files\Internet Explorer\iexplore.exe

Microsoft® Windows® Operating System 3352 C:\WINDOWS\ehome\ehmsas.exe

Microsoft® Windows® Operating System 1760 C:\WINDOWS\ehome\ehrecvr.exe

Microsoft® Windows® Operating System 1792 C:\WINDOWS\ehome\ehSched.exe

Microsoft® Windows® Operating System 3168 C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System 328 C:\WINDOWS\ehome\mcrdsvc.exe

Microsoft® Windows® Operating System 1540 C:\WINDOWS\system32\spoolsv.exe

MobileDeviceService 1692 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

Nikon Monitor 2668 C:\Program Files\Nikon\NkView6\NkvMon.exe

Norton Update Agent 2288 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

NVIDIA Driver Helper Service, Version 2 924 C:\WINDOWS\system32\nvsvc32.exe

RealPlayer (32-bit) 2796 C:\Program Files\Real\RealPlayer\realplay.exe

SSMMgr.exe 2612 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

SWAS.exe 1236 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

Symantec Security Technologies 516 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

Symantec Security Technologies 4004 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccsvchst.exe

WD Drive Manager 964 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

WD Drive Manager 3404 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

(verified) Java Platform SE 6 U20 492 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Java Platform SE Auto Updater 2 0 3556 C:\Program Files\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft® .NET Framework 1944 C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

(verified) Microsoft® Windows® Operating System 296 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3488 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 644 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3300 C:\WINDOWS\system32\dllhost.exe

(verified) Microsoft® Windows® Operating System 724 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 3776 C:\WINDOWS\system32\rundll32.exe

(verified) Microsoft® Windows® Operating System 712 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 580 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1408 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1232 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1172 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1160 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1148 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1076 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 992 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1656 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 668 C:\WINDOWS\system32\winlogon.exe

Network activity

----------------

Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.149.33

Process iexplore.exe (836) connected on port 80 (HTTP) --> 69.171.228.13

Process iexplore.exe (836) connected on port 80 (HTTP) --> 74.125.226.160

Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.168.136

Process iexplore.exe (836) connected on port 80 (HTTP) --> 96.17.149.33

Process firefox.exe (3600) connected on port 80 (HTTP) --> 74.125.226.137

Process firefox.exe (3600) connected on port 80 (HTTP) --> 72.14.204.100

Process firefox.exe (3600) connected on port 443 (HTTP over SSL) --> 74.125.226.108

Process IDVault.exe (3804) connected on port 80 (HTTP) --> 72.21.194.16

Process svchost.exe (1076) listens on ports: 135 (RPC)

Process SWAS.exe (1236) listens on ports: 80 (HTTP), 7450

Autoruns and critical files

---------------------------

Apple Software Update C:\Program Files\Apple Software Update\SoftwareUpdate.exe

C-Major Audio C:\WINDOWS\stsystra.exe

Constant Guard™ Protection Suite C:\Program Files\Constant Guard Protection Suite\IDVault.exe

Corel Photo Album 6 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

Cyberlink PowerCinema 3.0 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

Drive Letter Access Component C:\WINDOWS\system32\dla\tfswctrl.exe

GID Desktop Application C:\Program Files\SFT\GuardedID\GIDD.exe

GuardedID C:\WINDOWS\system32\GIDLogonXP.dll

InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

InstallShield Update Service C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

Intel® Common User Interface C:\WINDOWS\system32\hkcmd.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxdev.dll

Intel® Common User Interface C:\WINDOWS\system32\igfxpers.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxtray.exe

iTunes C:\Program Files\iTunes\iTunesHelper.exe

ktchnsnk.exe C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe

McAfee SpamKiller C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

Microsoft® Windows® Operating System C:\WINDOWS\ehome\ehtray.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\CSCDLL.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\webcheck.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Nikon Monitor C:\Program Files\Nikon\NkView6\NkvMon.exe

Norton Update Agent C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

NVIDIA Compatible Windows 2000 Display C:\WINDOWS\system32\NvCpl.dll

NVIDIA Media Center Library C:\WINDOWS\system32\NvMcTray.dll

nwiz.exe C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

QuickBooks C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

RealPlayer (32-bit) C:\Program Files\Real\RealPlayer\realplay.exe

SSMMgr.exe C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

WD Drive Manager C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll

Browser plugins

---------------

Abacast v1.62 C:\Program Files\Mozilla Firefox\plugins\NPAbacheck.dll

AcroIEHelper Library C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

ActiveTouch General Plugin Container C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

AOL Media Playback Plugin C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

atcliun C:\Program Files\Mozilla Firefox\plugins\atcliun.exe

AtMgr Module C:\Program Files\Mozilla Firefox\plugins\atmgr.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

Bonjour C:\Program Files\Bonjour\mdnsNSP.dll

CGPS C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll

frozen.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

Google Earth Plugin C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

googletoolbar-ff3.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

googletoolbar-ff4.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll

InstallShield Update Service C:\WINDOWS\Downloaded Program Files\isusweb.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

Microsoft® Windows Live OneCare C:\WINDOWS\Downloaded Program Files\wlscBase.dll

Microsoft® Windows Media Player Firefox C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHDOCVW.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

Norton Confidential C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

QuickTime Plug-in 7.6.9 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

Silverlight Plug-In c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

Snapfish Plugin for Firefox C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

Symantec Intrusion Detection C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IPSBHO.DLL

unagiuninst.exe C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

WebEx Download Module C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll

WebEx Download Module C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll

WinampPlayer.dll C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll

Windows Genuine Advantage C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.dll

(verified) InstallShield Update Service C:\WINDOWS\Downloaded Program Files\dwusplay.exe

(verified) Java Deployment Toolkit 6.0.200.2 C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

(verified) Java Platform SE 6 U20 c:\program files\java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U20 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft Office 2003 C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: 6092c64d4c2d4e24445365a17a855aa9 C:\Documents and Settings\All Users\Application Data\Norton\NUA.exe

MD5: 890ee58468e0b6426fed724f71343941 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\CLT\cltLMSx.dll

MD5: 68c53529158ca19a8d9b727df9224ab1 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\BASHDefs\20110701.001\BHEngine.dll

MD5: b9ba869eb7b66c5740e904a79f9245b4 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110701.031\IDSxpx86.sys

MD5: 61518e77e90d33abba26ff26b6f5cd94 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110704.032\IDSxpx86.dll

MD5: e170dbbe40f08b084fe5bb308e4f1745 C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_4.0.0.127\Definitions\IPSDefs\20110704.032\Scxpx86.dll

MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll

MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll

MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll

MD5: de3b8e41165d9c61fb7c77fc0765e6e3 C:\Documents and Settings\Family\Application Data\Mozilla\Firefox\Profiles\e56pkf15.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}\components\WinampPlayer.dll

MD5: 20b2c339361e82a6707533bac481fce4 C:\Program Files\7-Zip\7-zip.dll

MD5: fc7850324464e4d19a24a03d882b5cc4 C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

MD5: 7b43567b4c32ad7aded537cd3b1342b9 C:\Program Files\Apple Software Update\SoftwareUpdate.exe

