Jump to content

XP Windows Recovery / Malwarebytes blocked


Recommended Posts

Hi. Thanks for your assistance in advance.

I am visiting relatives. They have a Windows Recovery infection. I'm trying to help.

I downloaded and ran iexplore / rkill. Log here.

***************************************************

This log file is located at C:\rkill.log.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 07/01/2011 at 8:38:45.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\yjmUjuesNXqx.exe

C:\Documents and Settings\All Users\Application Data\17882916.exe

Rkill completed on 07/01/2011 at 8:39:02.

Please post this only if requested to by the person helping you.

Otherwise you can close this log when you wish.

Rkill was run on 07/01/2011 at 8:55:15.

Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

C:\Documents and Settings\All Users\Application Data\yjmUjuesNXqx.exe

C:\Documents and Settings\All Users\Application Data\17882916.exe

Rkill completed on 07/01/2011 at 8:56:20.

******************************************

Then I tried to install Malwarebytes. It failed twice, as you can probably guess from the above rerun of rkill.

error 59: mbamnet not found, and access denied.

What do I do next?

Thanks again!

John

Link to post
Share on other sites

Hello johnjtraynor and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Hello johnjtraynor and welcome to Malwarebytes! :welcome:

I am D-FRED-BROWN and I will be helping you. :)

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:

  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.

  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue tdsskiller2.png
  • If a suspicious file is detected, the default action will be Skip, click on Continue tdsskiller3.png
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):

  • TDSSKiller_log.txt
how the PC is running now?
-------------
Please download ComboFix.exe. Please visit this webpage for download links, and instructions for running the tool:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix
* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Please go here to see a list of programs that should be disabled.
**Note: Do not mouseclick ComboFix's window while it's running. That may cause it to stall**
Please include the C:\ComboFix.txt in your next reply for further review.
Also, please let me know if any problems still remain.
-------------
Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:

  • C:\ComboFix.txt
  • TDSSKiller log
  • Security Check checkup.txt

How is your computer running now?

Link to post
Share on other sites

Happy 4oJ and appreciate your assistence.

Thank you! I hope you enjoy yours as well :)

Little more cleaning to do:

I strongly recommend you remove Ask Toolbar from your computer because:

  • It promotes its toolbars on sites targeted at kids.
  • It promotes its toolbars through ads that appear to be part of other companies' sites.
  • It promotes its toolbars through other companies' spyware.
  • It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  • It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  • It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.

To remove it, please follow the instructions found here.

---------

Please do the following:

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the quotebox below into it:

KILLALL::

Driver::

59914131

File::

C:\Windows\system32\drivers\59914131.sys

Save this as CFScript.txt, in the same location as ComboFix.exe

CFScriptB-4.gif

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I shall require in your next reply.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Please include the newly-created C:\ComboFix.txt in your next reply, and let me know of any new problems or concerns :).

Link to post
Share on other sites

Hi D-Fred. Thanks again.

No problem ;)

First drink is on me if you're ever in Manhattan.

Cheers!, but it will be a couple years till I'm of legal drinking age :lol:

Let's run some more scans to see if there are any traces left before we move on.

Also, if you could post the logs rather than attaching them, that'd help me out a lot. ;)

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

  1. Tick the box next to YES, I accept the Terms of Use.
  2. Click Start
  3. When asked, allow the ActiveX control to install
  4. Click Start
  5. Make sure that the options Remove found threats and the option Scan unwanted applications is checked
  6. Click Scan
    Wait for the scan to finish
  7. Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
  8. Copy and paste that log as a reply to this topic

-----

Please use the Internet Explorer and run a BitDefender Online scan from Here

  • Please check I agree with the Terms and Conditions and click Start Here
  • You will need to allow an Active X install for the scan to run.
  • Leave the scanning options at default and click Start Scan

Please post the results in your next reply.

-----

Please include the ESET and BitDefender reports in your next reply. Also, let me know how is your system running now? ;)

Link to post
Share on other sites

OK, I'll buy you one one in a few years. Or if You're in the UK I'll have a mate buy you a pint.

Quickscan

QuickScan Beta 32-bit v0.9.9.96

-------------------------------

Scan date: Sat Jul 02 22:21:48 2011

Machine ID: A41B543D

No infection found.

-------------------

Processes

---------

Adobe Reader and Acrobat Manager 1536 C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

AOLacsd.exe 536 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

Brother MFL Pro 552 C:\WINDOWS\system32\Brmfrmps.exe

Brother MFL Pro 2832 C:\WINDOWS\system32\BrmfRsmg.exe

GEMTEKS WLService 304 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

Lexmark 6200 Series Device Monitor 1328 C:\Program Files\Lexmark 6200 Series\lxbumon.exE

Lexmark Communication System 3336 C:\WINDOWS\system32\lxbucoms.exe

Microsoft SQL Server 1056 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

Microsoft® Windows® Operating System 1592 C:\WINDOWS\system32\spoolsv.exe

Microsoft® Windows® Operating System 3460 C:\WINDOWS\system32\wscntfy.exe

Netscape Update Service 1772 C:\Program Files\Netscape Internet Service\ncupdatesvc.exe

OnlineCmdLineScanner.exe 2516 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

OpenOffice.org 3.2 2012 C:\Program Files\OpenOffice.org 3\program\soffice.bin

OpenOffice.org 3.2 2004 C:\Program Files\OpenOffice.org 3\program\soffice.exe

Part of S3 Screen Toys 1456 C:\WINDOWS\system32\S3Trayp.exe

Realtek Sound Manager 1260 C:\WINDOWS\SOUNDMAN.EXE

WinCinema Manager for InterVideo WinCin 1728 C:\Common\Bin\WinCinemaMgr.exe

WMP54Gv4 1228 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

(verified) GoogleToolbarNotifier 1680 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Java Platform SE 6 U18 984 C:\Program Files\Java\jre6\bin\jqs.exe

