Jump to content

graciela

Members
  • Posts

    2
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Thanks so much for responding! My computer is basically acting the same except the search engine result/redirect issues that seemed to be linked to the svchost.exe*32 process have stopped. All other issues I described in the original post remain. I realize (now..) that I shouldn't have ran the other programs/procedure that I found in someone else's hijackthis log; sorry to complicate things :/ Just wanted to note - all the problems that I've mentioned started occuring prior to running any of those tools. Current malwarebytes log: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.05.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Graciela :: GRACIELA [administrator] Mar.04.2012 11:19:36 PM mbam-log-2012-03-04 (23-19-36).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 189859 Time elapsed: 3 minute(s), 10 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)
  2. So I've been experiencing the same sort of Google search redirect issues that many people have been posting about recently. This is something I noticed after I installed a Firefox update recently. Something went crazy with the update and Firefox was not opening / crashing repeatedly so I uninstalled it completely. This is my secondary computer so I wasn't using it too often - the next time I booted up, my computer was missing a bunch of icons that were on my desktop before (now I can only see them if I modify folder options to view hidden folders/operating system files). Computer is reporting HDD errors, Catalyst Control Center failure, errors on Boot and other CRAZINESS so I did a system restore. My anti-virus was somehow deleted and Windows Defender repeatedly disabled. System Restore didn't help so I installed AVG Free followed the procedure I saw in someone else's HijackThis Log that I had found in a google search on "svchost.exe*32". Problems still abound so now I'm back at the beginning. This is what I did before I read the "I'm infected..." sticky and saw what I was ACTUALLY supposed to do: -Downloaded, installed and updated Malwarebytes and performed a Quick Scan. -Ran TDSSkiller.exe -Temporarily disabled AVG and ran ComboFix Starting over, I redid an updated Malwarebytes Quick Scan and ddr.scr scan. UGH Sorry for making this harder! Can post any/all previous logs requested. Please HELP!! Most recent Malwarebytes: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.28.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Graciela :: GRACIELA [administrator] Feb.27.2012 8:49:28 PM mbam-log-2012-02-27 (20-49-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 187729 Time elapsed: 1 minute(s), 3 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Graciela\Downloads\qualcomm_extensible_diagnostic_monitor_qxdm_v3919.exe (PUP.BundleInstaller.MG) -> Quarantined and deleted successfully. (end) FIRST SCAN: Malwarebytes Anti-Malware 1.60.1.1000 www.malwarebytes.org Database version: v2012.02.25.02 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Graciela :: GRACIELA [administrator] Feb.25.2012 3:57:09 AM mbam-log-2012-02-25 (03-57-09).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 184516 Time elapsed: 5 minute(s), 51 second(s) Memory Processes Detected: 1 C:\Windows\svchost.exe (Trojan.Agent) -> 4548 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dplaysvr (Trojan.QHost.BG) -> Data: C:\Windows\system32\config\systemprofile\AppData\Local\dplaysvr.exe -> Quarantined and deleted successfully. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 4 C:\Users\Graciela\Downloads\qualcomm_extensible_diagnostic_monitor_qxdm_v3919.exe (PUP.BundleInstaller.MG) -> No action taken. C:\Users\Graciela\AppData\Roaming\Microsoft\9AE6\FB9.tmp (Trojan.Dropper.PE4) -> Quarantined and deleted successfully. C:\Windows\Temp\0.390891485845515667f76.exe (Spyware.Password) -> Quarantined and deleted successfully. C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot. (end) NEW DDS files: . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_24 Run by Graciela at 21:01:54 on 2012-02-27 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3836.2637 [GMT -8:00] . SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\Hpservice.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\SPLASH.SYS\config\DVMExportService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Apoint2K\Apoint.exe C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe C:\Program Files (x86)\Windows Sidebar\sidebar.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Apoint2K\ApMsgFwd.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\Apoint2K\Apntex.exe C:\Windows\system32\conhost.