Spywareblaster found using over 40% of CPU resources in hidden window, used Process Explorer to shut it down manually. Am worried that my computer may be compromised.
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 10/5/2014
Scan Time: 1:37:19 PM
Logfile: MalwareBytes AntiMalware Scan.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.10.05.08
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows XP Service Pack 3
CPU: x86
File System: NTFS
User: Francis
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361235
Time Elapsed: 24 min, 33 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Deep Rootkit Scan: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21376 BrowserJavaVersion: 11.20.2
Run by Francis at 14:56:03 on 2014-10-05
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3322.1798 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Panda USB Vaccine\USBVaccine.exe
C:\Program Files\Intel\IDU\awServ.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\spupdsvc.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\UTSCSI.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
C:\Program Files\Online Armor\OAui.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\Trillian\trillian.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files\EMET 4.1\EMET_agent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\IncrediMail\bin\IncMail.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IncrediMail\Bin\ImApp.exe
C:\PROGRA~1\Webshots\315~1.76~\Webshots.scr
C:\WINDOWS\system32\Rundll32.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\WINDOWS\system32\svchost.exe -k netsvcs
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://www.bankofamerica.com/index.jsp
dURLSearchHooks: {0BC6E3FA-78EF-4886-842C-5A1258C4455A} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.8.0_20\bin\ssv.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre1.8.0_20\bin\jp2ssv.dll
BHO: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - <orphaned>
uRun: [cdloader] "c:\documents and settings\francis\application data\mjusbsp\cdloader2.exe" MAGICJACK
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
uRun: [IncrediMail] c:\program files\incredimail\bin\IncMail.exe /c
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Google Update] "c:\documents and settings\francis\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /minimized /regrun
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\logitech webcam software\LWS.exe" /hide
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
mRun: [NvBackend] "c:\program files\nvidia corporation\update core\NvBackend.exe"
mRun: [EMET 4.1 Update 1 Agent] "c:\program files\emet 4.1\EMET_agent.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
dRunOnce: [FlashPlayerUpdate] c:\windows\system32\macromed\flash\FlashUtil32_14_0_0_145_ActiveX.exe -update activex
StartupFolder: c:\docume~1\francis\startm~1\programs\startup\spywar~1.lnk - c:\program files\spywareblaster\spywareblaster.exe
StartupFolder: c:\docume~1\francis\startm~1\programs\startup\webshots.lnk - c:\program files\webshots\3.1.5.7620\Launcher.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\pandau~1.lnk - c:\program files\panda usb vaccine\USBVaccine.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:323
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Add animation to IncrediMail Style Box - c:\program files\incredimail\bin\resources\WebMenuImg.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} - hxxp://www.logitech.com/devicedetector/plugins/LogitechDeviceDetection32.cab
DPF: {2EDF75C0-5ABD-49f9-BAB6-220476A32034} - hxxp://intel-drv-cdn.systemrequirementslab.com/wired/bin/sysreqlab_srlx.cab
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_17-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{3540AD61-7266-4DB8-AFEC-965424FAB09F} : DHCPNameServer = 192.168.0.1
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.tvguide.com/Listings/|https://calendar.yah...m/en/#autostart
FF - plugin: c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\firefox\profiles\lme39tzn.default\extensions\devicedetection@logitech.com\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\plugins\npgoogletalk.dll
FF - plugin: c:\documents and settings\francis\application data\mozilla\plugins\npo1d.dll
FF - plugin: c:\documents and settings\francis\local settings\application data\google\update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32(2).dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\browser\nppdf32(2).dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre1.8.0_20\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-4-18 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-4-18 192352]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswsnx.sys [2014-4-18 779536]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2014-4-18 414520]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2013-2-5 210360]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2013-2-5 44984]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2013-2-5 34856]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2013-2-5 31912]
R1 RapportCerberus_80049;RapportCerberus_80049;c:\documents and settings\all users\application data\trusteer\rapport\store\exts\rapportcerberus\baseline\RapportCerberus32_80049.sys [2014-8-20 433240]
R1 RapportEI;RapportEI;c:\program files\trusteer\rapport\bin\RapportEI.sys [2014-8-21 251928]
R2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys [2014-4-18 24184]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-4-18 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2014-4-18 50344]
R2 AWService;Admin Works Agent X8;c:\program files\intel\idu\awServ.exe [2006-12-27 74520]
R2 NvNetworkService;NVIDIA Network Service;c:\program files\nvidia corporation\netservice\NvNetworkService.exe [2014-4-18 1593632]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\OAcat.exe [2013-2-5 584864]
R2 RapportMgmtService;Rapport Management Service;c:\program files\trusteer\rapport\bin\RapportMgmtService.exe [2014-8-21 1919256]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-23 370688]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\OAsrv.exe [2013-2-5 4457688]
R3 appliandMP;appliandMP;c:\windows\system32\drivers\appliand.sys [2011-6-17 28256]
S1 SBRE;SBRE;\??\c:\windows\system32\drivers\sbredrv.sys --> c:\windows\system32\drivers\SBREdrv.sys [?]