MD5: c69dbfa61fe3dea653a9b83c3a2b052b C:\Program Files\Bonjour\mdnsNSP.dll

MD5: f832f1505ad8b83474bd9a5b1b985e01 C:\Program Files\Bonjour\mDNSResponder.exe

MD5: 8ef654045e518ac00e52e7a1e2d3ad70 C:\Program Files\Canon\CAL\CALMAIN.exe

MD5: dddd1d04d5f4360371bc99c7c476f70d C:\Program Files\Common Files\Apple\Apple Application Support\ASL.dll

MD5: d855b0e63ecafe9ebd086af6691e0016 C:\Program Files\Common Files\Apple\Apple Application Support\CFNetwork.DLL

MD5: 749cf03badc40453f61fd7025e2ba2f5 C:\Program Files\Common Files\Apple\Apple Application Support\CoreFoundation.dll

MD5: 90e11d62f692f5a0b7dfc548f776baaf C:\Program Files\Common Files\Apple\Apple Application Support\icudt40.dll

MD5: c7b2c357f485a3046da50da779068648 C:\Program Files\Common Files\Apple\Apple Application Support\icuin40.dll

MD5: 0ef9d6c6c04cab0b87c57330910d20a6 C:\Program Files\Common Files\Apple\Apple Application Support\icuuc40.dll

MD5: 7ef0c8a9a1a57756f4868e3693173c08 C:\Program Files\Common Files\Apple\Apple Application Support\libdispatch.dll

MD5: 258d35f5f5f5f3f6045488ecdc14faab C:\Program Files\Common Files\Apple\Apple Application Support\objc.dll

MD5: 20f6f19fe9e753f2780dc2fa083ad597 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

MD5: dc70310b3d079d667b67f0c7067209f3 C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService_main.dll

MD5: e6748a0adc22f0595e31448cac746d3f C:\Program Files\Common Files\Apple\Mobile Device Support\iTunesMobileDevice.dll

MD5: 583b7d111304be63d7d9cb65482d2187 C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe

MD5: 9e109b03018763fdcb075ce74547be22 C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe

MD5: f88f642f9bede17255d1a447f2579fc1 C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

MD5: 3dc635b66dd7412e1c9c3a77b8d78f25 C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

MD5: fc035d73e2d57e09fb09dc6c917a6f2f C:\Program Files\Common Files\Real\Common\pnen3260.dll

MD5: c569002a381628a7d563053b9c4a81bc C:\Program Files\Common Files\Real\Common\pngu3266.dll

MD5: 6978e778055563a9505890a9df8f59de C:\Program Files\Common Files\Real\Common\pnrs3260.dll

MD5: 2c76f63b90ce49a293625ef212dac996 C:\Program Files\Common Files\Real\Common\rpcl3260.dll

MD5: 1a0e05df11304f80acffb4beb1e8aa58 C:\Program Files\Common Files\Real\Plugins\audp3260.dll

MD5: be4120dfe0a2d77e68405d09599ff355 C:\Program Files\Common Files\Real\Plugins\auth3260.dll

MD5: 9c32643c6daaef689ac1a631ac65f789 C:\Program Files\Common Files\Real\Plugins\basc3260.dll

MD5: daeb76aa826d6a2811a377f41450599a C:\Program Files\Common Files\Real\Plugins\Dbc_hbrf.dll

MD5: b3d4513c24f4629187091b13c8b7a276 C:\Program Files\Common Files\Real\Plugins\Dbc_hbrr.dll

MD5: 9232889003ad81635b0c2ef15cb45c44 C:\Program Files\Common Files\Real\Plugins\http3260.dll

MD5: 39ce32f384c2a719801e0f0df56e5406 C:\Program Files\Common Files\Real\Plugins\memf3260.dll

MD5: b76e62f74713bcb3a5577b375df92fde C:\Program Files\Common Files\Real\Plugins\meta3260.dll

MD5: 06f1fe774c71b228e2ec952ce0b9cc5b C:\Program Files\Common Files\Real\Plugins\mp3f3260.dll

MD5: dd383002c5558c6c55b7547cf84832e7 C:\Program Files\Common Files\Real\Plugins\mp3m3260.dll

MD5: 2e8e733736b722290505d40a63621682 C:\Program Files\Common Files\Real\Plugins\mp3r3260.dll

MD5: 1c7e46ca0ea5a8094b11a1e838cc499c C:\Program Files\Common Files\Real\Plugins\ntau3260.dll

MD5: 6820f36dd611081d9a4c2c6e625cafad C:\Program Files\Common Files\Real\Plugins\plus3260.dll

MD5: a794a935c65ebf3ddcd4592088d9369e C:\Program Files\Common Files\Real\Plugins\pnxr3260.dll

MD5: d670cf2cc42b1156be70539c0bbf121a C:\Program Files\Common Files\Real\Plugins\ppff3260.dll

MD5: 85a0025d45a5d812b7a33dce8d541237 C:\Program Files\Common Files\Real\Plugins\pxcg3260.dll

MD5: 66f7d4be5cfa423705e459219f943f91 C:\Program Files\Common Files\Real\Plugins\pxcj3260.dll

MD5: 5f0bc94cf469bfd00223be4f9e3f8b11 C:\Program Files\Common Files\Real\Plugins\pxcp3260.dll

MD5: 55dfa0e7f934d02993cd991af2d877ef C:\Program Files\Common Files\Real\Plugins\pxff3260.dll

MD5: 5c5090a4c46bc3a6c8ad5e5d6e891976 C:\Program Files\Common Files\Real\Plugins\pxgf3260.dll

MD5: b91fc43ef8a98af10bd29afa0382abfd C:\Program Files\Common Files\Real\Plugins\pxgr3260.dll

MD5: c7bf37634173f7a6548a50db88859a83 C:\Program Files\Common Files\Real\Plugins\pxjf3260.dll

MD5: 5f8aa37ac207d5b986d2769b4a38d9fa C:\Program Files\Common Files\Real\Plugins\pxjr3260.dll

MD5: e7702a44c69fc3d9771332c940d656a5 C:\Program Files\Common Files\Real\Plugins\pxpf3260.dll

MD5: 109519e73ddec05a5726189ab33adc05 C:\Program Files\Common Files\Real\Plugins\pxpr3260.dll

MD5: 9fe1bfc1b173e90439df6d2c1c72f507 C:\Program Files\Common Files\Real\Plugins\pxre3260.dll

MD5: 65598e58f90f280d129aa2efb19017f2 C:\Program Files\Common Files\Real\Plugins\rare3260.dll

MD5: 8c63bd33a1a31b800aff636aa8c04f97 C:\Program Files\Common Files\Real\Plugins\rmff3260.dll

MD5: 4030384ec43052e3db496c507f7ad8f8 C:\Program Files\Common Files\Real\Plugins\rn5a3260.dll

MD5: 04dc75108d0b521e912c2a27b8937420 C:\Program Files\Common Files\Real\Plugins\rtff3260.dll

MD5: 9ef9275939a09c6eff44447420dc9fd5 C:\Program Files\Common Files\Real\Plugins\rtre3260.dll

MD5: 7c368cb8afe5595eebe12a6d6a44ad66 C:\Program Files\Common Files\Real\Plugins\rupf3260.dll

MD5: da7b70b6fb1b660a721a55de0e550ee2 C:\Program Files\Common Files\Real\Plugins\rupr3260.dll

