Jump to content

atomz4peace

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

Reputation

0 Neutral
  1. atomz4peace
    Thank you MrC, you were a great help!
  2. atomz4peace
    They are folders with a bunch of entries like below. Some are signed and some or not. I uploaded a few of them to virustotal and some were clean, https://www.virustotal.com/file/8e758e1f23c5a3d52967fe0a7e80592482932db9dcceaa2ca6f5416872ab41b8/analysis/1342538605/ a couple showed one hit out of 42 like this one: https://www.virustotal.com/file/85f4ba559c8e4e8a0dcdb6c86d5d7740797b9f6e0a06b8735c5f163964e7b906/analysis/ Interestingly, MBAM quick scan now shows clean. Do you think it really was an infection somewhere or just a random result? Thanks! $ ls -l total 1572 -rwx------+ 1 Administrators Domain Users 26311 Jul 2 23:47 WiseCustomCall.dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla.dl l -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla18. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla21. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla22. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla23. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla24. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla25. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla26. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla27. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla33. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla35. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla36. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla37. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla38. dll -rwx------+ 1 Administrators Domain Users 29488 Jul 2 23:47 WiseCustomCalla39. dll -rwx------+ 1 Administrators Domain Users 111476 Jul 2 23:47 WiseCustomCalla41. dll -rwx------+ 1 Administrators Domain Users 111269 Jul 2 23:47 WiseCustomCalla42. dll -rwx------+ 1 Administrators Domain Users 111260 Jul 2 23:47 WiseCustomCalla43. dll -rwx------+ 1 Administrators Domain Users 110500 Jul 2 23:47 WiseCustomCalla44. dll -rwx------+ 1 Administrators Domain Users 110797 Jul 2 23:47 WiseCustomCalla46. dll -rwx------+ 1 Administrators Domain Users 110936 Jul 2 23:47 WiseCustomCalla47. dll -rwx------+ 1 Administrators Domain Users 116956 Jul 2 23:47 WiseCustomCalla48. dll -rwx------+ 1 Administrators Domain Users 110799 Jul 2 23:47 WiseCustomCalla49. dll -rwx------+ 1 Administrators Domain Users 125719 Jul 2 23:47 WiseCustomCalla50. dll -rwx------+ 1 Administrators Domain Users 45056 Jul 2 23:47 WiseCustomCalla51. dll
  3. atomz4peace
    Combofix file attached here. Not sure what to make of it... ComboFix.txt
  4. atomz4peace
    Thanks MrC, TDS also shows little and the logfile is included below. I appreciate your help in looking into things! TDSSKiller.2.7.45.0_15.07.2012_10.43.31_log.txt
  5. atomz4peace
    Thank MrC, I updated and ran MBAM and got the same answer, c:\system volume information\iexplore.exe (Trojan.Agent) -> Delete on reboot. Clicked to fix, said had to reboot to fix just like before. Then ran roguekiller and got the report below. Any ideas if that's a real item in sysvolinf? Thank you! ------------------------------------------ Malwarebytes Anti-Malware (Trial) 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.15.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 user:: HOST [administrator] Protection: Disabled 7/15/2012 9:58:28 AM mbam-log-2012-07-15 (09-58-28).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 240744 Time elapsed: 6 minute(s), 14 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 c:\system volume information\iexplore.exe (Trojan.Agent) -> Delete on reboot. (end) ------------------------------- RogueKiller V7.6.3 [07/08/2012] by Tigzy mail: tigzyRK<at>gmail<dot>com Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/ Blog: http://tigzyrk.blogspot.com Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User: user[Admin rights] Mode: Scan -- Date: 07/15/2012 10:12:41 ¤¤¤ Bad processes: 0 ¤¤¤ ¤¤¤ Registry Entries: 6 ¤¤¤ [ROGUE ST] HKLM\[...]\Wow6432Node\RunOnce : 1 (C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p) -> FOUND [bLACKLIST DLL] HKLM\[...]\Wow6432Node\RunOnce : Malwarebytes Anti-Malware (cleanup) (rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript) -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (127.0.0.1:8008) -> FOUND [HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver: [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ 127.0.0.1 localhost ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: OCZ-VERTEX2 +++++ --- User --- [MBR] 8a45abda90766fc737f27abce43c70e3 [bSP] 92547877cd8631050d5f3799c87def38 : Windows 7 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 228834 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1].txt >> RKreport[1].txt