S2 AGCoreService;AG Core Services; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2014-4-3 315008]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2009-8-30 1684736]
S3 appliand;Applian Network Service;c:\windows\system32\drivers\appliand.sys [2011-6-17 28256]
S3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2010-4-22 13192]
S3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2010-4-22 8456]
S3 RapportKELL;RapportKELL;c:\windows\system32\drivers\RapportKELL.sys [2014-8-21 206520]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2011-5-13 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2011-5-13 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2011-5-13 136808]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2010-10-5 25088]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
.
=============== Created Last 30 ================
.
2014-10-05 21:07:04 -------- d-----w- c:\program files\ESET
.
==================== Find3M ====================
.
2014-10-05 20:33:58 110296 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-09-11 23:40:29 71344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-09-11 23:40:29 701104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-08-27 20:11:29 96680 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-08-27 20:11:23 146432 ----a-w- c:\windows\system32\javacpl.cpl
2014-08-21 23:03:38 206520 ----a-w- c:\windows\system32\drivers\RapportKELL.sys
2014-07-12 07:55:42 779536 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-07-12 07:55:42 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-07-12 07:55:42 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-07-12 07:55:42 43152 ----a-w- c:\windows\avastSS.scr
2014-07-12 07:55:42 24184 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-07-12 07:55:42 192352 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2012-09-16 13:30:18 4096000 ----a-w- c:\program files\GUT4C47.tmp
2012-07-16 01:41:49 4024320 ----a-w- c:\program files\GUTC4D.tmp
2012-04-11 06:24:47 3993600 ----a-w- c:\program files\GUT30C.tmp
.
============= FINISH: 15:00:31.92 ===============
Results of screen317's Security Check version 0.99.88
Windows XP Service Pack 3 x86
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
SpywareBlaster 5.0
CCleaner
TweakNow RegCleaner 2011
Java 7 Update 67
Java 8 Update 20
Adobe Flash Player 15.0.0.152
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (32.0.3)
````````Process Check: objlist.exe by Laurent````````
Tall Emu Online Armor OAcat.exe
Tall Emu Online Armor oasrv.exe
Tall Emu Online Armor oaui.exe
Tall Emu Online Armor OAhlp.exe
ESET ESET Online Scanner OnlineScannerApp.exe
ESET ESET Online Scanner OnlineCmdLineScanner.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 16% Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````
QuickScan 32-bitv0.9.9.140
--------------------------
Scan date: Sun Oct 05 14:28:33 2014
Machine ID: C07B0D7
No infection found.
-------------------
Processes
---------
(unsigned) Enhanced Mitigation Experience Toolkit 1864 C:\Program Files\EMET 4.1\EMET_Agent.exe
(unsigned) UTSCSI Application 3768 C:\WINDOWS\system32\UTSCSI.EXE
(verified) AdminWorks 208 C:\Program Files\Intel\IDU\awServ.exe
(verified) avast! Antivirus 180 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(verified) avast! Antivirus 1728 C:\Program Files\AVAST Software\Avast\avastui.exe
(verified) COCIManager.exe 2560 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(verified) Emsisoft Online Armor 1604 C:\Program Files\Online Armor\OAcat.exe
(verified) Emsisoft Online Armor 3232 C:\Program Files\Online Armor\OAhlp.exe
(verified) Emsisoft Online Armor 1632 C:\Program Files\Online Armor\OAsrv.exe
(verified) Emsisoft Online Armor 1860 C:\Program Files\Online Armor\OAui.exe
(verified) ESET Online Scanner container 5624 C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
(verified) Firefox 2508 C:\Program Files\Mozilla Firefox\firefox.exe
(verified) Firefox 304 C:\Program Files\Mozilla Firefox\plugin-container.exe