MD5: 5026f1e6c736b0b2b2e4e951b376f129 C:\Program Files\Common Files\Real\Plugins\rvre3260.dll

MD5: 2a7ab5143aed13e5ecb3a19f9412215d C:\Program Files\Common Files\Real\Plugins\sdpp3260.dll

MD5: 158af568ad04bbf5b2409dfc337c2b70 C:\Program Files\Common Files\Real\Plugins\smlf3260.dll

MD5: b9282ef358b0410a418524424ac06ad4 C:\Program Files\Common Files\Real\Plugins\smlr3260.dll

MD5: 1236d8a30f46102f684c9350a76ae451 C:\Program Files\Common Files\Real\Plugins\smmr3260.dll

MD5: 25fe72bacddf256caa21d9731239e43c C:\Program Files\Common Files\Real\Plugins\smpl3260.dll

MD5: f4d6668304062003c2c926bd9613089e C:\Program Files\Common Files\Real\Plugins\stub3260.dll

MD5: c8e241fb54432e49adfdee4c1ecce999 C:\Program Files\Common Files\Real\Update\rnqu3260.dll

MD5: 4db36d0e0732c857fd66a07069a8396a C:\Program Files\Common Files\Real\Update\rpup3260.dll

MD5: 4d9d7d974cc094069fe984e475612489 C:\Program Files\Common Files\Real\Update\setu3260.dll

MD5: 7e99a54db6c29a3921efff5d603cf9a5 C:\Program Files\Common Files\Real\Update\upgr3260.dll

MD5: 5461f01b7def17dc90d90b029f874c3b C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys

MD5: 17fcc372d03ba39f3aee85198c0ec594 C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys

MD5: 9c1ac7cc0393b0eeb32d74e574969972 C:\Program Files\Constant Guard Protection Suite\CommonDotNET.dll

MD5: e6679fc10fd2150f2e98e306d02ef198 C:\Program Files\Constant Guard Protection Suite\IdVault.BHO.dll

MD5: 5fa1e460a53a9ddc55949040de95dc76 C:\Program Files\Constant Guard Protection Suite\IDVault.exe

MD5: 03e4a9188178551fee77d6f1e4ee8734 C:\Program Files\Constant Guard Protection Suite\IdVaultCore.dll

MD5: 1445337b8ad48c92ba9e761453859685 C:\Program Files\Constant Guard Protection Suite\IdVaultCore.XmlSerializers.dll

MD5: 8a2cc15f5d0b907d65c90f88332195e3 C:\Program Files\Constant Guard Protection Suite\IDVaultSvc.exe

MD5: 6c75dd388c2005545a80c111365191a7 C:\Program Files\Constant Guard Protection Suite\IDVaultSvcLib.dll

MD5: 4b8862af70dc4832a60c888b95a98d8a C:\Program Files\Constant Guard Protection Suite\Interop.SHDocVw.dll

MD5: af4516aef26c929af857d966d9cc3d53 C:\Program Files\Constant Guard Protection Suite\Interop.Shell32.dll

MD5: 3bf7213044dd0701e9e03cfed78bb088 C:\Program Files\Constant Guard Protection Suite\Microsoft.mshtml.dll

MD5: 3447fdd7288dd91e3ce214c1963062ce C:\Program Files\Constant Guard Protection Suite\NativeBHO.dll

MD5: 02458afcaabc0e6f5a836dd1062f05cc C:\Program Files\Constant Guard Protection Suite\WebServiceProxies.dll

MD5: a40a9283a759742aa9813ba00bcbcd34 C:\Program Files\Corel\Corel Photo Album 6\LangDLLs\MediaDetectRC.dll

MD5: a14db520786fad113401495d93debbf3 C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe

MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\Program Files\Corel\Corel Photo Album 6\MFC71.DLL

MD5: b3e3c57fd22e71ce20389372d972c6dc C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

MD5: a476968c08667b1e09f2a95234e8ceef C:\Program Files\Digital Line Detect\BVRPDIAG.dll

MD5: b66e56733e2cd6a10fda5919625fbf46 C:\Program Files\Digital Line Detect\DLG.exe

MD5: 0f445b821549f9ff471bba56c69953d4 C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: 924d260b79601ecf32ddf12306c9e2a5 C:\Program Files\Hewlett-Packard\HP OfficeJet Series 600\Bin\ktchnsnk.exe

MD5: 9da26b773bd04b867a8e9f427cd048fc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe

MD5: 55794b97a7faabd2910873c85274f409 C:\Program Files\Internet Explorer\iexplore.exe

MD5: a2ea5c73896ac06d2811a2ac157350bf C:\Program Files\Internet Explorer\plugins\nppdf32.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll

MD5: 9033d67b7112d23eded6789bacded128 C:\Program Files\iPod\bin\iPodService.exe

MD5: 8a902eae00a28c96c375dd4e7b38a6f5 C:\Program Files\iPod\bin\iPodService.Resources\en.lproj\iPodServiceLocalized.DLL

MD5: 3ccc253c106ca03eb9b1842c682a2a0d C:\Program Files\iPod\bin\iPodService.Resources\iPodService.DLL

MD5: 55520af0f65d5bd7a337dcedde886125 C:\Program Files\iTunes\iTunesHelper.dll

MD5: 0cfbe2d135a73ca98381fc8cc8bc5a03 C:\Program Files\iTunes\iTunesHelper.exe

MD5: 4f99047d255b77fda6e51ea97721e3d8 C:\Program Files\iTunes\iTunesHelper.Resources\en.lproj\iTunesHelperLocalized.DLL

MD5: 795aea2511a1c5082fa690d6bd8d202e C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.DLL

MD5: 15a40ada2cfcc400348e37a40237337e C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: c3e42cbf8215171a524d123a54ae3233 c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

MD5: b957b30090889aa4f887277916f76fe7 C:\Program Files\Mozilla Firefox\components\browsercomps.dll

MD5: 6c9cd3ecba6732661c8bbe37a877a2bd C:\Program Files\Mozilla Firefox\firefox.exe

MD5: cc5b1a70daa7a04fe15e6d7c54b55d02 C:\Program Files\Mozilla Firefox\freebl3.dll

MD5: ff4040da11ae0d13a0a7778e6022e728 C:\Program Files\Mozilla Firefox\mozalloc.dll

MD5: 96397535f6e4ca499dd659ce76c50746 C:\Program Files\Mozilla Firefox\MOZCPP19.dll

MD5: 411f23aaf331da8b9f0cfd1cada4b8b5 C:\Program Files\Mozilla Firefox\MOZCRT19.dll

MD5: 1919d815996470088d20a59e992a9695 C:\Program Files\Mozilla Firefox\mozjs.dll

MD5: fcd1d9ccc7096dc2210d3096fbdf92cc C:\Program Files\Mozilla Firefox\mozsqlite3.dll

MD5: c1bf9c9244996aa0607766199d226183 C:\Program Files\Mozilla Firefox\nspr4.dll

MD5: f030ff40b6afb777b9992525800de3ea C:\Program Files\Mozilla Firefox\nss3.dll

MD5: 6689b655ea803be040d95b8ea913249f C:\Program Files\Mozilla Firefox\nssckbi.dll

MD5: 079155b0a7579652dcc2ec7908d9502a C:\Program Files\Mozilla Firefox\nssdbm3.dll