  6. atomz4peace
    I ran mbam scan and it said: c:\system volume information\iexplore.exe (Trojan.Agent) -> Delete on reboot. I check the box and reboot, but it did not get removed and shows up again. Does anyone know if this is a real alert and what to do about it? Thanks! . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by user at 10:39:40 on 2012-07-13 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8122.5136 [GMT -7:00] . AV: Kaspersky PURE *Enabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Kaspersky PURE *Enabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB} FW: Kaspersky PURE *Enabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\ibmpmsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe C:\PROGRA~2\MICROS~1\MSSQL\binn\sqlservr.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\UI0Detect.exe C:\Windows\SysWOW64\vmnat.exe C:\Windows\system32\vssvc.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe C:\Windows\SysWOW64\vmnetdhcp.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\alg.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe C:\Program Files\Lenovo\Zoom\TpScrex.exe C:\Windows\System32\rundll32.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Lenovo\VIRTSCRL\virtscrl.exe C:\Program Files\TortoiseSVN\bin\TSVNCache.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\TrueCrypt\TrueCrypt.exe C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mstart.exe C:\Program Files (x86)\GFI\GFI Backup 2009 - Home Edition\GFIAgent.exe C:\Program Files (x86)\Grindstone 2\Grindstone 2.exe C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe C:\Program Files (x86)\SugarSync\SugarSyncManager.exe C:\Program Files (x86)\Digital Line Detect\DLG.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mcomm.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mlauncher.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPcbt64.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Lenovo\System Update\SUService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Program Files (x86)\SSH Communications Security\SSH Secure Shell\SshClient.exe C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE C:\Windows\system32\taskmgr.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uLocal Page = uSearch Page = uSearch Bar = uInternet Settings,ProxyServer = 127.0.0.1:8008 mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO: {89867A4A-BDEE-4259-964A-B8E87C4892F3} - No File BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {EF91116F-DE92-4286-9087-093085152182} - No File uRun: [TrueCrypt] "C:\Program Files\TrueCrypt\TrueCrypt.exe" /q preferences /a logon /a favorites uRun: [GoToMeeting] "C:\Program Files (x86)\Citrix\GoToMeeting\978\g2mstart.exe" "/Trigger RunAtLogon" uRun: [Adobe Reader Synchronizer] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AdobeCollabSync.exe" uRun: [GFI Backup 2009 - Home Edition] "C:\PROGRA~2\GFI\GFIBAC~1\GFIAgent.exe" uRun: [Grindstone 2] "C:\Program Files (x86)\Grindstone 2\Grindstone 2.exe" uRun: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [sugarSync] "C:\Program Files (x86)\SugarSync\SugarSyncManager.exe" -startInTray -usedelay=true mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" mRun: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun: [<NO NAME>] mRun: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\DIGITA~1.LNK - C:\Program Files (x86)\Digital Line Detect\DLG.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PGPTRA~1.LNK - C:\Windows\Installer\{4AF62A05-A1AB-4FE0-8E1F-8F63C2C59A60}\Icon6560581611.