(verified) IncrediMail 2396 C:\Program Files\IncrediMail\Bin\ImApp.exe
(verified) IncrediMail 4048 C:\Program Files\IncrediMail\Bin\IncMail.exe
(verified) Java Platform SE Auto Updater 3648 C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) Java Platform SE 7 U67 588 C:\Program Files\Java\jre7\bin\jqs.exe
(verified) Logitech Webcam Software 1724 C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(verified) LWS.exe 1596 C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(verified) Microsoft® Windows® Operating System 1792 C:\WINDOWS\explorer.exe
(verified) Microsoft® Windows® Operating System 3684 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 756 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 3612 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 840 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 3292 C:\WINDOWS\system32\regsvr32.exe
(verified) Microsoft® Windows® Operating System 4332 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 3584 C:\WINDOWS\system32\rundll32.exe
(verified) Microsoft® Windows® Operating System 828 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 680 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 520 C:\WINDOWS\system32\spoolsv.exe
(verified) Microsoft® Windows® Operating System 3132 C:\WINDOWS\system32\spupdsvc.exe
(verified) Microsoft® Windows® Operating System 1368 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3500 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1276 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1032 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 3808 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1100 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1828 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1524 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 2940 C:\WINDOWS\system32\svchost.exe
(verified) Microsoft® Windows® Operating System 1960 C:\WINDOWS\system32\wbem\unsecapp.exe
(verified) Microsoft® Windows® Operating System 2848 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 784 C:\WINDOWS\system32\winlogon.exe
(verified) NVIDIA Driver Helper Service, Version 3 2236 C:\WINDOWS\system32\nvsvc32.exe
(verified) NVIDIA GeForce Experience 3008 C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(verified) NVIDIA Network Service 736 C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(verified) OnlineCmdLineScanner.exe 6124 C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
(verified) PnkBstrA.exe 2416 C:\WINDOWS\system32\PnkBstrA.exe
(verified) PnkBstrB.exe 2516 C:\WINDOWS\system32\PnkBstrB.exe
(verified) Rapport 1196 C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
(verified) Rapport 1140 C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
(verified) Realtek HD Audio Sound Effect Manager 908 C:\WINDOWS\RTHDCPL.EXE
(verified) Skype 2880 C:\Program Files\Skype\Phone\Skype.exe
(verified) StarWind Alcohol Edition 3284 C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(verified) The Webshots Desktop 2776 C:\PROGRA~1\Webshots\315~1.76~\Webshots.scr
(verified) Trillian 3716 C:\Program Files\Trillian\trillian.exe
(verified) USB Vaccine 1400 C:\Program Files\Panda USB Vaccine\USBVaccine.exe
Network activity
----------------
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 23.72.180.179
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 64.233.185.138
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 77.73.177.243
Process AvastSvc.exe (180) connected on port 80 (HTTP) --> 77.234.43.65
Process svchost.exe (1276) connected on port 5678 --> 192.168.0.1
Process avastui.exe (1728) connected on port 80 (HTTP) --> 23.72.196.212
Process firefox.exe (2508) connected on port 443 (HTTP over SSL) --> 64.233.185.113
Process firefox.exe (2508) connected on port 443 (HTTP over SSL) --> 74.125.137.93
Process Skype.exe (2880) connected on port 40025 --> 65.55.223.22
Process Skype.exe (2880) connected on port 443 (HTTP over SSL) --> 134.170.25.80