MD5: fb4fc7ee2e516063e25887c2e170d893 C:\Program Files\Mozilla Firefox\nssutil3.dll

MD5: 4dfdfb82c4f60beaf88e3c13c01f124a C:\Program Files\Mozilla Firefox\plc4.dll

MD5: 5bff0a2260ab6bf8d9b829d947c5ef6c C:\Program Files\Mozilla Firefox\plds4.dll

MD5: ea135efdd053bda6b4fef71a07076ed3 C:\Program Files\Mozilla Firefox\plugins\atcliun.exe

MD5: 4503883f4367a7ab20256527709a7701 C:\Program Files\Mozilla Firefox\plugins\atgpcdec.dll

MD5: 9abca9a61e846121552c1bf346462305 C:\Program Files\Mozilla Firefox\plugins\atgpcext.dll

MD5: cdbff219aec2511c9ee0d72aa05a9003 C:\Program Files\Mozilla Firefox\plugins\atmgr.exe

MD5: 99f97c9fe748c37528c338a423577fcb C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll

MD5: 9e9fc4dd63c50da5ef66b2b82d7f7b49 C:\Program Files\Mozilla Firefox\plugins\NPAbacheck.dll

MD5: ff4847181881ab366b98253ddeae36f0 C:\Program Files\Mozilla Firefox\plugins\npatgpc.dll

MD5: d72763cc7bdfc4679a2a8bcd0b49244b C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

MD5: 840b4c97c7ef119834780fa09258dcd1 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

MD5: f25cee059b6b39368bfba0b176508eb9 C:\Program Files\Mozilla Firefox\plugins\npsnapfish.dll

MD5: c98ca7ddb7dacd34ae27da88b08f1ad0 C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll

MD5: cb2e646a69d347eb0437ab50785cf3bb C:\Program Files\Mozilla Firefox\smime3.dll

MD5: 363f20b791469048b0878dbdfd60e41b C:\Program Files\Mozilla Firefox\softokn3.dll

MD5: b6a4cb50c2c0d7821a604c64a5058ed1 C:\Program Files\Mozilla Firefox\ssl3.dll

MD5: cd05ba08fd35ec561b82f6d1c905a445 C:\Program Files\Mozilla Firefox\xpcom.dll

MD5: 840e1ad2fdeedf482927d4369fb03dac C:\Program Files\Mozilla Firefox\xul.dll

MD5: 29ab460bb765ee9289407b1b1532b4a6 C:\Program Files\Nikon\NkView6\NkvMon.exe

MD5: df9478973abc2799050a70c242ac2be2 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ACCTMGR.DLL

MD5: fc70af25788c4d5a344df954cd07ff08 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\APPMGR32.DLL

MD5: a986c53858ad3ed0982d1992cf63d0eb C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asEngine.dll

MD5: 1b97727a841b43c71c34aa6d840fa1c2 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\asHelper.dll

MD5: 333357a31e94100ed4dc44ad503ca9a9 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ASOEHOOK.DLL

MD5: e7dab27aad98abeeaf2bc6403c9722be C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVIfc.dll

MD5: f628e2b046d646e98e1101e94ac35d8d C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVMail.dll

MD5: 7cecb6bef1ba147fecd1aeecea4f14bb C:\Program Files\Norton Security Suite\Engine\4.3.0.5\avModule.dll

MD5: a691244a64cebe06b7451645f5f6d3d8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\AVPAPP32.dll

MD5: c40f97f7d659e9dd4fd5cb6b9764f36f C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\AVPSVC32.DLL

MD5: 58db550052a7d514e2c98bc5b6e68dcf C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buComm.dll

MD5: a342bb3c3181e19b34bdf42772ccb803 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buDataCl.dll

MD5: 9f7018bc3b89db280bc3034d5315c54d C:\Program Files\Norton Security Suite\Engine\4.3.0.5\BuEng.dll

MD5: aedc44d24b1f21a6bf432972da523718 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buProv.dll

MD5: 9328656cc6d1f35c5c05143a03611188 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\buShell.dll

MD5: d88bf477159d548043093be6f9387267 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\BUSVC.DLL

MD5: 6af907a5a669b14f9e291f616561baa7 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\BUUIPLG.DLL

MD5: 04a3cc2971562fd62dde645b49f23e14 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CCJOBMGR.DLL

MD5: b751fd7b9e2eb4ca4d0c6853f510bcd0 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\ccSvc.dll

MD5: d50efaaa861b2b229883b545ec0bb782 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CLTALDIS.DLL

MD5: 8996bd7e594da511b9a060ae59e346a3 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltElPrv.dll

MD5: 3a809d7048bf42edb971838b90f649b9 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltLMC.dll

MD5: 85160e8682fa5609dae3f40c5dc80633 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\CLTLMS.DLL

MD5: 4b07391d6c2bbd0ffab81d9028e86c91 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\cltWzHlp.dll

MD5: d9a7b8584df600c40cf0f7f22aa463c3 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coDataPr.dll

MD5: f36295d5519dba6d9ae59d845aa22364 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coIEPlg.dll

MD5: d7f6aa8bbdbed3ce02fd0338f9eae661 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\coParse.dll

MD5: 2b7a227d347c7af3b55ab7847ffef3ba C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\COSVCPLG.DLL

MD5: fb7f84aa2e9aa58c0f55c077940a7cb8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coUICtlr.dll

MD5: 3738ad1fbf624bf109ebb108349e9842 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\coWPPlg.dll

MD5: 807a33f4543f2e7bc35d42337d831b31 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FFPrefs.dll

MD5: 4152df019867365560a37c418020a032 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\FWCORE.DLL

MD5: a6450bb83fec7e38196edc479e706526 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWGenPlg.dll

MD5: c6df3a8d8fbaf32f90699caf3fea8da8 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWHelper.dll

MD5: 15621acdcc2a2d5a4cc0fb082c37bbd1 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\FWSESAL.DLL

MD5: e37c4f37fc033f1127efd29c9be629a4 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\FWSetup.dll

MD5: 4eebc33232a50fd9faa7568690493947 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\HNCORE.DLL

MD5: d440da817cde91c8c982137a48b25abd C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IMCfg.dll

MD5: 2fd127a996c5f6493b996bc003526408 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\IPSPLUG.DLL

MD5: 5b4d72599d87cb72095b3234b7f96bce C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISDATAPR.DLL

MD5: edda3605e3ff99c7e2a5d273923c90f5 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISDATASV.DLL

MD5: 2b31cd03b6a7d1f26a08f2b5ab9f4feb C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\ISERROR.DLL

MD5: 9e31cb5cc688515ad9d01f412f78c572 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\IVPlugin.dll

MD5: d79ca3928599bc70665c287208518786 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\LUE.DLL

MD5: f66db87fd56023316e3b69eea4ef234a C:\Program Files\Norton Security Suite\Engine\4.3.0.5\McStatus.dll

MD5: 9e4aa806debb531b8fb1349249d846a9 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NavShExt.dll

MD5: 6bf837c11c88c9c59130ca40eb2fab55 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\NCW.DLL

MD5: 2d721913e6ecc13111d468a56be07866 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NPC360ui.dll

MD5: f8ca81376e3a0b64ec639c12c68b6fde C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\NPCTRAY.DLL

