Jump to content

auttomich

Members
  • Posts

    1
  • Joined

  • Last visited

Everything posted by auttomich

  1. HI I think my computer is infected, i ran malwarebytes and nothing shows up. Internet explorer stops working, redirects. I ran the dds like it said to do on the forum. here is the log. . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by atomich at 11:13:44 on 2012-06-04 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8149.6151 [GMT -4:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Common Files\SPBA\upeksvr.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\2020\Giza\gf_main.exe C:\Windows\explorer.exe C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\atomich\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uWindow Title = Windows Internet Explorer provided by Yahoo! uStart Page = hxxp://www.yahoo.com/ uInternet Settings,ProxyOverride = <local> mWinlogon: Userinit=userinit.exe BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: TmIEPlugInBHO Class: {1ca1377b-dc1d-4a52-9585-6e06050fac53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll uRun: [<NO NAME>] uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [iSUSPM] "C:\ProgramData\Macrovision\FLEXnet Connect\11\ISUSPM.exe" -scheduler uRun: [Google Update] "C:\Users\atomich\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84}] rundll32.exe "C:\Users\atomich\AppData\Local\{6B597B5A-F27E-4923-B9AF-6FD87B171320}\{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84}\zgkpnd.dll",DllRegisterServer mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: DisableCAD = 1 (0x1) IE: Append to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert link target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://2020commercialtraining.webex.com/client/T26L10NSP49EP26/support/ieatgpc1.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{73FFA776-5DB5-445E-B6E0-CC755BCF6DC0} : DhcpNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL LSA: Authentication Packages = msv1_0 wvauth mASetup: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: TmIEPlugInBHO Class: {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - c:\Program Files (x86)\Trend Micro\Client Server Security Agent\bho\1009\TmIEPlg32.dll BHO-X64: Trend Micro NSC BHO - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File BHO-X64: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL Hosts: 10.0.11.30 maifile maifile.maispace.local . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 raddrvv3;raddrvv3;C:\Windows\SysWOW64\rserver30\raddrvv3.sys [2010-4-21 68680] R1 se64a;EnTech softEngine;C:\Windows\System32\drivers\se64a.sys [2007-5-3 14032] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 e1cexpress;Intel® PRO/1000 PCI Express Network Connection Driver C;C:\Windows\system32\DRIVERS\e1c62x64.sys --> C:\Windows\system32\DRIVERS\e1c62x64.sys [?] R3 MEIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 mirrorv3;mirrorv3;C:\Windows\system32\DRIVERS\rminiv3.sys --> C:\Windows\system32\DRIVERS\rminiv3.sys [?] R3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] R3 SNTUSB64;SafeNet USB SuperPro/UltraPro/HardwareKey;C:\Windows\system32\DRIVERS\SNTUSB64.SYS --> C:\Windows\system32\DRIVERS\SNTUSB64.SYS [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-5-31 654408] S2 Sentinel64;Sentinel64;C:\Windows\system32\Drivers\Sentinel64.sys --> C:\Windows\system32\Drivers\Sentinel64.sys [?] S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?] S3 IntcDAud;Intel® Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?] S3 mbamchameleon;mbamchameleon;\??