Process Skype.exe (2880) connected on port 12350 --> 65.54.167.18
Process trillian.exe (3716) connected on port 3158 --> 74.201.34.2
Process trillian.exe (3716) connected on port 5222 (XMPP/Jabber) --> 64.233.176.125
Process trillian.exe (3716) connected on port 5050 (Yahoo Messenger) --> 66.196.120.77
Process trillian.exe (3716) connected on port 5050 (Yahoo Messenger) --> 66.196.121.61
Process trillian.exe (3716) connected on port 5190 (AIM/ICQ) --> 178.237.18.236
Process awServ.exe (208) listens on ports: 2804
Process svchost.exe (1100) listens on ports: 135 (RPC)
Process svchost.exe (1524) listens on ports: 2869 (SSDP event notification, UPNP)
Process Skype.exe (2880) listens on ports: 80 (HTTP), 63451
Process StarWindServiceAE.exe (3284) listens on ports: 3260 (iSCSI Target), 3261
Autoruns and critical files
---------------------------
(verified) Adobe Reader and Acrobat Manager C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(verified) Adobe® Flash® Player Update Service C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
(verified) Alcohol Virtual Drive Auto-mount Servic C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(verified) avast! Antivirus C:\Program Files\AVAST Software\Avast\avastui.exe
(verified) cdloader2 C:\Documents and Settings\Francis\Application Data\mjusbsp\cdloader2.exe
(unsigned) EASEUS Partition Master Loader C:\Program Files\EASEUS\EASEUS Partition Master 5.5.1 Home Edition\bin\epm0.exe
(verified) Emsisoft Online Armor C:\Program Files\Online Armor\oaevent.dll
(verified) Emsisoft Online Armor C:\Program Files\Online Armor\OAui.exe
(unsigned) Enhanced Mitigation Experience Toolkit C:\Program Files\EMET 4.1\EMET_Agent.exe
(verified) IncrediMail C:\Program Files\IncrediMail\Bin\IncMail.exe
(verified) Java Platform SE Auto Updater C:\Program Files\Common Files\Java\Java Update\jusched.exe
(verified) LWS.exe C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\crypt32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\shell32.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\xp_eos.exe
(verified) NVIDIA GeForce Experience C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(verified) NVIDIA Media Center Library C:\WINDOWS\system32\nvmctray.dll
(verified) NVIDIA Windows Display driver, Version C:\WINDOWS\system32\nvcpl.dll
(verified) nwiz.exe C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
(unsigned) QuickTime C:\Program Files\QuickTime\QTTask.exe
(verified) Realtek HD Audio Sound Effect Manager C:\WINDOWS\RTHDCPL.EXE
(verified) RunInteractiveWin.exe C:\Program Files\Panda USB Vaccine\RunInteractiveWin.exe
(verified) Skype C:\Program Files\Skype\Phone\Skype.exe
(verified) USB Vaccine C:\Program Files\Panda USB Vaccine\USBVaccine.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll
(verified) Google Update C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
(verified) Microsoft Genuine Advantage C:\WINDOWS\system32\WgaLogon.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\browseui.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\dimsntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ssbezier.scr
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) Microsoft® Windows® Operating System c:\WINDOWS\system32\userinit.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\wlnotify.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\WPDShServiceObj.dll
Browser plugins
---------------
(verified) Adobe Acrobat C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\Plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Bitdefender QuickScan C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
(verified) BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
(unsigned) frozen.dll C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
(verified) Google Talk Plugin C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npgoogletalk.dll
(verified) Google Talk Plugin Video Renderer C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npo1d.dll