MD5: c52051b96cdf533d7fceb8710ff7586e C:\Program Files\Norton Security Suite\Engine\4.3.0.5\NUMEng.dll

MD5: 2712ebfb422c1071c15675561ad0105b C:\Program Files\Norton Security Suite\Engine\4.3.0.5\QBackup.dll

MD5: db7b87eed46d2d91dd99c1a2825abd5c C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\QSPLUGIN.DLL

MD5: 580e1d1b492f80691c62512b87aee067 C:\Program Files\Norton Security Suite\Engine\4.3.0.5\rf.dll

MD5: 806548daea6422addab42ee2e9673543 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\TUDATAPR.DLL

MD5: 95a8bb80c4c0abbf322534d05ec92095 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\UIALERT.DLL

MD5: 0e116f4aaca32438457a9b523212c410 C:\PROGRAM FILES\NORTON SECURITY SUITE\ENGINE\4.3.0.5\UIHOST.DLL

MD5: 3a3f869c699417fdf272f5206f8244a9 C:\Program Files\NVIDIA Corporation\nView\nwiz.exe

MD5: afdae59fe562a7cdb44f9d4abedac316 C:\Program Files\QuickTime\QTSystem\QTCF.dll

MD5: 1d856e6e7490447fcfaa46e09a2bf9c9 C:\Program Files\QuickTime\QTSystem\QuickTime.qts

MD5: 0aee5668eb59912f32ff245bfa72465f C:\Program Files\QuickTime\qttask.exe

MD5: 849d97fe4cc09cfc2772d10f641e1baf C:\Program Files\Real\RealPlayer\realplay.exe

MD5: 9265248e670255b8c1a792af948099db C:\Program Files\Real\RealPlayer\rnms3260.dll

MD5: 1508c5c385c860c68e0978ec81ab9e0a C:\Program Files\Real\RealPlayer\rpap3260.dll

MD5: 3edcb8315ab51d5b4ac00820c2b958e8 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\boost_thread-vc71-mt-1_32.dll

MD5: d8b6c8e7614bd15108310176b8e355d5 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\LIBEAY32.dll

MD5: daebe2cf406984446f4610e99e2cc2e5 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\qt-mt333.dll

MD5: 84dc41c2e41b47cfc05f78373608febb C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\slp.dll

MD5: 7ed74fbb135560154e1eb737d25869be C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SSLEAY32.dll

MD5: 160afdf08789c02835a640005593a16c C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\SWAS.exe

MD5: 4f43d3c8326025f497c7f919b2a6322f C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\Xalan-C_1_9.dll

MD5: 20b4d24cdf96c3f36ad4015551863832 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\XalanMessages_1_9.dll

MD5: e21cb48a5d1523a8819a24ed72164551 C:\Program Files\Samsung Network Printer Utilities\SyncThru Web Admin Service\xerces-c_2_6.dll

MD5: 5d36f337b6839cfeb533a22ab9de6e96 C:\Program Files\SFT\GuardedID\GIDD.exe

MD5: 78fac39d52fd2fc169971986079270da C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrSvc.exe

MD5: e43c37d35e3a41c447d50b38466adea1 C:\Program Files\Western Digital\WD Drive Manager\WDBtnMgrUI.exe

MD5: 0e3d30f8cdd82e7e64938459ca90d9f0 C:\Program Files\Windows Media Player\wmpband.dll

MD5: a5f0ef1a69f6707f27e53ee54b8f8ac4 C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: dc426a365577f27187f99eb506ecd5d1 C:\WINDOWS\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll

MD5: bd1e2bb8c96105353078ad23ff5489d0 C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.56.0__28c9bcd4dddc48a1\System.Data.SQLite.dll

MD5: 937fbd23997a91af923d5e89286126bd C:\WINDOWS\assembly\GAC_32\System.Data.SQLite\1.0.61.0__db937bc2d44ff139\System.Data.SQLite.dll

MD5: 16f96c1496cbd0965285ab19a9271d02 C:\WINDOWS\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll

MD5: 9631b15db7c43c267636ff43c3075e07 C:\WINDOWS\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

MD5: f054572a92573ca32d5f3aa8c15d2bac C:\WINDOWS\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll

MD5: 090f0c209849df6bf42c4bc3a212ed24 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MD5: 0c06a80dffa51e0eb9c5ce3df703bc46 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MD5: 12500e86fafeb5cb22c0aba370cfffbd C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.BusinessLogic\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.BusinessLogic.dll

MD5: 375fd11c25f5e43e0d1620fd6114baba C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MD5: a71a91c57d2832c5d6d3f1917830bee8 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MD5: 26d2b399e87f2df5dbce2dac24d94cff C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.Common\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.Common.dll

MD5: d773437cf8acad89d87a830b663fd225 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MD5: ce652d887de875b24be66901c8c05f62 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MD5: c0770e006d0556d359f586ed86ead004 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Client.DataAccess\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.Client.DataAccess.dll

MD5: 7edf1a41e9c31dce28bd71d6142534cc C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.145.4__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MD5: 68a84e7d86995088127f30e5d118c4e2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\2.0.445.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MD5: fe88e72f1b01ef8334e47ec44117559f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.Core\3.1.26.0__540d4816ead86321\Intuit.Spc.Esd.Core.dll

MD5: 24291b61ab7a21cdeb3fac7a03995bbe C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MD5: e43c3d10e560dbeacfbc12bf888703a7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MD5: f71a731e236fb55e3585dc5391d286d3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Api.Net\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Api.Net.dll

MD5: 54b21273aaf8a0ba1c06494ffb21bb29 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.PluginContract.dll

MD5: 515d0e89532fa76488be97427de4207f C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateService\1.0.0.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateService.dll

MD5: 55c9b75102b54fa486a0bc5462e95fe4 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MD5: d6f5d2245d53b5f5d3939137a7ec97ec C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MD5: e5210eb71e2017951050550067c30093 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Application.UpdateServicePlugin.dll

MD5: e247301b09b5cffa332a00f1b7bb55f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\2.1.72.22__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MD5: 712fa98f6794152b349fd74a702f40f7 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.0.335.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MD5: b37a7c2b855fa1523a6840246c250fb2 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker\3.1.31.0__540d4816ead86321\Intuit.Spc.Esd.WinClient.Ipc.Remoting.UpdateServiceWorker.dll

MD5: 34dcf0e4754f8fa599e33aa444742481 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Portability\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Portability.dll

MD5: 58ed45bfb06ec7c6b7d151b77247e4b3 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Config\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Config.dll

MD5: 8da93d9a662e4ba18802bc6c2ccacd66 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.ExceptionHandling\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.ExceptionHandling.dll

MD5: 5ac46a3a31bc58e512c4cafd87327922 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Foundations.Primary.Logging\3.1.2.2__540d4816ead86321\Intuit.Spc.Foundations.Primary.Logging.dll

MD5: 04de2774c2a6602da45e9e76d46bc071 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MD5: 333244713f41c02de8502061c0a11622 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MD5: 1d114e646e5cc8b6d18238eba210f9ae C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.Reporter\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.Reporter.dll