\C:\Windows\system32\drivers\mbamchameleon.sys --> C:\Windows\system32\drivers\mbamchameleon.sys [?] S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880] S3 netvsc;netvsc;C:\Windows\system32\DRIVERS\netvsc60.sys --> C:\Windows\system32\DRIVERS\netvsc60.sys [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 SynthVid;SynthVid;C:\Windows\system32\DRIVERS\VMBusVideoM.sys --> C:\Windows\system32\DRIVERS\VMBusVideoM.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-3 257696] S4 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2011-11-30 133944] S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-24 13336] S4 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\system32\IProsetMonitor.exe --> C:\Windows\system32\IProsetMonitor.exe [?] S4 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S4 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S4 RServer3;Radmin Server V3;C:\Windows\SysWOW64\rserver30\rserver3.exe [2010-4-21 1242480] S4 softOSD;softOSD;C:\Program Files (x86)\softOSD\softOSD.exe [2010-12-18 291384] S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-10-24 2656536] S4 Wave Authentication Manager Service;Wave Authentication Manager Service;C:\Program Files\Dell\Dell Data Protection\Access\Advanced\Wave\Authentication Manager\WaveAMService.exe [2011-7-1 1600000] . =============== Created Last 30 ================ . 2012-06-04 14:32:53 -------- d-----w- C:\Users\atomich\AppData\Local\{D7A29127-C564-4473-8F21-4FE17E6CBE32} 2012-06-04 14:32:42 -------- d-----w- C:\Users\atomich\AppData\Local\{8A5C9CA1-B14D-4037-A3AC-BA0BF79FEE93} 2012-06-04 13:26:52 69000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F26EB8E2-4B32-4F87-A867-F7B10E41A0AB}\offreg.dll 2012-06-04 02:32:18 -------- d-----w- C:\Users\atomich\AppData\Local\{7F911415-A865-43A5-BBB3-0A6A18387B59} 2012-06-03 14:31:55 -------- d-----w- C:\Users\atomich\AppData\Local\{D7D95B94-5002-45B6-BD0E-E5851B13CD60} 2012-06-03 14:31:45 -------- d-----w- C:\Users\atomich\AppData\Local\{F5743E8A-1D51-4692-9838-A2CF8609ABEA} 2012-06-02 13:22:08 -------- d-----w- C:\Users\atomich\AppData\Local\{904A6B08-D358-4E27-9CB8-C3731B899C0A} 2012-06-02 13:21:57 -------- d-----w- C:\Users\atomich\AppData\Local\{4AA66806-E151-4EB0-B0B9-075B19EA0916} 2012-06-02 01:21:44 -------- d-----w- C:\Users\atomich\AppData\Local\{F61252FC-A07B-460E-B445-45FF761C7BFB} 2012-06-02 01:21:33 -------- d-----w- C:\Users\atomich\AppData\Local\{42F4AF5C-2E1E-47F2-A6DA-259584264B15} 2012-06-01 13:46:56 33096 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys 2012-06-01 13:21:21 -------- d-----w- C:\Users\atomich\AppData\Local\{6DBA5C80-618B-430C-BA0D-9267A10CFBB3} 2012-06-01 13:21:10 -------- d-----w- C:\Users\atomich\AppData\Local\{373B6051-BA0B-482D-9D7C-9AE3E2F4D88B} 2012-06-01 08:03:30 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F26EB8E2-4B32-4F87-A867-F7B10E41A0AB}\mpengine.dll 2012-06-01 01:20:56 -------- d-----w- C:\Users\atomich\AppData\Local\{32DE006E-6966-4C90-A6D3-8BB107CA7070} 2012-06-01 01:20:44 -------- d-----w- C:\Users\atomich\AppData\Local\{5D509465-BC92-4DD4-9F2F-C70D5087ABAE} 2012-05-31 16:45:40 584 ----a-w- C:\Windows\SysWow64\reset.bat 2012-05-31 16:01:42 -------- d-----w- C:\Users\atomich\AppData\Local\Google 2012-05-31 16:01:02 -------- d-----w- C:\Users\atomich\AppData\Local\Apps 2012-05-31 16:01:01 -------- d-----w- C:\Users\atomich\AppData\Local\Deployment 2012-05-31 15:47:17 24416 ----a-r- C:\Windows\System32\AdobePDFUI.dll 2012-05-31 15:38:45 52568 ----a-w- C:\Windows\System32\AdobePDF.dll 2012-05-31 15:34:44 -------- d-----w- C:\Program Files (x86)\Common Files\Macrovision Shared 2012-05-31 15:06:17 -------- d-----w- C:\_AcroTemp 2012-05-31 14:59:10 -------- d-----w- C:\Users\atomich\AppData\Roaming\Malwarebytes 2012-05-31 14:59:01 -------- d-----w- C:\ProgramData\Malwarebytes 2012-05-31 14:59:01 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-05-31 13:20:20 -------- d-----w- C:\Users\atomich\AppData\Local\{7C981887-28B4-4D72-9C37-3A85AC686EA6} 2012-05-31 13:20:09 -------- d-----w- C:\Users\atomich\AppData\Local\{B437272D-3640-442C-90C4-4FC84CAE7341} 2012-05-31 01:19:57 -------- d-----w- C:\Users\atomich\AppData\Local\{5BE9229D-16FF-4474-ACCA-DC66CDAF4A67} 2012-05-31 01:19:46 -------- d-----w- C:\Users\atomich\AppData\Local\{0A7D7DB6-8F11-4870-99FF-F8D55013A569} 2012-05-30 13:19:24 -------- d-----w- C:\Users\atomich\AppData\Local\{B8274B30-E0D9-4505-A7C0-50A6FB21402B} 2012-05-30 13:19:13 -------- d-----w- C:\Users\atomich\AppData\Local\{5DF6CF40-6375-4B05-AB78-6662A9DEF1D2} 2012-05-30 01:19:01 -------- d-----w- C:\Users\atomich\AppData\Local\{F4890901-2F77-4598-8640-216E314EED89} 2012-05-30 01:18:50 -------- d-----w- C:\Users\atomich\AppData\Local\{3CCCB88F-F74F-48DC-AEB7-B37AFE40A67D} 2012-05-29 13:18:38 -------- d-----w- C:\Users\atomich\AppData\Local\{54F82E25-7348-4D96-9EC4-2DFDC60A015C} 2012-05-29 13:18:27 -------- d-----w- C:\Users\atomich\AppData\Local\{A51AEA76-221E-44F0-971C-6B4346CA8214} 2012-05-29 01:18:15 -------- d-----w- C:\Users\atomich\AppData\Local\{ED370CC5-8A18-4021-AA2D-3AE3AD74AA55} 2012-05-29 01:18:03 -------- d-----w- C:\Users\atomich\AppData\Local\{E8A70367-E0B2-483F-A28E-00A0206D15CC} 2012-05-28 13:17:51 -------- d-----w- C:\Users\atomich\AppData\Local\{4E48CDC4-672D-427D-8D04-DE94026139A6} 2012-05-28 13:17:40 -------- d-----w- C:\Users\atomich\AppData\Local\{5A00ECB0-4208-4373-91EB-CA84D1B66943} 2012-05-28 01:17:28 -------- d-----w- C:\Users\atomich\AppData\Local\{72280971-4A36-457F-B692-BB86D52C9401} 2012-05-28 01:17:17 -------- d-----w- C:\Users\atomich\AppData\Local\{74E47E8F-9901-4FD0-871F-470689633B49} 2012-05-27 13:17:05 -------- d-----w- C:\Users\atomich\AppData\Local\{E94AF365-0043-4451-A464-DD28E3EF99FC} 2012-05-27 13:16:54 -------- d-----w- C:\Users\atomich\AppData\Local\{F7C11C98-C0F7-4B2D-A040-4C1DF4FE2D4E} 2012-05-27 01:16:42 -------- d-----w- C:\Users\atomich\AppData\Local\{A020F46F-8925-4EF2-83F0-8C33F5589758} 2012-05-27 01:16:31 -------- d-----w- C:\Users\atomich\AppData\Local\{18D825FE-D348-4196-804D-CECC6FC20113} 2012-05-26 13:16:20 -------- d-----w- C:\Users\atomich\AppData\Local\{CB19C00A-2A62-4F1B-9589-23A8143BCCC1} 2012-05-26 13:16:08 -------- d-----w- C:\Users\atomich\AppData\Local\{BD71405D-2AEF-4FC8-996A-D160FB9AAE45} 2012-05-26 01:15:57 -------- d-----w- C:\Users\atomich\AppData\Local\{5D6979DC-E341-43D9-BB61-7D1AEE723D2F} 2012-05-26 01:15:46 -------- d-----w- C:\Users\atomich\AppData\Local\{454680BA-D71F-409F-852C-12C075B8965F} 2012-05-25 13:15:34 -------- d-----w- C:\Users\atomich\AppData\Local\{DB7ABAE0-2E49-4C56-86C1-74EB683FAF9B} 2012-05-25 13:15:22 -------- d-----w- C:\Users\atomich\AppData\Local\{72F8AF1D-6394-4A5C-A5D2-3B9B24310EC9} 2012-05-25 01:15:10 -------- d-----w- C:\Users\atomich\AppData\Local\{4864A5F9-4213-47AD-B4AB-109B803B4F04} 2012-05-25 01:14:59 -------- d-----w- C:\Users\atomich\AppData\Local\{5C5F9BC4-D647-498A-84B9-06C91524C040} 2012-05-24 13:14:34 -------- d-----w- C:\Users\atomich\AppData\Local\{E5F313D0-9AB8-4E09-BC69-75FE0C552779} 2012-05-24 13:14:23 -------- d-----w- C:\Users\atomich\AppData\Local\{99EDDCE8-06C3-49B3-97DF-2C1AAEBEAB14} 2012-05-23 15:39:36 60 ----a-w- C:\Windows\wpd99.drv 2012-05-23 15:39:36 -------- d-----w- C:\ProgramData\pdf995 2012-05-23 15:39:35 40448 ----a-w- C:\Windows\System32\pdf995mon64.dll 2012-05-23 15:39:34 2266624 ----a-w- C:\Windows\System32\pdfmona64.dll 2012-05-23 15:39:33 40448 ----a-w- C:\Windows\SysWow64\pdf995mon64.dll 2012-05-23 15:39:33 11264 ----a-w- C:\Windows\System32\pdf995mon64ui.dll 2012-05-23 15:39:33 -------- d-----w- C:\Program Files (x86)\pdf995 2012-05-23 13:02:06 -------- d-----w- C:\Users\atomich\AppData\Local\{27E614BD-07DA-438B-BCCF-007EEBEC754C} 2012-05-23 13:01:55 -------- d-----w- C:\Users\atomich\AppData\Local\{CC615BA8-8A23-4DEF-B7B1-D34C24B3A57D} 2012-05-23 12:16:08 302 ----a-w- C:\FixitRegBackup.reg 2012-05-23 12:01:47 -------- d-----w- C:\WINSSLog 2012-05-23 07:04:49 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll 2012-05-22 21:47:02 -------- d-----w- C:\Users\atomich\AppData\Local\{600CCA79-B468-4D3E-938D-E4CE94F48DD2} 2012-05-22 19:49:26 -------- d-----w- C:\Users\atomich\AppData\Local\visi_coupon 2012-05-22 18:05:53 -------- d-----w- C:\Users\atomich\AppData\Roaming\Wave Systems Corp 2012-05-22 17:24:37 1544704 ----a-w- C:\Windows\System32\DWrite.dll 2012-05-22 17:24:37 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll 2012-05-22 17:24:36 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-22 17:24:36 3146240 ----a-w- C:\Windows\System32\win32k.sys 2012-05-22 17:24:35 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-22 17:24:35 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-05-22 17:23:39 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys 2012-05-22 17:23:18 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-05-22 17:23:17 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll 2012-05-22 17:23:17 1732096 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL 2012-05-22 17:23:17 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll 2012-05-22 17:23:17 1393664 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll 2012-05-22 17:23:17 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll 2012-05-22 16:33:25 476960 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-05-22 15:24:55 44512 --sh--w- C:\Users\atomich\AppData\Local\dplayx.dll 2012-05-22 14:40:39 -------- d-----w- C:\Users\atomich\AppData\Local\{DD54B203-DDA5-47EB-B0AD-B8252C1490C0} 2012-05-22 14:40:26 -------- d-----w- C:\Users\atomich\AppData\Local\{0047AFED-3F20-4E20-9F6F-A909EBB5D1EE} 2012-05-22 13:15:06 -------- d-----w- C:\Users\atomich\AppData\Local\{4FACEE47-5D2E-4B3F-9375-9EFEC517DB84} 2012-05-22 13:14:53 -------- d-----w- C:\Users\atomich\AppData\Local\{6B597B5A-F27E-4923-B9AF-6FD87B171320} 2012-05-22 11:55:41 -------- d--h--w- C:\Users\atomich\AppData\Local\{DB21329D-3BAA-4AD8-96DE-307B0F89634A} 2012-05-22 11:55:29 -------- d--h--w- C:\Users\atomich\AppData\Local\{55802D52-D2BD-4434-B2DB-F0A3F28D6B50} 2012-05-21 11:34:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{B77FEBBB-E0A2-4F0C-93EC-E57C885CBB3C} 2012-05-21 11:34:18 -------- d--h--w- C:\Users\atomich\AppData\Local\{3CFB2AC3-40E3-4539-BF90-C5D6599BDF1F} 2012-05-20 13:01:04 -------- d--h--w- C:\Users\atomich\AppData\Local\{98A67A66-5B90-4613-8622-81DF70392D40} 2012-05-20 13:00:54 -------- d--h--w- C:\Users\atomich\AppData\Local\{E615AFA4-0F7F-4C97-B553-D4C3169EC115} 