(verified) Google Update C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll
(unsigned) googletoolbar-ff3.dll C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
(unsigned) googletoolbar-ff4.dll C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
(verified) IE Webrep plugin c:\program files\avast software\Avast\aswwebrepie.dll
(verified) Java Deployment Toolkit 8.0.200.26 C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll
(verified) Java Platform SE 8 U20 c:\program files\Java\jre1.8.0_20\bin\jp2ssv.dll
(verified) Java Platform SE 8 U20 C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
(verified) Java Platform SE 8 U20 c:\program files\Java\jre1.8.0_20\bin\ssv.dll
(verified) Logitech Device Detection C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
(verified) NPSWF32_15_0_0_152.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
(unsigned) QuickTime Plug-in 7.7.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.4 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(unsigned) QuickTime Plug-in 7.7.5 C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
(unsigned) QuickTime Plug-in 7.7.5 C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
(unsigned) QuickTime Plug-in 7.7.5 C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
(unsigned) QuickTime Plug-in 7.7.5 C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
(unsigned) QuickTime Plug-in 7.7.5 C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
(unsigned) Shockwave for Director C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
(verified) Silverlight Plug-In c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll
(verified) System Requirements Lab C:\WINDOWS\Downloaded Program Files\sysreqlab_srlx.dll
(unsigned) VLC Web Plugin C:\Program Files\VideoLAN\VLC\npvlc.dll
(verified) Windows Presentation Foundation c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
(verified) Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) Adobe® Flash® Player ActiveX C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe
(verified) Logitech Device Detection C:\WINDOWS\Downloaded Program Files\LogitechDeviceDetection32.ocx
(verified) Messenger C:\Program Files\Messenger\msmsgs.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\winrnr.dll
Scan
----
MD5: 9919c63e9150af648c42d28b5d72a32f C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\32029\RapportCerberus32_32029.sys
MD5: 4921a4f58e0ab3e1cff29132e9fe3d73 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus.dll
MD5: 33fc774ad3ab2805b7d8f31cb3ef3ecb C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus32_80049.sys
MD5: a2615ebaab4f9dfc1cf3ccd843d2fc4f C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportGP\baseline\RapportGP.dll
MD5: bc783fed2e7da53823f33e076ba1e171 C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
MD5: 7c0aa66e6352337ef923ba8b3aeb099d C:\Documents and Settings\Francis\Application Data\mjusbsp\cdloader2.exe
MD5: dfd5a8c94118c4e85b33245c2ddb553a C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\DeviceDetection@logitech.com\plugins\npLogitechDeviceDetection.dll
MD5: 8c3de46457b62e82035bfb1cba29fd7d C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll
MD5: 182bc06b8cddb225f1d9444e0af88003 C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll
MD5: eb28fe2670c1670cd077c3976f6a68f7 C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\libraries\googletoolbar-ff4.dll
MD5: 4e7d4a67e774addd7fd68b20692a0af5 C:\Documents and Settings\Francis\Application Data\Mozilla\Firefox\Profiles\lme39tzn.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dll
MD5: dd31f0c436e4f5e6fa9783ff8a80adc1 C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npgoogletalk.dll
MD5: 5cb01cf141e021daae96991a5ba57944 C:\Documents and Settings\Francis\Application Data\Mozilla\plugins\npo1d.dll
MD5: fb5621842fdabf9f8359775573498fbc C:\Documents and Settings\Francis\Local Settings\Application Data\Google\Update\1.3.24.15\npGoogleUpdate3.dll
MD5: e96b7ed87f8cccfdbfc59cbcfa54604e C:\Program Files\Adobe\Photoshop Elements 2\psicon.dll