MD5: 7e1174e9a3d17855680e144aa5d130a1 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\4.0.114.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MD5: b334fca2f0878c2af77826211dbe55bb C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.104.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MD5: bc204ce4cd9d08d6b178dfc77095b850 C:\WINDOWS\assembly\GAC_MSIL\Intuit.Spc.Map.WindowsFirewallUtilities\5.0.136.0__7ce6deabcb36a8ea\Intuit.Spc.Map.WindowsFirewallUtilities.dll

MD5: b89cb7f3f1a1e2807e708f5435deb13d C:\WINDOWS\assembly\GAC_MSIL\log4net\1.2.10.0__1b44e1d426115821\log4net.dll

MD5: c1c4025b5f5311ac8bcc318b0c244d58 C:\WINDOWS\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MD5: 179cc375c81b39902825abfe3a7cd49d C:\WINDOWS\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MD5: ebaadbbfb6c455e54eb6a0e47267d33c C:\WINDOWS\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll

MD5: 2849f13593d2712ccb97ffbdd3c1232e C:\WINDOWS\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MD5: 4120a37565491ca998e226bcbe8ef6e8 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceModel\3.0.0.0__b77a5c561934e089\System.ServiceModel.dll

MD5: 50d2943d426ba91771ad87fdec802ac3 C:\WINDOWS\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll

MD5: a89dfa6db0c3d00559f770a214962a60 C:\WINDOWS\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll

MD5: 2045a75f511fb99f5b3369e49e0837a2 C:\WINDOWS\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MD5: eb97291e3c9e0035b47b45dbb1af710d C:\WINDOWS\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MD5: 17b9d4728cfcee1650f900e8edbd6686 C:\WINDOWS\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MD5: 5d8b81b70c76acd63fc8270bbc2231bb C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Accessibility\d9228d58804dfd75fd92a4d12ffac8af\Accessibility.ni.dll

MD5: 617fb85504f7be3d0231b5c67724b1ba C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\0309936a8e1672d39b9cf14463ce69f9\mscorlib.ni.dll

MD5: f798be75656b0ccbc9e642b103b03385 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationCore\caafa254739e326b0cf55eed815b4333\PresentationCore.ni.dll

MD5: 9ffa9fb2b9470dbd346524cea1c06d61 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFontCac#\e9bb32c656a2f80b629f129d738c392b\PresentationFontCache.ni.exe

MD5: 6ff6344fc906b12c162cab1f2561ee74 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\959709491c71caef88fb41b0eb159714\PresentationFramework.Classic.ni.dll

MD5: 4f2ce541c289069d4c77d6982ca47d60 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\999df2b262da53356dda514512bb7bb8\PresentationFramework.ni.dll

MD5: f4c6f46f94b309c37b6599d532500a35 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\SMDiagnostics\8ff6d395f8861384bc9bfbe34cafb64e\SMDiagnostics.ni.dll

MD5: 44a58010f7c2ede3b249283bdc26e4e4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\fa21b6c9badcf916bb254b4b823c2463\System.Configuration.Install.ni.dll

MD5: 60ef8f216e869239a3f1c60a82850145 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\48f8b951a598647dd309ca2031807a5d\System.Configuration.ni.dll

MD5: 4ef41bc6300697746eb467f18efb88bc C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Data\05d99241bd45cbd96a6053841790a4a2\System.Data.ni.dll

MD5: 9ce4c55de31514bb4b8f1d5630a60db5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\a59b17e6040e3f6286a2227dfdb17096\System.Drawing.ni.dll

MD5: f95efbc23c020e9a67ededb1229869a8 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\a8039af85f459c19c041313f9fe0d7e8\System.IdentityModel.ni.dll

MD5: 9825d93b9e45f74172cb7e5cd98b40f3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\19280e723d215c0d6607d3884f453cdf\System.Management.ni.dll

MD5: 7655884a784ebd0a02ab68dafb3bba16 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\c889a45c82004537f1620dd3b211af66\System.Runtime.Serialization.ni.dll

MD5: c63b26c1415b930148dc224570f51bd2 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Security\e4bcb14e8e53c8dcaff3d2c20daf746e\System.Security.ni.dll

MD5: 7b002f0ed970f16bea864aa2eac4ac48 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel#\ead07662976fb7094811461c568643d5\System.ServiceModel.Web.ni.dll

MD5: fdd9c57338e28f8da409fe11a6a6a202 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\23abc8e4b535b9cd9c5560266c655ac2\System.ServiceModel.ni.dll

MD5: 43fbf126d8efe9cb2bca5fb1e365d832 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\0f3d321ebd65af974ff0ad424223276d\System.ServiceProcess.ni.dll

MD5: 6d42949f9c1ef02180c1a638c3f92e9d C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Transactions\7c430c38d71d632c019ae37d5ef12c8e\System.Transactions.ni.dll

MD5: 40319828a7f63fcefe421f0ade8f35f3 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web.Services\f31f1579160d87470cba918f06276e0d\System.Web.Services.ni.dll

MD5: bf747c662068f4cf14bc1b8bf53626e5 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Web\1fb5d8788c9a9a7f44e2d0fa19c62729\System.Web.ni.dll

MD5: a0bffbbba64918230f3936191c1f34af C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\29d16d2f164fe2263539789ecd0d9d4f\System.Windows.Forms.ni.dll

MD5: e596f44e263d2fb041c3f6c4eb44cda9 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.WorkflowServ#\2877dda3e0f0faeba527b4bf1efe9cb5\System.WorkflowServices.ni.dll

MD5: f32d44a584a0b78ef3c8c1bc156ff99a C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\f354057a5b4fad4c399da28449ba0d92\System.Xml.ni.dll

MD5: f4e1f9d3b2762bba015ba723792f51f4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\f6a9a002526806f3a5b745cf5c407cae\System.ni.dll

MD5: f3ecee32b5d0594e755b9ac81b762b42 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\1492e9393417d6e91b5ddc746b5ef320\UIAutomationProvider.ni.dll

MD5: 0f262aa8a99114fc33f0de8aa6fd95b4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsBase\11526c1635b97a7d49e25e72ed6e9662\WindowsBase.ni.dll

MD5: 5f179feb690c2df5f4be2e36ece55051 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\431d5dc1cfcc0c0530e813f370931670\WindowsFormsIntegration.ni.dll

MD5: d8fb851a9fbd62352fd74283f9c14c77 C:\WINDOWS\Downloaded Program Files\isusweb.dll

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: 6f678556a6fce04fc94f3435f6313705 C:\WINDOWS\Downloaded Program Files\unagiuninst.exe

MD5: f9852cbc0e06660768dbb1e6fe9b1896 C:\WINDOWS\Downloaded Program Files\wlscBase.dll

MD5: 03a905fba1d62317087db5c21c0f8f62 C:\WINDOWS\ehome\ehmsas.exe

MD5: 0f0f5b564c5a3c9b38a6220230252567 C:\WINDOWS\eHome\ehProxy.dll

MD5: 8301243bde5b6cd316d79c0191d50d9a C:\WINDOWS\ehome\ehrecvr.exe

MD5: a53243709439ac2a4c216b817f8d7411 C:\WINDOWS\ehome\ehSched.exe

MD5: 6d280bc969218ae4a72180f907c32913 C:\WINDOWS\eHome\ehTrace.dll

MD5: 7e48b4958c131e9643ddcd2e7ca3fe9f C:\WINDOWS\ehome\ehtray.exe

MD5: df0a511f38f16016bf658fca0090cb87 C:\WINDOWS\ehome\mcrdsvc.exe

MD5: 860fad57b4668a9f5f350a9d5444ae89 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll

MD5: 2bac92e8ac5e16ed60062e9141b8d5f6 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll

MD5: f282d4edd85d53e20d902cc92190c5f5 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll

MD5: 429e3efafcae6c89a57cd5d8e3442cae c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll

MD5: 35a936c7c029a5b705d3ffd40518d660 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll

MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

MD5: 12c8cd3846d72bf03c4ad445193eda28 C:\WINDOWS\Samsung\PanelMgr\SSMMgr.exe

MD5: 0f869e88fa4489fbe231a42646488ce8 C:\WINDOWS\stsystra.exe

MD5: 774348de1dea6262e06bfe1906d13d4d C:\WINDOWS\system32\ADVPACK.DLL

MD5: 7304984c4f875860bc99658d2ffc4805 C:\WINDOWS\system32\BROWSEUI.dll

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: f5430b03e141e098c78d5db46b00f8fc C:\WINDOWS\system32\confmsp.dll

MD5: be7887da57a40f425f07b84b97e9a41b C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\System32\CSCDLL.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 0607cbc6fa20114cb491efe4b2f9efad C:\WINDOWS\system32\d3d9.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: bc87db4759083525f96a159861670c5e C:\WINDOWS\system32\DINPUT.dll

MD5: 30698355067d07da5f9eb81132c9fdd6 C:\WINDOWS\system32\dla\tfsnboio.sys

MD5: fb9d825bb4a2abdf24600f7505050e2b C:\WINDOWS\system32\dla\tfsncofs.sys

MD5: cafd8cca11aa1e8b6d2ea1ba8f70ec33 C:\WINDOWS\system32\dla\tfsndrct.sys

MD5: 8db1e78fbf7c426d8ec3d8f1a33d6485 C:\WINDOWS\system32\dla\tfsndres.sys

MD5: b92f67a71cc8176f331b8aa8d9f555ad C:\WINDOWS\system32\dla\tfsnifs.sys

MD5: 85985faa9a71e2358fcc2edefc2a3c5c C:\WINDOWS\system32\dla\tfsnopio.sys

MD5: bba22094f0f7c210567efdaf11f64495 C:\WINDOWS\system32\dla\tfsnpool.sys

MD5: 81340bef80b9811e98ce64611e67e3ff C:\WINDOWS\system32\dla\tfsnudf.sys

MD5: c035fd116224ccc8325f384776b6a8bb C:\WINDOWS\system32\dla\tfsnudfa.sys

MD5: 32182cbbdc1dc700096ec3253e31cb3c C:\WINDOWS\system32\dla\tfswcres.dll

MD5: 2ca827ba68d0cdb5437c40c6f53d7f20 C:\WINDOWS\system32\dla\tfswctrl.exe

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: 770471de2550820feeb7e5d24bf2e273 C:\WINDOWS\System32\Drivers\DgiVecp.sys

MD5: e814854e6b246ccf498874839ab64d77 C:\WINDOWS\system32\drivers\drvmcdb.sys

MD5: ee83a4ebae70bc93cf14879d062f548b C:\WINDOWS\system32\drivers\drvnddm.sys

MD5: 95974e66d3de4951d29e28e8bc0b644c C:\WINDOWS\system32\DRIVERS\e100b325.sys

MD5: f59ed5a43b988a18ef582bb07b2327a7 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys

MD5: 60e1604729a15ef4a3b05f298427b3b1 C:\WINDOWS\system32\DRIVERS\HSF_DP.sys

MD5: 77e4ff0b73bc0aeaaf39bf0c8104231f C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys

MD5: 240d0f5d7caafd87bd8d801a97bbe041 C:\WINDOWS\system32\DRIVERS\ialmnt5.sys

MD5: eeaea6514ba7c9d273b5e87c4e1aab30 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys

MD5: 7f2f1d2815a6449d346fcccbc569fbd6 C:\WINDOWS\system32\DRIVERS\mhndrv.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\system32\DRIVERS\mrxsmb.sys

MD5: 5e640f37801f2d4152d11595218915cd C:\WINDOWS\system32\DRIVERS\nv4_mini.sys

MD5: 86724469cd077901706854974cd13c3e C:\WINDOWS\System32\Drivers\PxHelp20.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\system32\DRIVERS\srv.sys

MD5: d7968049be0adbb6a57cee3960320911 C:\WINDOWS\system32\drivers\sscdbhk5.sys

MD5: c3ffd65abfb6441e7606cf74f1155273 C:\WINDOWS\system32\drivers\ssrtln.sys

MD5: 352b663a81402be7cd7bd4ea27c9998c C:\WINDOWS\system32\drivers\sthda.sys

MD5: d4fb6ecc60a428564ba8768b0e23c0fc C:\WINDOWS\System32\Drivers\usbaapl.sys

MD5: fb8b75d3be728e4d41c19afba339151e C:\WINDOWS\system32\dxtmsft.dll

MD5: f3b0ac8a0c792544bf56999abdb25f0c C:\WINDOWS\system32\dxtrans.dll

MD5: ebea54fbc053ce4d786b8d7fc65f4e6b C:\WINDOWS\system32\EasyHook32.dll

MD5: f5b754cdea20bbb3a31e16a776ede6d6 C:\WINDOWS\system32\ESENT.dll

MD5: 303a63f4b913aa5d8998161cb77a8ce7 C:\WINDOWS\system32\feclient.dll

MD5: 94162403e8207cc304876bd5591377f8 C:\WINDOWS\system32\GIDBIN1.dll

MD5: de7344c0ccbf452c16de7efb58760f4f C:\WINDOWS\system32\GIDBIN3.DLL

MD5: ba1c7e7d85b6502fd2bc4f3c89dd5d91 C:\WINDOWS\system32\GIDHook.dll

MD5: 81f94d35b846d767b8c165c288e269b6 C:\WINDOWS\system32\GIDHookLogon.dll

MD5: fecda4818272f4cf22c3eac4a57378f0 C:\WINDOWS\system32\GIDLogonXP.dll

MD5: ce8c3bc1377b83dbcd7304ab2d0a4735 C:\WINDOWS\system32\h323msp.dll

MD5: 42344ddf30337979216ea6afa58bb42a C:\WINDOWS\system32\hkcmd.exe

MD5: f8bf9b14b75dfcff357c40673641cb43 C:\WINDOWS\system32\iepeers.dll

MD5: bfc2a40fe739c453f5d02b7eef41ca28 C:\WINDOWS\system32\igfxdev.dll

MD5: 4b10675852fe8862521024778e264d5f C:\WINDOWS\system32\igfxpers.exe

MD5: 6e5a178e359ee42f748186a14449d848 C:\WINDOWS\system32\igfxtray.exe

MD5: a4dd6c951201f5aa105eef561beaa342 C:\WINDOWS\system32\ImgUtil.dll

MD5: f7b098a08efcf4ab4247264c0ac225d2 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: ba6cd6b1fbe384bc2e0be5341e463325 C:\WINDOWS\system32\lmdimon.dll