(verified) Microsoft® Visual Studio .NET 1008 C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

(verified) Microsoft® Windows® Operating System 2976 C:\WINDOWS\explorer.exe

(verified) Microsoft® Windows® Operating System 3988 C:\WINDOWS\system32\alg.exe

(verified) Microsoft® Windows® Operating System 652 C:\WINDOWS\system32\csrss.exe

(verified) Microsoft® Windows® Operating System 3572 C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System 732 C:\WINDOWS\system32\lsass.exe

(verified) Microsoft® Windows® Operating System 720 C:\WINDOWS\system32\services.exe

(verified) Microsoft® Windows® Operating System 588 C:\WINDOWS\system32\smss.exe

(verified) Microsoft® Windows® Operating System 1140 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1088 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 948 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 892 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 844 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 2724 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 1248 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 460 C:\WINDOWS\system32\svchost.exe

(verified) Microsoft® Windows® Operating System 676 C:\WINDOWS\system32\winlogon.exe

(verified) Windows® Internet Explorer 1684 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 2172 C:\Program Files\Internet Explorer\iexplore.exe

(verified) Windows® Internet Explorer 2324 C:\Program Files\Internet Explorer\iexplore.exe

Network activity

----------------

Process iexplore.exe (2324) connected on port 80 (HTTP) --> 74.125.225.36

Process svchost.exe (948) listens on ports: 135 (RPC)

Process svchost.exe (1248) listens on ports: 2869 (SSDP event notification, UPNP)

Autoruns and critical files

---------------------------

Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

ezprint.exe C:\Program Files\Lexmark 6200 Series\ezprint.exe

fm3032.exe C:\Program Files\Lexmark Fax Solutions\fm3032.exe

Intel® Common User Interface C:\WINDOWS\system32\igfxsrvc.dll

Lexmark 6200 Series Device Monitor C:\Program Files\Lexmark 6200 Series\lxbumon.exE

Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\logon.scr

Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\upnpui.dll

Microsoft® Windows® Operating System c:\windows\system32\userinit.exe

Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll

Part of S3 Screen Toys C:\WINDOWS\system32\S3Trayp.exe

quickstart.exe C:\Program Files\OpenOffice.org 3\program\quickstart.exe

QuickTime C:\Program Files\QuickTime\qttask.exe

Realtek Sound Manager C:\WINDOWS\SOUNDMAN.EXE

RegWork C:\Program Files\RegWork\RegWork.exe

Timer DLL C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll

WinCinema Manager for InterVideo WinCin C:\Common\Bin\WinCinemaMgr.exe

Windows Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll

(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe

(verified) Google Update C:\Program Files\Google\Update\GoogleUpdate.exe

(verified) GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

(verified) Java Platform SE Auto Updater 2 0 C:\Program Files\Common Files\Java\Java Update\jusched.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cmd.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll

(verified) Windows® Internet Explorer C:\WINDOWS\system32\msfeedssync.exe

(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll

Browser plugins

---------------

Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe

BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll

ExpressIt Upload C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll

Flash® Player Installer/Uninstaller C:\WINDOWS\Downloaded Program Files\CONFLICT.1\FP_AX_CAB_INSTALLER.exe

Google Toolbar for Internet Explorer c:\program files\google\google toolbar\googletoolbar_32.dll

Google Update C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

GoogleToolbarNotifier C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

IE Toolbar c:\program files\aol toolbar\toolbar.dll

Messenger C:\Program Files\Messenger\msmsgs.exe

MetaStream 3 Plugin C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\nwprovau.dll

Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll

Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll

NPSWF32.dll C:\Program Files\Internet Explorer\plugins\NPSWF32.dll

PBHelper Module C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

QuickTime Plug-in 6.5 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

RealArcade Mozilla Plugin C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

Windows® Internet Explorer C:\WINDOWS\system32\IEFRAME.dll

(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll

(verified) Java Platform SE 6 U18 C:\Program Files\Java\jre6\bin\jp2ssv.dll

(verified) Java Platform SE 6 U18 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

Scan

----

MD5: a2656906b8281e6d3e74bded981876be C:\Common\Bin\WinCinemaMgr.exe

MD5: 924eae29d7e0db93f26e0fc53733a160 c:\program files\aol toolbar\toolbar.dll

MD5: bad6bea0de1f69c82bdb74378ce0c20a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

MD5: 8fa646f0e639d9a8c8b98e217d471dc0 C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe

MD5: a7e8525fa8788ca52f728414a65ba349 C:\Program Files\Common Files\Microsoft Shared\INK\SKCHUI.DLL

MD5: 10b7abf103e30e50e02f6c8d749eceb4 C:\Program Files\ESET\ESET Online Scanner\esets_apiW_a.dll

MD5: 36af5e8b91c2277ce16897e0936c6627 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe

MD5: 45fd64f0c2b5fd2856e453d87d1cd2ca C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx

MD5: cd403892f553586c70ff1e1a8de294bd c:\program files\google\google toolbar\googletoolbar_32.dll

MD5: f13572d2a69ee7686c8bf69a3198b0b1 C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\gtn.dll

MD5: 2b6d566b536e695d9f40f5c19ae758b6 C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll

MD5: b226054bfa3d3a1920f7b95e54f3e87d C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

MD5: d3376ecfdde375d86554074d5645d38e c:\Program Files\Intel\NCS\Sync\NetSvc.exe

MD5: a9d7153b413dd0a43aac72190473eeaf C:\Program Files\Internet Explorer\ieproxy.dll

MD5: f32b4406cef8cb0ac276f9a2affef92f C:\Program Files\Internet Explorer\plugins\NPExpFTP.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll

MD5: a65d93eca146eb7017ee8297a95011e0 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll

MD5: fb2c9043a7c3cd5c3ca6558985b02fab C:\Program Files\Internet Explorer\plugins\NPSWF32.dll