MD5: 005ebe4a4e6e9c9a7967f6c3f413c1df C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
MD5: af365a1251fefbe0bd55886d1d0acf17 C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe
MD5: 9ea93673394601db13cf5519cf7f5de7 C:\Program Files\AVAST Software\Avast\1033\Base.dll
MD5: 38c2dffaf625f42ead1b79f6b3c80ea8 C:\Program Files\AVAST Software\Avast\1033\uiLangRes.dll
MD5: 39d931c0ce95706e3951f0a097039301 C:\Program Files\AVAST Software\Avast\aavm4h.dll
MD5: 2d44ebd52ec34e25dda0eee07032c418 C:\Program Files\AVAST Software\Avast\AavmRpch.dll
MD5: 351116d622ba080071a1cf6ed6af1e99 C:\Program Files\AVAST Software\Avast\AhAScr.dll
MD5: e693a3ac10f2fc6aa0db865a04108022 C:\Program Files\AVAST Software\Avast\AhResMai.dll
MD5: 33edf6ccc9deb9e6efd8d7fc423d6123 C:\Program Files\AVAST Software\Avast\AhResStd.dll
MD5: 0acfc95ee2af5c5e568621d097cc4fa2 C:\Program Files\AVAST Software\Avast\AhResWS.dll
MD5: 2122feef03bcb6cfe5c67483666b2a62 C:\Program Files\AVAST Software\Avast\AhResWS2.dll
MD5: 38fc1d28b0e1ea74f98bb3f743db101a C:\Program Files\AVAST Software\Avast\ashbase.dll
MD5: 8074fb74d7e599bafea3691dc1381e2f C:\Program Files\AVAST Software\Avast\ashMaiSv.dll
MD5: be37d90fa0349b08b036bd33e85141c9 C:\Program Files\AVAST Software\Avast\ashServ.dll
MD5: 0aa25a2f866fe94747b3ede7fe9faa77 C:\Program Files\AVAST Software\Avast\ashShell.dll
MD5: e4b7e7985cb75de4e48e96d35a0dbf97 C:\Program Files\AVAST Software\Avast\ashTask.dll
MD5: 95884e0e8eae21f7df7a8916a7e058cf C:\Program Files\AVAST Software\Avast\ashTaskEx.dll
MD5: e67f6199a9ae98ab4a53150a6eb6dac3 C:\Program Files\AVAST Software\Avast\ashWebSv.dll
MD5: c5164f0e10aaa9f38e90036fe9f3e99f C:\Program Files\AVAST Software\Avast\ashWsFtr.dll
MD5: 12b437cad5fc07b3b33ce1c1355bbcc6 C:\Program Files\AVAST Software\Avast\aswAra.dll
MD5: 3211e20da6c5ebe28cf7e4c3a55278e4 C:\Program Files\AVAST Software\Avast\aswAux.dll
MD5: 1ba6666ed0c7b576088a36e911199033 C:\Program Files\AVAST Software\Avast\aswCmnBS.dll
MD5: b57fd7dd0faf85f737dc3d483a9d63bb C:\Program Files\AVAST Software\Avast\aswCmnIS.dll
MD5: 3ced666bc61431dcd928e03ed4abcaea C:\Program Files\AVAST Software\Avast\aswCmnOS.dll
MD5: 8d113c7490621ff50f9ba46c7d8c423e C:\Program Files\AVAST Software\Avast\aswCommChannel.dll
MD5: 7ebd87a09658779205891d08f37ab234 C:\Program Files\AVAST Software\Avast\aswData.dll
MD5: 77f8c2f976899f7656c5e34d145b13f2 C:\Program Files\AVAST Software\Avast\aswEngLdr.dll
MD5: d5862c49cb0128de426b9a6d815fd9ea C:\Program Files\AVAST Software\Avast\aswJsFlt.dll
MD5: 847854c4c4332dc00665380dabc06c41 C:\Program Files\AVAST Software\Avast\aswjsscan.dll
MD5: 44574eafcdda003a22e4df3ea73840af C:\Program Files\AVAST Software\Avast\aswLog.dll
MD5: 8e8d82756f3ddc86d53651e3fb432b9d C:\Program Files\AVAST Software\Avast\aswPatchMgt.dll
MD5: 29fe98d9412388243e41869143d1805b C:\Program Files\AVAST Software\Avast\aswProperty.dll
MD5: 1c9279122415243f236d337a09bf5360 C:\Program Files\AVAST Software\Avast\aswRemoteCache.dll
MD5: 6c636f85ae27b1b2c789599bb1136f9d C:\Program Files\AVAST Software\Avast\aswResourceLib.dll
MD5: c30beb2365677974efa19b791e1aad85 C:\Program Files\AVAST Software\Avast\aswSqLt.dll
MD5: 5a9bd26d965f1e4dac668c8f0c738fb7 C:\Program Files\AVAST Software\Avast\aswStrm.dll
MD5: b60ff0cc532b9d3e28610f614cdedb64 C:\Program Files\AVAST Software\Avast\aswUtil.dll
MD5: 18774b66edf003f338a0802ff2b122e0 c:\program files\avast software\Avast\aswwebrepie.dll
MD5: 1ad8512a5c40ad1a0558498d8e0ac2aa C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
MD5: 7486ba75019d8c3a13eba7867faabe7d C:\Program Files\AVAST Software\Avast\avastIP.dll
MD5: 73f5c13b431915bae35254b4e95dfb71 C:\Program Files\AVAST Software\Avast\AvastSvc.exe
MD5: 26b558b2d31c7425b455b00e562ead93 C:\Program Files\AVAST Software\Avast\avastui.exe
MD5: 59fd0296e32362cd7a3e66a028b56b9a C:\Program Files\AVAST Software\Avast\CommonRes.dll
MD5: 5c5e3afd499e5146fef1da5ef8a23205 C:\Program Files\AVAST Software\Avast\dbghelp.dll