MD5: cc78a5c18f943c7c23d498794547d3a3 C:\WINDOWS\system32\lmdimon8.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 21a67095edc11a528f5434d28bb0ef3c C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

MD5: dcd15d648779f59808b50f1a9cc3698d C:\WINDOWS\system32\MdmXSdk.dll

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: 09aef167eb1531e965053d0dcf6cc573 C:\WINDOWS\system32\MFC70.DLL

MD5: 1e744353bd534405187a404667da3dc3 C:\WINDOWS\system32\mgmtapi.dll

MD5: b7521f69c0a9b29d356157229376fb21 C:\WINDOWS\System32\mhn.dll

MD5: 43039f6f4c753256a6ae0d69431d58e2 C:\WINDOWS\system32\ml2570lk.DLL

MD5: f24b12786d60a17008319e3f2aee7799 C:\WINDOWS\system32\msapsspc.dll

MD5: 815357be860415cbea0d25ffbc2f6cb2 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll

MD5: d04f7aaca2319a3bcdb2c5d5dd6f6026 C:\WINDOWS\system32\MSVCP70.dll

MD5: 7a660edc0757849df5f8706fb6e9f740 C:\WINDOWS\system32\MSVCRT40.dll

MD5: 91dcd979ffed13ab6f6e6b085a43525e C:\WINDOWS\system32\msvidctl.dll

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 C:\WINDOWS\system32\NETSHELL.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: a518ff7dc9ac82eff42b502f12d74363 C:\WINDOWS\system32\nvapi.dll

MD5: b2322cdbdc828424532c6facc1b7ad88 C:\WINDOWS\system32\NvCpl.dll

MD5: 5959ac3e90714971c6505c0f35029639 C:\WINDOWS\system32\NvMcTray.dll

MD5: 400d95445c593d4c089013729d0da0b3 C:\WINDOWS\system32\nvsvc32.exe

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\oleaut32.dll

MD5: b9807bddd55d3d4da93a0bf5f67e4144 C:\WINDOWS\system32\PNCRT.dll

MD5: c230562517fee2fc4b472cd9b84e5bcb C:\WINDOWS\system32\pngfilt.dll

MD5: 77de1f81666a4766bfed712dc7232f4e C:\WINDOWS\system32\PresentationNative_v0300.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 926afc4848ff3297bb264333bf51e21f C:\WINDOWS\system32\sbe.dll

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll

MD5: e73f18195ccf4aaaa87b2d22e83f791c C:\WINDOWS\system32\serwvdrv.dll

MD5: a824fb0907738a39680b0609671f4740 C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\shell32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 9f453e0c5f9361cf860b7bbcc19e7389 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr.dll

MD5: cd2f8b95f53e9b59084bdbac9e708494 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lmdippr8.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 578949c3c53218ed2823549d149a1322 C:\WINDOWS\system32\stacapi.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 43039f6f4c753256a6ae0d69431d58e2 C:\WINDOWS\system32\sugo2LMK.DLL

MD5: d0049860b63dd87a73a5d165c829c65f C:\WINDOWS\system32\t2embed.dll

MD5: 3f8411328e808a8794a41da9acb22dd9 C:\WINDOWS\system32\tapi3.dll

MD5: 8357809e111e09393633039769d96281 C:\WINDOWS\system32\tcpmib.dll

MD5: 8edd9dcd5196b6c54a622e9549f667b8 C:\WINDOWS\system32\termmgr.dll

MD5: b5c05ce075f48cc44c154f0ce25c4cfe C:\WINDOWS\system32\tfswapi.dll

MD5: 17e0cf9c8cbb717d05948656bcd86efa C:\WINDOWS\system32\txflog.dll

MD5: ec2ad9ac452e0a8d976fb1b1718517ce C:\WINDOWS\system32\umdmxfrm.dll

MD5: 025fbac2441b438aebf1ab92dc387b51 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\usp10.dll

MD5: 88de252338bb4f25a15099cad5a87d27 C:\WINDOWS\system32\wavemsp.dll

MD5: e535e0a413655208d7180154150881c6 C:\WINDOWS\system32\webcheck.dll

MD5: b68b06d15593032e9f6cc031d9968bb4 C:\WINDOWS\system32\WgaLogon.dll

MD5: 5f63e2b2a72e1e6448123e0920d31530 C:\WINDOWS\system32\WindowsCodecs.dll

MD5: eb2d2e05e471208cd651ddcdf77904bf C:\WINDOWS\system32\WindowsCodecsExt.dll

MD5: 6878542c5a86875716b51eff68d2ac00 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: 277f3e3333f1d10ca428568197fcce70 C:\WINDOWS\system32\wsnmp32.dll

MD5: 29f3ecd623330ad06005482a84c2a741 C:\WINDOWS\system32\xpsp1res.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 1b7524806d0270b81360c63a2fa047cb C:\WINDOWS\WinSxS\x86_Microsoft.VC80.MFC_1fc8b3b9a1e18e3b_8.0.50727.762_x-ww_3bf8fa05\MFC80.DLL

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

No file uploaded.

Scan finished - communication took 3 sec

Total traffic - 0.03 MB sent, 1.81 KB recvd

Scanned 975 files and modules - 96 seconds

==============================================================================

Link to post
Share on other sites

Looking good! ;)

Please download Security Check by screen317 from here or here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 6 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Security Scan Plus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 20

Java 6 Update 5

Java 2 Runtime Environment, SE v1.4.2_03

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

Mozilla Thunderbird (1.0.7) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

Before we move on, please take the time to install the following updates, as using outdated applications leaves you extremely vulnerable to getting infected again ;) :

You are using Internet Explorer version 6. The latest version is 8. Using an outdated version of a web browser leaves you extremley vulnerable to malware!

Please see this link to download the latest version: http://windows.microsoft.com/en-US/internet-explorer/products/ie/home

------

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

------

Your Mozilla Thunderbird is out of date. Please download the newer version from here: http://www.mozilla.org/en-US/thunderbird/

------

Please let me know how the updates went, as failed updates may indicate additional malware ;)

Link to post
Share on other sites

Results of screen317's Security Check version 0.99.7

Windows XP Service Pack 3

Internet Explorer 8

``````````````````````````````

Antivirus/Firewall Check:

Windows Firewall Disabled!

McAfee Security Scan Plus

Antivirus up to date!

```````````````````````````````

Anti-malware/Other Utilities Check:

Malwarebytes' Anti-Malware

CCleaner (remove only)

Java 6 Update 26

Out of date Java installed!

Adobe Flash Player 10.3.181.26

Adobe Reader 6.0.1

Out of date Adobe Reader installed!

Mozilla Thunderbird (5.0.) Thunderbird Out of Date!

````````````````````````````````

Process Check:

objlist.exe by Laurent

Norton ccSvcHst.exe

``````````End of Log````````````

Link to post
Share on other sites

Odd that they're not showing as updated- I'll bring this to the attention of the developer ;)

One more update I noticed :) :

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

Link to post
Share on other sites

Glad to hear the updates went well. :)

Unless there are any further issues, I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;):

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Thank you very much D-Fred-Brown!

I will be clicking on that Donate button! I very much appreciate your help.

One question. I ran Defogger to disable CD-ROM Emulation Software. Should I now run it to enable it?

I don't understand what the coders who create these viruses/maleware are trying to accomplish other than to waste everyone's time.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.