MD5: 5dd552e15419354fcd8ee92ae2660814 C:\Program Files\internet explorer\xpshims.dll

MD5: d2c11e7c5258b188b976ae3bf4b2d347 C:\Program Files\Lexmark 6200 Series\ezprint.exe

MD5: eec686297bf8356815ea6de9650094a8 C:\Program Files\Lexmark 6200 Series\lxbumon.exE

MD5: 044230969b875770dd6b442b43e17895 C:\Program Files\Lexmark 6200 Series\lxbuscw.dll

MD5: b3c7dde2a258fceb396a6512469cd58b C:\Program Files\Lexmark Fax Solutions\fm3032.exe

MD5: b308a8d9ac375d87320133e101288132 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\0004\AegisE5.dll

MD5: eadca962c98da2e2e08643ec33ae2e84 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\aviWMP54Gv4.dll

MD5: 6831c35a1b65bcd3813c9ae4aaa742e5 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ez54g.dll

MD5: d59795ca678b7259917ae4efe152c000 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\GEMWEP.DLL

MD5: ffd6df2525f06314d66b3d0e5de68a15 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ProcNICs.dll

MD5: 6e6964b60021b96a9d87e2dd1f85976e C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Ralinktek.DLL

MD5: ea8f733cae0fbedf6314da89e5b95b9b C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\resWMP54Gv4_US.dll

MD5: c825a2c2c2fde8e4d21d13b70ae2ffeb C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\RM_DEV_CODE.dll

MD5: 4818d65130bc8e3bd143ffbbfe579b99 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\Security.dll

MD5: 6684ded7f6f9b4ebfd6e58acaf5e9dc6 C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\SES.dll

MD5: 7149a4a6431304c60757a3a65b42f96f C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\ses_cl.dll

MD5: e8c30ef9bbc6ddb71f0f77fa3a96515f C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

MD5: 4d843b8a535dd21ec0c0cc1feffbdf2e C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe

MD5: 545f106781b7ab23651e77c8e5e104c9 C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll

MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe

MD5: cb7524c21727404bd3140dca32deb7de C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe

MD5: 24d4ec6d21afd648aa8483fc7707cc56 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\OPENDS60.DLL

MD5: f0a1617436d7e332efc837ab7cd44283 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\Resources\1033\sqlevn70.RLL

MD5: e3f974bdedc336490a2e6f3a703f016a C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlagent.EXE

MD5: 1251256fefc2b00a7bd603578241f0ad C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\sqlservr.exe

MD5: 0c6f18cd14d350d90d3ad69a3c934c81 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SQLSORT.DLL

MD5: 858d3644e2b3bceddc501899965f1b85 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SSmsLPCn.dll

MD5: e87abae67ccf8782a14cd669c2b0e19b C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\SSNETLIB.dll

MD5: 1a64cdf8489a575a7dc9a86f0dd76f06 C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Binn\UMS.DLL

MD5: 6b2de42f8e9aef946f4dbf02375766f3 C:\Program Files\Netscape Internet Service\ncupdatesvc.exe

MD5: db151e2e3f3cdac8c07148cda0fb0d9a C:\Program Files\Netscape Internet Service\Netscape Web Accelerator\pbhelper.dll

MD5: 6dc9f21bc671355223bb2aa6964d227a C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll

MD5: 8c7a8a2424aea48b413b0e1d3aa62e3a C:\Program Files\OpenOffice.org 3\Basis\program\shlxthdl\stlport_vc7145.dll

MD5: fd3e0034d8ae825c6ca827b87e57a88f C:\Program Files\OpenOffice.org 3\program\aggmi.dll

MD5: fc58706bba6d29bf5df4e70bcecd2f7e C:\Program Files\OpenOffice.org 3\program\avmediami.dll

MD5: 8f2bac8ae36d4b10b2bf70ba3bcf0c3a C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll

MD5: 01c4ef7dd60d20449fdca38a88b4f127 C:\Program Files\OpenOffice.org 3\program\behelper.uno.dll

MD5: 8a19937568fbc54c645eca01f8aebeff C:\Program Files\OpenOffice.org 3\program\canvastoolsmi.dll

MD5: bd4df2f5c7ab96112a81a2ca64f0f027 C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll

MD5: 749e890e4343d0d336959baf380beea0 C:\Program Files\OpenOffice.org 3\program\configmgr2.uno.dll

MD5: 3233b0e864b2f2c0fe87ef42d12bc6e7 C:\Program Files\OpenOffice.org 3\program\cppcanvasmi.dll

MD5: 97a2479501d3082bd57e336f0d70baca C:\Program Files\OpenOffice.org 3\program\drawinglayermi.dll

MD5: be0f298e9d3a243853f3466d35ddb535 C:\Program Files\OpenOffice.org 3\program\emsermi.dll

MD5: 7a784d73424788c7d8508a750470bdd1 C:\Program Files\OpenOffice.org 3\program\fwemi.dll

MD5: c293e396107b8a3d9a422c5ec46bef89 C:\Program Files\OpenOffice.org 3\program\fwimi.dll

MD5: 5a6ddddadb5ff0063a9323e6b309adac C:\Program Files\OpenOffice.org 3\program\fwkmi.dll

MD5: 9ef9358eb425e5159f844ca04518f57c C:\Program Files\OpenOffice.org 3\program\gomi.dll

MD5: 5155e34f7478e32654408361b6cc58ab C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll

MD5: f2866588a860c61560e38ca2a7d17bfe C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll

MD5: db5327a74a6cf44170ca8164909261f7 C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll

MD5: dafe69d12ff6c621fe11d98237db50bf C:\Program Files\OpenOffice.org 3\program\icudt40.dll

MD5: 230c5d1c8b6761bd81e0ac38d52565a7 C:\Program Files\OpenOffice.org 3\program\icuuc40.dll