MD5: 1242797f1836c7f6e1b10294366a0af4 C:\Program Files\AVAST Software\Avast\defs\14100501\algo.dll
MD5: 8ece9daff97569945ec3a4cd857b8677 C:\Program Files\AVAST Software\Avast\defs\14100501\aswCleanerDLL.dll
MD5: 4b9975a4b6165a40d057763343b511e0 C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnBS.dll
MD5: 547aa2a17c792c10e9cf8804ce145eee C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnIS.dll
MD5: f4fae7b7bf5d841e112c75190931b36c C:\Program Files\AVAST Software\Avast\defs\14100501\aswCmnOS.dll
MD5: 84d1cfe07334957aabc0eeaa56f8adb1 C:\Program Files\AVAST Software\Avast\defs\14100501\aswEngin.dll
MD5: 5e32e7c5542d95e04e8abe8b3f676d11 C:\Program Files\AVAST Software\Avast\defs\14100501\aswFiDb.dll
MD5: e111a956689011c0ab482bf282157e25 C:\Program Files\AVAST Software\Avast\defs\14100501\aswRep.dll
MD5: a21579bc188faf7f7cd69c0e5bdfef81 C:\Program Files\AVAST Software\Avast\defs\14100501\aswScan.dll
MD5: 845409bfe18045cf6e6ba4f7778a494a C:\Program Files\AVAST Software\Avast\defs\14100501\swhealthex.dll
MD5: bf05d5abc938a6fc04e193bc50954dc6 C:\Program Files\AVAST Software\Avast\defs\14100501\uiext.dll
MD5: a9ff57ec69f8c593aa3712b3c8f02002 C:\Program Files\AVAST Software\Avast\HTMLayout.dll
MD5: 5be1cd443e2d6495e22cbb40d532e1f0 C:\Program Files\AVAST Software\Avast\icudt.dll
MD5: 0e3dbab333b4dab6e423b21df63ee963 C:\Program Files\AVAST Software\Avast\libcef.dll
MD5: 62cc8c657affea3d06fe2ca98883b5d8 C:\Program Files\AVAST Software\Avast\libeay32.dll
MD5: e1ddc372856277744bd6ea9dbbb60198 C:\Program Files\AVAST Software\Avast\snxhk.dll
MD5: 10505f2b5a89b60971192505824a5ef3 C:\Program Files\AVAST Software\Avast\ssleay32.dll
MD5: edfa163fdbd7051cd9148410e4b56af0 C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\pdfshell.dll
MD5: 048ea4b978851788e9f5e8e4f081df7a C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MD5: 4e534a59198d80ffc824f7ffe58d6658 C:\Program Files\Common Files\Java\Java Update\jusched.exe
MD5: 98d472ecfbc0e8ed25a0483e765f42b6 C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
MD5: c11ec54689f776c1731e084e1649974c C:\Program Files\Common Files\logishrd\LQCVFX\COCIManagerPS.dll
MD5: 3b5017bb8032f79f84fe7d42e112c2d6 C:\Program Files\EASEUS\EASEUS Partition Master 5.5.1 Home Edition\bin\epm0.exe
MD5: 0899d798c9a6e00e2b0d0718d33a52f1 C:\Program Files\EMET 4.1\DevExpress.Data.v12.2.dll
MD5: 77ad68d3c2108b6a25c26ff6e700d6c2 C:\Program Files\EMET 4.1\DevExpress.UserSkins.HighContrast.DLL
MD5: 4199cd82ff6f731dbf1f365f56ae9980 C:\Program Files\EMET 4.1\DevExpress.Utils.v12.2.dll
MD5: f19ca39e344672f1888b24d53e90ab47 C:\Program Files\EMET 4.1\DevExpress.XtraBars.v12.2.dll
MD5: 69e7a7f5837e69e642ffde6fa1e24b2c C:\Program Files\EMET 4.1\DevExpress.XtraEditors.v12.2.dll
MD5: 9a6902aa5c3f47987b0b5018ae3dcfd7 C:\Program Files\EMET 4.1\EMET_Agent.exe
MD5: 04f4c6b2dea5aed172c11991acfd5cf8 C:\Program Files\EMET 4.1\EMET_CE.dll
MD5: 576a12b5613972ae1caa756a819468da C:\Program Files\EMET 4.1\HelperLib.DLL
MD5: c6b89ed3f1b5438f3319784d7b99816b C:\Program Files\EMET 4.1\MitigationInterface.DLL
MD5: 1e7dec0ea7e802566eb01350eb295d94 C:\Program Files\EMET 4.1\PKIPinningSubsystem.DLL
MD5: 5a9e8904a709ed01404c2d64b1a80ac4 C:\Program Files\EMET 4.1\ReportingSubsystem.DLL
MD5: 103925205724030358a827086a0bd1dd C:\Program Files\EMET 4.1\TrayIconSubsystem.DLL
MD5: 56244d941c56d2fe9c0b063254526a14 C:\Program Files\ESET\ESET Online Scanner\esets_apiW_a.dll
MD5: 3c3f35c91f230493b088b334e39d1f7a C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MD5: 2201015797989afc0d90df00bc9f5e39 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: e273331224005c5a8a504164373de1dc C:\Program Files\ESET\ESET Online Scanner\OnlineScannerApp.exe
MD5: f7350b698c6411b9b7441c4746c20d19 C:\Program Files\IncrediMail\Bin\dten600.dll
MD5: fef159195d0d3af650f58fccea6fe9f8 C:\Program Files\IncrediMail\Bin\ImABU.dll
MD5: 59a409bab55e72d33409a8a99f50db17 C:\Program Files\IncrediMail\Bin\ImApp.exe
MD5: 043dcf69ab739bed731cca8cb016870b C:\Program Files\IncrediMail\Bin\ImAppRU.dll