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe c:\Program Files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://google.com/ uInternet Settings,ProxyOverride = *.local BHO: HP Print Enhancer: {0347c33e-8762-4905-bf09-768834316c61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll uRun: [HPADVISOR] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW uRun: [sidebar] C:\Program Files (x86)\Windows Sidebar\sidebar.exe /autoRun mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript StartupFolder: C:\Users\Graciela\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SIDEBA~1.LNK - C:\Program Files (x86)\Windows Sidebar\sidebar.exe mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{10E680FD-D380-42DD-8D8E-D28696508F22} : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{10E680FD-D380-42DD-8D8E-D28696508F22}\059656665656E6 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{10E680FD-D380-42DD-8D8E-D28696508F22}\46271676F6E653 : DhcpNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{10E680FD-D380-42DD-8D8E-D28696508F22}\C696E6B6379737 : DhcpNameServer = 192.168.1.1 TCP: Interfaces\{10E680FD-D380-42DD-8D8E-D28696508F22}\C696E6B6379737F5750535F563437363 : DhcpNameServer = 209.18.47.61 209.18.47.62 Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" BHO-X64: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll BHO-X64: HP Print Enhancer - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll BHO-X64: HP Smart BHO Class - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun-x64: [WirelessAssistant] C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [nmctxth] "C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmctxth.exe" mRun-x64: [nmapp] "C:\Program Files (x86)\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript . ============= SERVICES / DRIVERS =============== . R1 DVMIO;DVMIO;C:\SPLASH.SYS\config\dvmio.sys [2009-9-27 21624] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AESTFilters;Andrea ST Filters Service;C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-3-2 89600] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 DvmMDES;DeviceVM Meta Data Export Service;C:\SPLASH.SYS\config\DVMExportService.exe [2009-7-8 323584] R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2011-6-21 85560] R2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-3-28 94264] R2 hpsrv;HP Service;C:\Windows\system32\Hpservice.exe --> C:\Windows\system32\Hpservice.exe [?] R3 clwvd;HP Webcam Splitter;C:\Windows\system32\DRIVERS\clwvd.sys --> C:\Windows\system32\DRIVERS\clwvd.sys [?] R3 Com4QLBEx;Com4QLBEx;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-11-5 227896] R3 enecir;ENE CIR Receiver;C:\Windows\system32\DRIVERS\enecir.sys --> C:\Windows\system32\DRIVERS\enecir.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] R3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys --> C:\Windows\system32\DRIVERS\usbfilter.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 HtcUsbMdmV64;HTC Proprietary USB Driver (PID 0B03);C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys --> C:\Windows\system32\DRIVERS\HtcUsbMdmV64.sys [?] S3 JMCR;JMCR;C:\Windows\system32\DRIVERS\jmcr.sys --> C:\Windows\system32\DRIVERS\jmcr.sys [?] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\system32\DRIVERS\WSDPrint.sys --> C:\Windows\system32\DRIVERS\WSDPrint.sys [?] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\system32\DRIVERS\yk62x64.sys --> C:\Windows\system32\DRIVERS\yk62x64.sys [?] . =============== Created Last 30 ================ . 2012-02-28 04:07:04 -------- d-sh--w- C:\$RECYCLE.BIN 2012-02-25 12:32:07 98816 ----a-w- C:\Windows\sed.exe 2012-02-25 12:32:07 518144 ----a-w- C:\Windows\SWREG.exe 2012-02-25 12:32:07 256000 ----a-w- C:\Windows\PEV.exe 2012-02-25 12:32:07 208896 ----a-w- C:\Windows\MBR.exe 2012-02-25 12:16:04 -------- d-----w- C:\TDSSKiller_Quarantine 2012-02-25 11:52:38 -------- d-----w- C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE 2012-02-25 11:52:36 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-02-20 20:13:12 -------- d-----w- C:\Users\Graciela\AppData\Roaming\AVG 2012-02-20 19:53:41 -------- d-----w- C:\Users\Graciela\AppData\Roaming\AVG2012 2012-02-20 19:51:36 -------- d-----w- C:\ProgramData\AVG2012 2012-02-20 19:50:49 -------- d-----w- C:\Program Files (x86)\AVG 2012-02-16 07:52:29 8602168 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{97634F34-43F2-46C0-B3E7-C137A98D5CB5}\mpengine.dll 2012-02-16 07:34:30 -------- d--h--w- C:\ProgramData\Common Files 2012-02-16 07:27:47 -------- d-----w- C:\ProgramData\MFAData 2012-02-15 19:47:34 -------- d--h--w- C:\ProgramData\Avira 2012-02-14 18:42:32 -------- d--h--w- C:\Users\Graciela\AppData\Roaming\9EE4A 2012-02-14 18:41:48 -------- d--h--w- C:\Users\Graciela\AppData\Roaming\6449E 2012-02-14 07:33:33 -------- d-----w- C:\Program Files (x86)\9EE4A 2012-02-14 07:19:57 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\163B.tmp 2012-02-14 07:19:57 6656 ---ha-w- C:\ProgramData\Microsoft\Windows\DRM\163A.tmp 2012-02-12 04:45:08 -------- d--h--w- C:\Users\Graciela\AppData\Roaming\ABBYY 2012-02-12 04:25:39 -------- d--h--w- C:\Users\Graciela\AppData\Local\ABBYY 2012-02-12 04:25:38 -------- d-----w- C:\Program Files (x86)\ABBYY FineReader 11 2012-02-12 04:25:37 -------- d--h--w- C:\ProgramData\ABBYY . ==================== Find3M ==================== . 2012-01-29 13:10:42 279656 ------w- C:\Windows\System32\MpSigStub.exe 2011-12-11 04:55:58 111616 ----a-w- C:\Windows\System32\drivers\HtcUsbMdmV64.sys 2011-12-10 23:24:08 23152 ----a-w- C:\Windows\System32\drivers\mbam.sys . ============= FINISH: 21:02:17.16 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.