MD5: c45e939487a2c3169316119b8c201c7a C:\Program Files\OpenOffice.org 3\program\libxml2.dll

MD5: ca42e2bf393c56926d2f239e9cbea86c C:\Program Files\OpenOffice.org 3\program\lngmi.dll

MD5: 2a4769f859558012a46665f498e013df C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll

MD5: 6cd2f4968a515fb234548bb508de8112 C:\Program Files\OpenOffice.org 3\program\logmi.dll

MD5: c7491ff77f3ec87e2587a1c4b1e25bfd C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll

MD5: f529638536180cf030c6b5afb5f346e5 C:\Program Files\OpenOffice.org 3\program\oooimprovecoremi.dll

MD5: 0c1daf7fb14a65832487a19db496b0e3 C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll

MD5: 28675e96e9cc2a81c0b0e182674e03c7 C:\Program Files\OpenOffice.org 3\program\quickstart.exe

MD5: b1fcf50705ed0163a9c231352911a68d C:\Program Files\OpenOffice.org 3\program\sax.uno.dll

MD5: 1f3f1e89470fff539b683b595b5c4789 C:\Program Files\OpenOffice.org 3\program\saxmi.dll

MD5: 125f036a85da66c3e72f0df8950c611d C:\Program Files\OpenOffice.org 3\program\sbmi.dll

MD5: 54c8f6cd376dec23f2333dde3ab88f8c C:\Program Files\OpenOffice.org 3\program\sfxmi.dll

MD5: 15d982e21248e9be337d9b40247af30e C:\Program Files\OpenOffice.org 3\program\soffice.bin

MD5: abc2c67dfd48930f846934b907c3d606 C:\Program Files\OpenOffice.org 3\program\soffice.exe

MD5: 008253f9a5949fb5d64c471f5d9b434b C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll

MD5: 1885a9fde9e0f1d0ae10456e93988b91 C:\Program Files\OpenOffice.org 3\program\sotmi.dll

MD5: 6c141cd99667a64f99924ec39f1d7fe6 C:\Program Files\OpenOffice.org 3\program\stsmi.DLL

MD5: 5e7fe274d996e474dc6ae5547f182a5f C:\Program Files\OpenOffice.org 3\program\svlmi.dll

MD5: 28d5d6b666b5b0660f1cdfbaee5adf20 C:\Program Files\OpenOffice.org 3\program\svtmi.dll

MD5: d1b53544413e54d0a11a08797b55bdab C:\Program Files\OpenOffice.org 3\program\svxcoremi.dll

MD5: e0aebe29b23a828a2e88f87f319df0ff C:\Program Files\OpenOffice.org 3\program\sysmgr1.uno.dll

MD5: 69d7fd25d9688c50bf8692f9cbd502d9 C:\Program Files\OpenOffice.org 3\program\tkmi.dll

MD5: 029b4553c736f30456e0c8879f66e314 C:\Program Files\OpenOffice.org 3\program\tlmi.dll

MD5: 1fc0d7793090de344315b0ace4b5ff7d C:\Program Files\OpenOffice.org 3\program\ucb1.dll

MD5: 3a14b00096b23a7b9460be3c7e76ea85 C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll

MD5: 1fdd79bad6b7bda2a6d10c1dd0e4f9d2 C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll

MD5: 589d38a04230fd3732de5e81a8ec4100 C:\Program Files\OpenOffice.org 3\program\utlmi.dll

MD5: 97041c4e4d9fc8dc6545f79a7be5d9bf C:\Program Files\OpenOffice.org 3\program\vclmi.dll

MD5: fd4adf38c3b310fc6bd4adbe148225f5 C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll

MD5: 9768af20247381ed86a9f18b48e1b580 C:\Program Files\OpenOffice.org 3\program\xcrmi.dll

MD5: 39f310a3522696ff91168f276ab768b2 C:\Program Files\OpenOffice.org 3\program\xomi.dll

MD5: 59baf04430b17c63fcf1881c9bd62d29 C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll

MD5: f5e9cde192597b926e932f7adb56c17e C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll

MD5: 3f8e1f037b234d4365032e03fe5e2245 C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll

MD5: 8a8670a0f999c33e9e7594e0e1bd7fca C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll

MD5: 8c7378eb252ef8cee61b558d95fc828f C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll

MD5: 16e967e9ef18ec71d51dcdf08253e55d C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll

MD5: a3f69ef1f25e3dfb336b2e19a9765b12 C:\Program Files\OpenOffice.org 3\URE\bin\sal3.dll

MD5: 95886f0ade2b0ff0add79509d756a9c1 C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll

MD5: eb23086a4861d67dca254cf91114ef4d C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll

MD5: 30e195b36b26658eae2ce4f9033371ad C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll

MD5: 50e539873f2c93c33620236fb6a8e64f C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll

MD5: 9b963c7f5d85010d55f81c3bdb8a24f3 C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll

MD5: c341ccfbe98bc7df6e0b856bb9fc265a C:\Program Files\QuickTime\qttask.exe

MD5: 8fdf6459dc93f093c6f4adaa89102eb8 C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll

MD5: 3f2eda90eeeadcc1e90eff0bfbaa0eb0 C:\Program Files\RegWork\RegWork.exe

MD5: bcdff548f7d31a2bcf1cf98da7eb5445 C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

MD5: 8fa646f0e639d9a8c8b98e217d471dc0 C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe

MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL

MD5: 23dc75d158d484177ffe99e23264f89f C:\WINDOWS\Downloaded Program Files\qsax.dll

MD5: d43637f8e835ddf2fe95fbe6242494b0 C:\WINDOWS\IME\SPGRMR.DLL

MD5: f6faec07446a78a9c5af4558ff5bd118 C:\WINDOWS\ime\sptip.dll

MD5: e1a1206a4fb19b675e947b29ccd25fba C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe

MD5: ff352ba8b9da8fa5cd06ca2b8ead765e C:\WINDOWS\SOUNDMAN.EXE

MD5: 438179abe9b7a922a21b8d6369ff52ff C:\WINDOWS\System32\BCM42RLY.SYS

MD5: fa9391fffcf5dbe4f5f36f08b79dd546 C:\WINDOWS\system32\BREVIF.dll

MD5: dae4da7f864433218e277de3e6c96227 C:\WINDOWS\system32\BRMFBIDI.dll

MD5: bb192385661daf7f3d48b586f6e1d166 C:\WINDOWS\system32\Brmfrmps.exe

MD5: eae7a53581a0aca26fddaa40caf7bd62 C:\WINDOWS\system32\BrmfRsmg.exe

MD5: 4dfe784a28796e225ec0c1fbc2c144eb C:\WINDOWS\system32\BrmfUSB.DLL

MD5: c2520ee17c564e1d2ad8ba81f820aee8 C:\WINDOWS\system32\BrMfWia1.dll

MD5: f5efc6c39b575bfb991fa57ae98aca82 C:\WINDOWS\system32\BrRsmSti.dll

MD5: 049453a4389a906904d4c4eb903bd0de C:\WINDOWS\system32\BRSCNRSM.dll

MD5: c62f76344cd3a3a6314055b4929e529d C:\WINDOWS\system32\BrSerIf.DLL

MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\comctl32.dll

MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll

MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll

MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll

MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll

MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll

MD5: 6100d350770a5595fbf4c96f3510badc C:\WINDOWS\system32\CSRSRV.dll

MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL

MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll

MD5: 389496118b3b03c2328024af320132ac C:\WINDOWS\system32\DNSAPI.dll

MD5: 5f7e24fa9eab896051ffb87f840730d2 c:\windows\system32\dnsrslvr.dll

MD5: 355556d9e580915118cd7ef736653a89 C:\WINDOWS\System32\drivers\afd.sys

MD5: fbbcb95f677cbaa924140b6ea2d9a97b C:\WINDOWS\system32\drivers\ALCXSENS.SYS

MD5: bc5c55b49c4bd1fdfaaa128fe21f9fea C:\WINDOWS\system32\drivers\ALCXWDM.SYS

MD5: be5d50529799b9bab6be879ec768b6cf C:\WINDOWS\system32\drivers\BIOS.sys

MD5: 4ba311473e0d8557827e6f2fe33a8095 C:\WINDOWS\System32\Drivers\Brfilt.sys

MD5: 791ef93168dcf057715493d607e37983 C:\WINDOWS\System32\Drivers\BrSerWdm.sys

MD5: 37e2d0b12ddf536cd64af6eb3b580ef8 C:\WINDOWS\System32\Drivers\BrUsbMdm.sys

MD5: 1c5f014048e5b2748c1a8ad297c50b6f C:\WINDOWS\System32\Drivers\BrUsbScn.sys

MD5: fae8b6b311f898df3d19bc638e980ca5 C:\WINDOWS\System32\DRIVERS\e100b325.sys

MD5: 5faa391f5b4cd2c38be7ca270e13b444 C:\WINDOWS\system32\DRIVERS\fetnd5bv.sys

MD5: ce545a84bf3411e7516fa8da51ad9d93 C:\WINDOWS\System32\DRIVERS\HSF_CNXT.sys

MD5: 9a0d0c461ef2b3d80cb7875b4b995e47 C:\WINDOWS\System32\DRIVERS\HSF_DP.sys

MD5: 128ef741b2293c36810561092b566b1c C:\WINDOWS\System32\DRIVERS\HSFHWBS2.sys

MD5: 6e53bd96b0ebad721cdd6320dbfc3f5f C:\WINDOWS\system32\drivers\ialmkchw.sys

MD5: 537efe2f9adcd01073f59e9d3d24164e C:\WINDOWS\System32\DRIVERS\ialmnt5.sys

MD5: e6c22d34baef5196e1b23a4492c275b7 C:\WINDOWS\system32\drivers\ialmsbw.sys

MD5: ab7cc5ddfa1557bab312e12abb6a5158 C:\WINDOWS\system32\Drivers\iqvw32.sys

MD5: b309912717c29fc67e1ba4730a82b6dd C:\WINDOWS\system32\drivers\mbamswissarmy.sys