2012-05-20 01:00:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{15293925-C1AE-42EA-98B8-3329EB509CFB} 2012-05-20 01:00:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{B2D9921D-DABF-421D-BB31-31ED0748870A} 2012-05-19 13:00:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{9680682B-15E7-471C-BEDE-1F8E7B36B220} 2012-05-19 13:00:11 -------- d--h--w- C:\Users\atomich\AppData\Local\{6DF65478-DF7C-4369-9664-F19FFD164462} 2012-05-19 01:00:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{CB8AD48A-F159-4139-9D85-DA48900905B2} 2012-05-19 00:59:49 -------- d--h--w- C:\Users\atomich\AppData\Local\{2B4371E3-F320-466B-9607-826A06B89687} 2012-05-18 12:59:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{4E4A9A34-B2C8-464F-A963-B067CD7672DF} 2012-05-18 12:59:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{2867F382-5CC0-4C37-A0A9-A8399276CD41} 2012-05-18 00:59:17 -------- d--h--w- C:\Users\atomich\AppData\Local\{F1989641-2E56-4C55-AC39-7C84106E57C1} 2012-05-18 00:59:06 -------- d--h--w- C:\Users\atomich\AppData\Local\{055522F9-10E3-440F-B70B-61BB02095DE8} 2012-05-17 12:58:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{F97E0D70-675E-4989-B726-94D4A732AFBD} 2012-05-17 12:58:33 -------- d--h--w- C:\Users\atomich\AppData\Local\{50F78136-AC0B-496C-8D7E-EC8AF596DE71} 2012-05-17 00:58:22 -------- d--h--w- C:\Users\atomich\AppData\Local\{E88EA9B2-8329-4790-BE06-3F204B18C141} 2012-05-17 00:58:11 -------- d--h--w- C:\Users\atomich\AppData\Local\{9CAC3CB7-1056-4957-9484-91A773616FF5} 2012-05-16 12:58:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{75659738-78B5-4D69-884B-E9777707D238} 2012-05-16 12:57:50 -------- d--h--w- C:\Users\atomich\AppData\Local\{9996D177-0448-4898-9119-F4E8384A744C} 2012-05-16 00:57:39 -------- d--h--w- C:\Users\atomich\AppData\Local\{468ACFFE-F2ED-4F61-8FFD-F722CDFFECAF} 2012-05-16 00:57:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{A1AE6530-A277-4E57-8CFC-0D7815CE9C2A} 2012-05-15 12:57:05 -------- d--h--w- C:\Users\atomich\AppData\Local\{71E823E9-F875-408C-8024-1B40E53F4E03} 2012-05-15 12:56:55 -------- d--h--w- C:\Users\atomich\AppData\Local\{16459C61-E581-4171-9FB1-FBA47AEB56FF} 2012-05-15 00:56:45 -------- d--h--w- C:\Users\atomich\AppData\Local\{0BD3D18E-06C1-438A-A435-7D8B3E0674F3} 2012-05-15 00:56:34 -------- d--h--w- C:\Users\atomich\AppData\Local\{EB21A7CA-4E02-4D7F-8B28-9F542B4B094C} 2012-05-14 12:56:23 -------- d--h--w- C:\Users\atomich\AppData\Local\{E697CDEE-03B9-433D-8CBB-513DF91E6993} 2012-05-14 12:56:13 -------- d--h--w- C:\Users\atomich\AppData\Local\{2E07DB5E-6CF7-42A7-8C89-07543628B1F9} 2012-05-14 00:56:02 -------- d--h--w- C:\Users\atomich\AppData\Local\{D808014E-1E25-4761-A771-D44239703703} 2012-05-14 00:55:52 -------- d--h--w- C:\Users\atomich\AppData\Local\{F497F356-A5B0-4E26-B1DF-8D2075A68FA1} 2012-05-13 12:55:41 -------- d--h--w- C:\Users\atomich\AppData\Local\{C5BD2D5B-62CD-4D37-A757-A8116B83CA56} 2012-05-13 12:55:30 -------- d--h--w- C:\Users\atomich\AppData\Local\{E5A57C5F-0284-47C1-AB9B-D1BCCB19864F} 2012-05-13 00:55:19 -------- d--h--w- C:\Users\atomich\AppData\Local\{CA08DE2F-8A4C-43E5-B4DF-B5ACF948F2E0} 2012-05-13 00:55:08 -------- d--h--w- C:\Users\atomich\AppData\Local\{0844FE21-CBD7-4A52-9B97-034D7832FA50} 2012-05-12 12:54:57 -------- d--h--w- C:\Users\atomich\AppData\Local\{4B25DB40-590F-41CD-B0C5-B6E88F0D9D82} 2012-05-12 12:54:47 -------- d--h--w- C:\Users\atomich\AppData\Local\{37746B28-A90B-4D27-B107-9524578735E5} 2012-05-12 00:54:36 -------- d--h--w- C:\Users\atomich\AppData\Local\{5B27CD1E-FA8B-4CE2-9BD0-3B82740894AF} 2012-05-12 00:54:25 -------- d--h--w- C:\Users\atomich\AppData\Local\{2988962E-4C26-436B-9568-C17D75D2AC37} 2012-05-11 12:54:15 -------- d--h--w- C:\Users\atomich\AppData\Local\{E74BF01E-4C1D-44FD-A028-037CBDCF47D8} 2012-05-11 12:54:04 -------- d--h--w- C:\Users\atomich\AppData\Local\{1E480EBA-16F8-49BC-AA6A-BBE591AF1D5D} 2012-05-11 00:53:53 -------- d--h--w- C:\Users\atomich\AppData\Local\{6C35B746-9D93-4355-97C2-E161DE6BD656} 2012-05-11 00:53:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{168AC37B-194B-415C-9935-81F1DF659AC4} 2012-05-10 12:53:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{BB69F68D-60BF-410C-9E4C-D6240F26F9ED} 2012-05-10 12:53:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{48607EC4-4253-49CF-B7C2-2388457F321C} 2012-05-10 00:53:10 -------- d--h--w- C:\Users\atomich\AppData\Local\{FBFE3FD5-744E-422E-A35C-558EBFA64408} 2012-05-10 00:52:59 -------- d--h--w- C:\Users\atomich\AppData\Local\{F9E2E2B7-B76A-4B28-95FF-35F1DDE4DA65} 2012-05-09 12:52:48 -------- d--h--w- C:\Users\atomich\AppData\Local\{B08A566C-2118-47BF-B5DF-2BC99BFC6B1F} 2012-05-09 12:52:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{85E1C584-FA91-4036-8B5D-6E594ADD7B6D} 2012-05-08 21:51:27 -------- d--h--w- C:\Users\atomich\AppData\Local\{EAC5BD73-C263-4CEA-AF2A-63BBCB60911B} 2012-05-08 21:51:16 -------- d--h--w- C:\Users\atomich\AppData\Local\{33C37786-F8F9-4E08-BC6D-BEB33789519D} 2012-05-08 09:51:05 -------- d--h--w- C:\Users\atomich\AppData\Local\{1F059A67-9541-4099-AC8F-BE686D4F0735} 2012-05-08 09:50:53 -------- d--h--w- C:\Users\atomich\AppData\Local\{A8C688DA-9A0F-4766-BEAD-EE31EAF28729} 2012-05-07 21:50:43 -------- d--h--w- C:\Users\atomich\AppData\Local\{130ECCC6-1EB3-4DEB-8566-55D99449EE2F} 2012-05-07 21:50:32 -------- d--h--w- C:\Users\atomich\AppData\Local\{9B5B4D8C-2BF2-43DE-AFCF-6C8EA1718EAD} 2012-05-07 09:50:21 -------- d--h--w- C:\Users\atomich\AppData\Local\{CE980545-BC57-4915-B691-ADF366D2022F} 2012-05-07 09:50:10 -------- d--h--w- C:\Users\atomich\AppData\Local\{9C8DEAFF-A1D7-44E4-B3D3-6FCB54911A8A} 2012-05-06 21:50:00 -------- d--h--w- C:\Users\atomich\AppData\Local\{1DE864B4-6082-4023-85CD-116825E5A4C4} 2012-05-06 21:49:49 -------- d--h--w- C:\Users\atomich\AppData\Local\{38F85E1E-741A-49CD-A2D4-763D6CEBBC26} 2012-05-06 09:49:38 -------- d--h--w- C:\Users\atomich\AppData\Local\{9759D793-6447-4BC6-BABF-0CCFEE970BEB} 2012-05-06 09:49:28 -------- d--h--w- C:\Users\atomich\AppData\Local\{5E0F23F3-EC9F-42BC-BFD3-7A31D45FBBF7} 2012-05-05 21:49:17 -------- d--h--w- C:\Users\atomich\AppData\Local\{2BA24113-E378-4D37-9742-0DC06CF21F48} 2012-05-05 21:49:07 -------- d--h--w- C:\Users\atomich\AppData\Local\{5C6F28BF-2720-47BC-A9F2-126619A8E508} . ==================== Find3M ==================== . 2012-05-30 16:22:22 70304 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-05-30 16:22:22 419488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-05-23 19:54:31 111 ----a-w- C:\Windows\gzcdweb.bat 2012-05-23 16:45:38 133944 ----a-w- C:\Windows\SysWow64\atashost.exe 2012-05-23 14:44:37 215864 ----a-w- C:\Windows\SysWow64\atsckernel.exe 2012-05-22 16:33:08 472864 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-05-22 15:53:38 8744608 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2012-03-08 22:50:28 49016 ----a-w- C:\Windows\SysWow64\sirenacm.dll . ============= FINISH: 11:21:47.03 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.