MD5: 4a7193cde187e524991e26e55425d8ba C:\Program Files\IncrediMail\Bin\ImComUtlU.dll
MD5: bbe4b4070dd83339da35f9bc71d4046d C:\Program Files\IncrediMail\Bin\ImDbU.dll
MD5: 4a40822479123cc846984ffc1675c16c C:\Program Files\IncrediMail\Bin\ImFeatRU.dll
MD5: b756b0aa5d0a7d35ffd2c54855ddf19a C:\Program Files\IncrediMail\Bin\ImFeatU.dll
MD5: c9715a36dc8083b4183c678bc8f44a2b C:\Program Files\IncrediMail\Bin\ImFoldrsU.dll
MD5: 5c072cd90e3bdd3c6de1c18c05a8261f C:\Program Files\IncrediMail\Bin\IMHttpComm.dll
MD5: 55c830b18ae14f4fe45e1af292dd8f6e C:\Program Files\IncrediMail\Bin\ImJunkU.dll
MD5: 5dc4c9020326882a863d864efda85cdd C:\Program Files\IncrediMail\Bin\ImLookExU.dll
MD5: e15c31482534b7844d8d745de368db89 C:\Program Files\IncrediMail\Bin\ImLookU.dll
MD5: c9e41a49b51388017754e764fe161542 C:\Program Files\IncrediMail\Bin\ImMangrRU.dll
MD5: 1b582d1c28cea5f996a5bb0205ef964a C:\Program Files\IncrediMail\Bin\ImMangrU.dll
MD5: dda07663f5deaba6da8286335e1df0e2 C:\Program Files\IncrediMail\Bin\ImMapiU.dll
MD5: 52b223b01abfc33c5c8908ef7937931c C:\Program Files\IncrediMail\Bin\ImNotfyU.dll
MD5: f87e543458197def9f4766a15cd49d9f C:\Program Files\IncrediMail\Bin\ImNtUtilU.dll
MD5: f55106ce7fa65f70eef30d84b221e8f3 C:\Program Files\IncrediMail\Bin\ImParserU.dll
MD5: 334b0c2dc33fc972441982769e7f1284 C:\Program Files\IncrediMail\Bin\ImSearchU.dll
MD5: bc645075375dc09798e377f91b12ad20 C:\Program Files\IncrediMail\Bin\ImServU.dll
MD5: ff2b4b7d501c449759be82d326a1e353 C:\Program Files\IncrediMail\Bin\ImShExtU.dll
MD5: 6d52efc1a69e40705e39de12790ce8cf C:\Program Files\IncrediMail\Bin\ImSpoolU.dll
MD5: b642e347bbed1c1fa257888a56f4163e C:\Program Files\IncrediMail\Bin\ImSuppRU.dll
MD5: cba44593a4f8546e4faf7588eae51f10 C:\Program Files\IncrediMail\Bin\ImSuppU.dll
MD5: bcacdb08f6c7a688a9e7f0c4c25997cf C:\Program Files\IncrediMail\Bin\ImToolsU.dll
MD5: 7c1ce252b5eaf668d4232bd00db4456f C:\Program Files\IncrediMail\Bin\ImUtilsU.dll
MD5: 1af07af7ab7e47077f9183d12aa762b9 C:\Program Files\IncrediMail\Bin\ImViewRU.dll
MD5: a202270bd6cc5159308228928720dcb5 C:\Program Files\IncrediMail\Bin\ImViewU.dll
MD5: 9a1816812faefa9692c690d6e29e53d4 C:\Program Files\IncrediMail\Bin\ImWrappU.dll
MD5: d645b082e49f8655f14c61db4eebba1d C:\Program Files\IncrediMail\Bin\IncMail.exe
MD5: 75f0850d3f6532d39f6ce3cf0b0f1566 C:\Program Files\IncrediMail\Bin\IncMailRU.dll
MD5: 3c2baa4b0b3d1b606398ed39d81012d2 C:\Program Files\IncrediMail\Bin\PMC.dll
MD5: d0e96e6617fc4f7c5ad5f2ce71d3b1a4 C:\Program Files\IncrediMail\Bin\SftTree_IX86_U_60.dll
MD5: e40583ff024f5ad26e533e28bd31f15b C:\Program Files\IncrediMail\Bin\sqlite3.dll
MD5: fbcfac06ac0856355d8aa0c510cee0b2 C:\Program Files\IncrediMail\Bin\ssce5432.dll
MD5: 6e6f0f2504fa2d8c8fe2ea05b2105850 C:\Program Files\IncrediMail\Bin\wflash3.dll
MD5: 1f8af353bccee3873f09956009df0d5b C:\Program Files\IncrediMail\Bin\wlessfp1.dll
MD5: 8582c97889c224082578ee02aa00b2e6 C:\Program Files\Intel\IDU\awServ.exe
MD5: 06c8338adce8ffcd98970566eb02b094 C:\Program Files\Intel\IDU\cpuid_dll.dll
MD5: 4e03579975d79dd1fc16d349ab80c283 C:\Program Files\Intel\IDU\Provider\ISensorPlug.dll
MD5: d4bd91fc083bf16dbdcc20dc857d9719 C:\Program Files\Intel\IDU\Provider\ISystemPlug.dll
MD5: 2a36422335b6d31bd047d66f12828200 C:\Program Files\Intel\IDU\Provider\SmbiosPlug.dll
MD5: 47d0878522d2aa03d6488d11812fc79f C:\Program Files\Intel\IDU\sysapi.dll
MD5: 421cb2c1010522b3bf7c00725520b844 C:\Program Files\Internet Explorer\Plugins\nppdf32.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
MD5: 1fbb6e454767a5b43dd980c7de5d89f6 C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
MD5: a505b03de9372a2de9f65f198d82354b C:\Program Files\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll
MD5: f6bd3c66e7ef6002b0c003e6fee158bc c:\program files\Java\jre1.8.0_20\bin\jp2ssv.dll
MD5: 08b9f4ddd03925ab803f0cdc256ec5b4 C:\Program Files\Java\jre1.8.0_20\bin\plugin2\npjp2.dll
MD5: a5f21b1b18bbdb8101c35063bfb341eb c:\program files\Java\jre1.8.0_20\bin\ssv.dll
MD5: bf918c9473d64bbd53c22c47045883f5