MD5: 5110edd87e2508f02b922e83a2487dfc C:\WINDOWS\System32\DRIVERS\mdmxsdk.sys

MD5: a7da20ab18a1bdae28b0f349e57da0d1 C:\WINDOWS\system32\DRIVERS\mf.sys

MD5: 9fa7207d1b1adead88ae8eed9cdbbaa5 C:\WINDOWS\system32\drivers\monfilt.sys

MD5: 0dc719e9b15e902346e87e9dcd5751fa C:\WINDOWS\System32\DRIVERS\mrxsmb.sys

MD5: c06d13350ddf3e84d72a80574be92dd5 C:\WINDOWS\SYSTEM32\DRIVERS\pcitest.sys

MD5: 581e74880aeb1dba1cb5ac8e6e6c0a69 C:\WINDOWS\system32\DRIVERS\RT61.sys

MD5: 861e6b8b54cf678400be310007557ae9 C:\WINDOWS\system32\DRIVERS\S3gIGPm.sys

MD5: 47ddfc2f003f7f9f0592c6874962a2e7 C:\WINDOWS\System32\DRIVERS\srv.sys

MD5: d8cbd8b4bf4dc9cd64b5cc8e2bec1b96 C:\WINDOWS\System32\Drivers\sunkfilt.sys

MD5: fabcc3bec89a2853958cefb28943c470 C:\WINDOWS\System32\Drivers\sunkfilt39.sys

MD5: d85938f272d1bcf3db3a31fc0a048928 C:\WINDOWS\system32\DRIVERS\uagp35.sys

MD5: 1c43d4c8818dcbd8814e7c260744bcc4 C:\WINDOWS\system32\drivers\viahduaa.sys

MD5: 32575985212c2d9e6d04b3b17e215c7d C:\WINDOWS\system32\DRIVERS\videX32.sys

MD5: 0a716c08cb13c3a8f4f51e882dbf7416 C:\WINDOWS\System32\DRIVERS\wanatw4.sys

MD5: 21b0231d4b29fc782ab5111bf47ede56 C:\WINDOWS\system32\DRIVERS\xfilt.sys

MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll

MD5: fc80052194d5708254a346568f0e77c0 C:\WINDOWS\system32\GTNDIS5.SYS

MD5: 3fbef477816cee3e1b67c18727837bf9 C:\WINDOWS\system32\GTW32N50.dll

MD5: af61826b82de7b95d5db8ee075a172d2 C:\WINDOWS\system32\IEFRAME.dll

MD5: c0b6195f1afda4a3061915501eb75d4a C:\WINDOWS\system32\iepeers.dll

MD5: ba356bd33397936d2e292cb00f80c164 C:\WINDOWS\system32\iertutil.dll

MD5: 07b1ff45edd4845df545049eaf2cd1bc C:\WINDOWS\system32\igfxsrvc.dll

MD5: 9f22e3ce1639917eb07dcc730cd0d410 C:\WINDOWS\system32\IM31IMG.DIL

MD5: 86c5aac31ea7909121327701045f74bd C:\WINDOWS\system32\IMGMAN32.dll

MD5: 1206e36eb45cd0372fa200b3b0bb7841 C:\WINDOWS\system32\javacypt.dll

MD5: 0689622e6484934eb6e5f4d3a96311f9 C:\WINDOWS\system32\jscript.dll

MD5: a525c96c51d55111fdf3bea9ffffc7ae C:\WINDOWS\system32\kerberos.dll

MD5: 20fa028cb6506591a99c51432a3c0174 C:\WINDOWS\system32\LangWrbk.dll

MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\System32\logon.scr

MD5: bd31dc6dbe9333c4fbd4bdf0899f2160 C:\WINDOWS\system32\LSASRV.dll

MD5: 3419550e04f2313949525b8fc2db2a30 C:\WINDOWS\system32\lxbucfg.dll

MD5: ef847c37641ba7e5650031cde971380a C:\WINDOWS\system32\lxbucoms.exe

MD5: 4446082c938548c670bcabac8d4607c4 C:\WINDOWS\system32\lxbulmpm.DLL

MD5: 42e439d8b1c8c7e494353eddadfaee17 C:\WINDOWS\System32\lxbuprox.dll

MD5: 3afb6c78e12eb553de2a579fed85c4ed C:\WINDOWS\system32\LXPMONRC.DLL

MD5: 740a1e1cb32fc01965cc36ae4180a4a7 C:\WINDOWS\system32\LXPRMON.DLL

MD5: 67c04ffc699b37e1b15d702d723348bb C:\WINDOWS\system32\Macromed\Flash\Flash10p.ocx

MD5: 76848cb1aa5818db47d5f5986e0a7485 C:\WINDOWS\system32\MFC42.DLL

MD5: 22ba5235ea846eda87f68a1dcc2bfcf9 C:\WINDOWS\system32\mshtml.dll

MD5: d3f72d50de53f9f1f55240115af4d42e c:\windows\system32\msi.dll

MD5: e75aa32c6b79c846f5314ca4da92f29e C:\WINDOWS\system32\msjava.dll

MD5: 98e53ca00d3c0a2e9faa4e59c101aeba C:\WINDOWS\system32\mslbui.dll

MD5: c7e39ea41233e9f5b86c8da3a9f1e4a8 C:\WINDOWS\system32\mspmsnsv.dll

MD5: 29bd913d8fd1feb6728dc9b43b55c1d2 C:\WINDOWS\system32\MSRATING.dll

MD5: 585992d78b671aaa075c02241309795d C:\WINDOWS\system32\MSVCIRT.DLL

MD5: 943337d786a56729263071623bbb9de5 C:\WINDOWS\system32\mswsock.dll

MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll

MD5: f8f0d25ca553e39dde485d8fc7fcce89 C:\WINDOWS\system32\ntdll.dll

MD5: 06e587f41466569f32beaac7260e8aec C:\WINDOWS\System32\nwprovau.dll

MD5: 40b0f98bad16ad5def894e88c3ef8014 C:\WINDOWS\system32\ODBC32.dll

MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll

MD5: 1b2be5777f69a71778f52ffee1c798d6 C:\WINDOWS\system32\OLEAUT32.dll

MD5: f1dac7969c1337af790bd1d981aa780c C:\WINDOWS\system32\qmgrprxy.dll

MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll

MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll

MD5: 35f71ca38bf532abb76c1868ffb71b63 C:\WINDOWS\system32\S3Trayp.exe

MD5: abeedd547e939ad827b2e29dec754206 C:\WINDOWS\system32\schannel.dll

MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll

MD5: 62bdf8e945f23bee485bb3cb4ed19cb7 C:\WINDOWS\system32\SHDOCVW.dll

MD5: e86423aa9aa8c382af02b94a058dc2aa C:\WINDOWS\system32\SHELL32.dll

MD5: 99bc0b50f511924348be19c7c7313bbf C:\WINDOWS\system32\SHSVCS.dll

MD5: 3419550e04f2313949525b8fc2db2a30 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbucfg.dll

MD5: b5760622bcdc56f1abec3123b5bb7862 C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbudrec.dll

MD5: 2df78366a76dbbdecddedb18de9b054e C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll

MD5: bacac6542dcfb3590d6efda3fa4c4bbb C:\WINDOWS\system32\spool\drivers\w32x86\3\lxbutsfw.dll

MD5: 24d6b18cb2ac4aa51f88857e0dff5d33 C:\WINDOWS\System32\spool\PRTPROCS\W32X86\lxbuPP5C.dll

MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe

MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll

MD5: 3caeae7608f1bd7ba873a3b02895b106 C:\WINDOWS\system32\sti.dll

MD5: 5c4adb808b54126c1ed2fba0eae06c63 C:\WINDOWS\system32\upnpui.dll

MD5: 78bb1e601edab917094b0260a5a57c85 C:\WINDOWS\system32\urlmon.dll

MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe

MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\usp10.dll

MD5: 31cf51dcda1424b813cc97b20f71b431 C:\WINDOWS\system32\vbscript.dll

MD5: 9af7d69ba8e58573721c8b6785db4dc3 C:\WINDOWS\system32\VMHELPER.DLL

MD5: 147429092c26d18af550790ac102f32a C:\WINDOWS\system32\WgaLogon.dll

MD5: 291778dfebaa278b451d457b03c10ac1 C:\WINDOWS\system32\win32spl.dll

MD5: cc951c2212a200475a587a440e0aa804 C:\WINDOWS\system32\WININET.dll

MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll

MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll

MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll

MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe

MD5: 18473f44d6de85c8cb4e70f503c5ea64 C:\WINDOWS\System32\xactsrv.dll

MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll

MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

MD5: 33d9b7bb7ba323bafe489df033dac824 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.22509_x-ww_c7dad023\gdiplus.dll

The following file(s) must be uploaded for server-side scanning:

C:\Program Files\OpenOffice.org 3\program\localebe1.uno.dll

C:\Program Files\OpenOffice.org 3\URE\bin\bootstrap.uno.dll

C:\Program Files\OpenOffice.org 3\program\icuuc40.dll

C:\Program Files\OpenOffice.org 3\program\oooimprovecoremi.dll

C:\Program Files\OpenOffice.org 3\URE\bin\stocservices.uno.dll

C:\Program Files\OpenOffice.org 3\URE\bin\msci_uno.dll

C:\Program Files\OpenOffice.org 3\program\avmediami.dll

C:\Program Files\OpenOffice.org 3\program\oooimprovementmi.dll

C:\Program Files\OpenOffice.org 3\program\canvastoolsmi.dll

C:\Program Files\OpenOffice.org 3\program\i18nisolang1MSC.dll

C:\Program Files\OpenOffice.org 3\URE\bin\salhelper3MSC.dll

C:\Program Files\OpenOffice.org 3\program\logmi.dll

C:\Program Files\OpenOffice.org 3\program\lngmi.dll

C:\Program Files\OpenOffice.org 3\program\i18npapermi.dll

C:\Program Files\OpenOffice.org 3\URE\bin\cppu3.dll

C:\Program Files\OpenOffice.org 3\program\svlmi.dll

C:\Program Files\OpenOffice.org 3\program\tlmi.dll

C:\Program Files\OpenOffice.org 3\program\sofficeapp.dll

C:\Program Files\OpenOffice.org 3\program\fwemi.dll

C:\Program Files\OpenOffice.org 3\program\comphelp4MSC.dll

C:\Program Files\OpenOffice.org 3\program\ucbhelper4MSC.dll

C:\Program Files\OpenOffice.org 3\program\stsmi.DLL

C:\Program Files\OpenOffice.org 3\program\vos3MSC.dll

C:\Program Files\OpenOffice.org 3\program\sysmgr1.uno.dll

C:\Program Files\OpenOffice.org 3\URE\bin\store3.dll

C:\Program Files\OpenOffice.org 3\program\oleautobridge.uno.dll

C:\Program Files\OpenOffice.org 3\program\ucpfile1.dll

C:\Program Files\OpenOffice.org 3\program\cppcanvasmi.dll

C:\Program Files\OpenOffice.org 3\program\i18nutilMSC.dll

C:\Program Files\OpenOffice.org 3\program\sax.uno.dll

C:\Program Files\OpenOffice.org 3\URE\bin\jvmfwk3.dll

C:\Program Files\OpenOffice.org 3\URE\bin\stlport_vc7145.dll

C:\Program Files\OpenOffice.org 3\program\behelper.uno.dll

C:\Program Files\OpenOffice.org 3\program\basegfxmi.dll

C:\Program Files\OpenOffice.org 3\URE\bin\cppuhelper3MSC.dll

C:\Program Files\OpenOffice.org 3\program\saxmi.dll

C:\Program Files\OpenOffice.org 3\URE\bin\reg3.dll

C:\Program Files\OpenOffice.org 3\program\aggmi.dll

C:\Program Files\OpenOffice.org 3\program\libxml2.dll

C:\Program Files\OpenOffice.org 3\program\fwimi.dll

C:\Program Files\OpenOffice.org 3\program\ucb1.dll

C:\Program Files\OpenOffice.org 3\program\utlmi.dll

C:\Program Files\OpenOffice.org 3\URE\bin\uwinapi.dll

C:\Program Files\OpenOffice.org 3\program\gomi.dll

C:\Program Files\OpenOffice.org 3\program\emsermi.dll

C:\Program Files\OpenOffice.org 3\program\sotmi.dll

C:\Program Files\OpenOffice.org 3\program\drawinglayermi.dll

C:\Program Files\OpenOffice.org 3\program\xcrmi.dll

Upload started - 42 file(s)

salhelper3MSC.dll (13824)

oooimprovecoremi.dll (24576)

i18nisolang1MSC.dll (25088)

i18npapermi.dll (29696)

localebe1.uno.dll (30208)

behelper.uno.dll (31232)

sysmgr1.uno.dll (37376)

msci_uno.dll (52224)

store3.dll (55296)

i18nutilMSC.dll (67072)

saxmi.dll (82432)

oooimprovementmi.dll (83968)

uwinapi.dll (86016)

logmi.dll (89600)

jvmfwk3.dll (92160)

stocservices.uno.dll (92672)

reg3.dll (93184)

vos3MSC.dll (94208)

aggmi.dll (129024)

cppu3.dll (142848)

emsermi.dll (148992)

sax.uno.dll (156672)

ucb1.dll (197632)

avmediami.dll (200192)

ucpfile1.dll (256000)

sotmi.dll (256512)

cppcanvasmi.dll (279552)

oleautobridge.uno.dll (280576)

gomi.dll (293376)

sofficeapp.dll (334336)

fwimi.dll (352256)

ucbhelper4MSC.dll (358400)

cppuhelper3MSC.dll (431616)

bootstrap.uno.dll (453632)

utlmi.dll (463872)

tlmi.dll (493568)

stsmi.DLL (496640)

canvastoolsmi.dll (499200)

xcrmi.dll (530944)

basegfxmi.dll (588800)

stlport_vc7145.dll (597504)

svlmi.dll (734208)

Upload speed - 35 KB/s

Upload finished - 42 uploaded, 0 failed

The uploaded file(s) were found clean.

Scan finished - communication took 266 sec

Total traffic - 9.33 MB sent, 0.75 KB recvd

Scanned 642 files and modules - 379 seconds

==============================================================================

ESET

==============================================================================

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6427

# api_version=3.0.2

# EOSSerial=ebf3d3cb31b1024cbfdec2e4a564c618

# end=finished

# remove_checked=true

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2011-07-03 02:49:41

# local_time=2011-07-02 10:49:41 (-0500, Eastern Daylight Time)

# country="United States"

# lang=9

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=512 16777215 100 0 0 0 0 0

# compatibility_mode=1024 16777215 100 0 0 0 0 0

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=76335

# found=1

# cleaned=1

# scan_time=4376

C:\Documents and Settings\Owner\Application Data\Sun\Java\Deployment\cache\6.0\57\703418f9-5705768a multiple threats (deleted - quarantined) 00000000000000000000000000000000 C

Link to post
Share on other sites

OK, I'll buy you one one in a few years. Or if You're in the UK I'll have a mate buy you a pint.

:D Thanks ;)

Your logs appear to be clean! :D

Before we move on, please take the time to install the following updates, as using outdated applications leaves you vulnerable to getting infected again ;):

Java is out of date and older versions contain vulnerabilities. Please update to the newest version.

Download the newest version from here http://www.oracle.com/technetwork/java/javase/downloads/index.html.

It's important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.

Go to Start > Control Panel and open Add or Remove Programs.

Search in the list for all previous installed versions of Java. (J2SE Runtime Environment).

They will have this icon next to them: javaicon.gif

Select each in turn and click Remove.

Once old versions are gone, please install the newest version.

-------

You're using an old version of Adobe Acrobat Reader, this can leave your PC open to vulnerabilities, you can update it here (uninstall version 7.0 first):

Adobe Reader X

Note: I suggest you uncheck an optional, third-party download (eg. McAfee Security Scan Plus).

After successfully installing Adobe Reader X, see this article on how to make this program more secure: Adobe Reader X secures itself by playing in the sandbox.

-------

Please let me know how the updates went, as failed updates may indicate additional malware ;).

Link to post
Share on other sites

I will now provide you with some suggestions for security software, but first, ComboFix must be uninstalled ;) :

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /Uninstall

-------------

Please consider using these ideas to help secure your computer. While there is no way to guarantee safety when you use a computer, these steps will make it much less likely that you will need to endure another infection. While we really like to help people, we would rather help you protect yourself so that you won't need that help in the future. :)

Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates or get into the habit of checking Windows Update regularly. They usually have security updates every month. You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed. This is a crucial security measure.

You have NO antivirus program installed !

It is really dangerous to go online without an antivirus. Without one, you are extremely likely to get infected and the consequences could be even worse next time. All of the following are excellent free antiviruses. Be sure to only install one.

avast!.

AntiVir

AVG

Please consider installing and running some of the following programs; they are either free or have free versions of commercial programs:

Spybot-Search & Destroy

A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features if you don't have the resident part of another anti-spyware program running.

SpywareBlaster

A tutorial on using SpywareBlaster to prevent malware from ever installing on your computer may be found here.

SpywareGuard

A tutorial on using SpywareGuard for real-time protection against spyware and hijackers may be found here.

Please, consider maintaining a firewall with HIPS (Host Intrusion Prevention Systems). Firewalls are extremely important and are the first part of your computer's defense. HIPS stops malware by monitoring its behavior and it's very important, too.

A firewall is a software program or piece of hardware that helps screen out hackers, viruses, and worms that try to reach your computer over the Internet.

If you are using the Windows Firewall please note that it doesn't monitor or block outbound traffic and is therefore less effective than other free alternatives.

These firewalls are good and do have free versions available

A tutorial on understanding and using firewalls may be found here.

If you use Internet Explorer, it is a good idea to use IE-Spyad for ZonedOut which provides protections against malicious websites. (Requires 2 downloads)

Please keep these programs up-to-date and run them whenever you suspect a problem to prevent malware problems. A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster and IE-Spyad can be run with any of them.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

A similar category of programs is now called "scareware." Scareware programs are active infections that will pop-up on your computer and tell you that you are infected. If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed. It tells you to click and install it right away. If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further. Keeping protection updated and running resident protection can help prevent these infections. If it happens anyway, get offline as quickly as you can. Pull the internet connection cable or shut down the computer if you have to. Contact someone to help by using another computer if possible. These programs are also sometimes called 'rogues', but they are different than the older version of rogues mentioned above.

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Opera is another good option.

If you are interested, Firefox may be downloaded from here

Opera is available here: http://www.opera.com/download/

For much more useful information, please also read Tony Klein's excellent article: How did I get infected in the first place

Hopefully these steps will help to keep you error free. If you run into more difficulty, we will certainly do what we can to help. :)

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.