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SERVIC~1.LNK - C:\Program Files (x86)\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: SoftwareSASGeneration = 1 (0x1) IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll LSP: C:\Windows\system32\PGPlsp.dll Trusted Zone: internet Trusted Zone: intuit.com\ttlc Trusted Zone: localhost TCP: DhcpNameServer = 192.168.0.3 TCP: Interfaces\{2CCFB0CD-5876-4F2F-ADDA-E9824C56FC5D} : DhcpNameServer = 66.174.92.14 69.78.96.14 TCP: Interfaces\{3F0830EE-B028-4E2E-A545-6E322E3252F8} : DhcpNameServer = 66.174.92.14 69.78.96.14 TCP: Interfaces\{7D36D253-EC5C-4C21-9AD5-A4C0ACD88EAC} : DhcpNameServer = 66.174.92.14 69.78.96.14 TCP: Interfaces\{E92506A9-D196-4BFB-818B-C270DBA99C9C} : DhcpNameServer = 10.48.9.21 TCP: Interfaces\{F20FD684-61D7-4368-BD9A-FFF1E1CD6830} : DhcpNameServer = 192.168.0.3 TCP: Interfaces\{F20FD684-61D7-4368-BD9A-FFF1E1CD6830}\6494255464C495D27657563747 : DhcpNameServer = 75.75.75.75 75.75.76.76 TCP: Interfaces\{F20FD684-61D7-4368-BD9A-FFF1E1CD6830}\77966696F5271696C6 : DhcpNameServer = 208.67.222.222 208.67.220.220 TCP: Interfaces\{F20FD684-61D7-4368-BD9A-FFF1E1CD6830}\B47463E43494 : DhcpNameServer = 66.76.175.70 208.180.42.100 TCP: Interfaces\{F20FD684-61D7-4368-BD9A-FFF1E1CD6830}\C696E6B6379737 : DhcpNameServer = 66.76.175.70 208.180.42.100 Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll AppInit_DLLs: PGPmapih.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll LSA: Notification Packages = scecli PGPpwflt BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\ievkbd.dll BHO-X64: IEVkbdBHO - No File BHO-X64: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No File BHO-X64: {89867A4A-BDEE-4259-964A-B8E87C4892F3} - No File BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll BHO-X64: link filter bho - No File BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {EF91116F-DE92-4286-9087-093085152182} - No File mRun-x64: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun-x64: [AdobeCS4ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [tvncontrol] "C:\Program Files (x86)\TightVNC\tvnserver.exe" -controlservice -slave mRun-x64: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe" mRun-x64: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" mRun-x64: [(Default)] mRun-x64: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" mRun-x64: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRunOnce-x64: [1] C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\mbam-chameleon.exe /r /p IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\ThinkPad\Bluetooth Software\btsendto_ie.htm AppInit_DLLs-X64: PGPmapih.dll, C:\PROGRA~2\KASPER~1\KASPER~1\mzvkbd3.dll, C:\PROGRA~2\KASPER~1\KASPER~1\sbhook.dll acaptuser32.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\2gibju6e.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig FF - prefs.js: network.proxy.ftp - localhost FF - prefs.js: network.proxy.ftp_port - 8080 FF - prefs.js: network.proxy.http - localhost FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.socks - localhost FF - prefs.js: network.proxy.socks_port - 8080 FF - prefs.js: network.proxy.ssl - localhost FF - prefs.js: network.proxy.ssl_port - 8080 FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npatgpc.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Users\user\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll FF - plugin: C:\Users\user\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 CSCrySec;InfoWatch Encrypt Sector Library driver;C:\Windows\system32\DRIVERS\CSCrySec.sys --> C:\Windows\system32\DRIVERS\CSCrySec.sys [?] R0 KLBG;Kaspersky Lab Boot Guard Driver;C:\Windows\system32\DRIVERS\klbg.sys --> C:\Windows\system32\DRIVERS\klbg.sys [?] R0 pgpfs;PGP File Sharing;C:\Windows\system32\Drivers\PGPfsfd.sys --> C:\Windows\system32\Drivers\PGPfsfd.sys [?] R0 Pgpwdefs;Pgpwdefs;C:\Windows\system32\DRIVERS\Pgpwdefs.sys --> C:\Windows\system32\DRIVERS\Pgpwdefs.sys [?] R1 CSVirtualDiskDrv;InfoWatch Virtual Disk driver;C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys --> C:\Windows\system32\DRIVERS\CSVirtualDiskDrv.sys [?] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys --> C:\Windows\system32\DRIVERS\klim6.sys [?] R1 lenovo.smi;Lenovo System Interface Driver;C:\Windows\system32\DRIVERS\smiifx64.sys --> C:\Windows\system32\DRIVERS\smiifx64.sys [?] R1 RsFx0151;RsFx0151 Driver;C:\Windows\system32\DRIVERS\RsFx0151.sys --> C:\Windows\system32\DRIVERS\RsFx0151.sys [?] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2011-10-19 661504] R2 AVP;Kaspersky PURE;C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe [2010-10-1 348760] R2 BTHSSecurityMgr;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Security Service;C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2011-10-20 135440] R2 CSObjectsSrv;CryptoStorage control service;C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [2009-12-21 743992] R2 GFIBckHAtt;GFI Backup 2009 - Home Edition Attendant Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHInst.exe [2011-10-22 440616] R2 GFIBckHSched;GFI Backup 2009 - Home Edition Scheduler Service;C:\PROGRA~2\GFI\GFIBAC~1\GFIHSC~1.EXE [2011-10-22 2324848] R2 HsfXAudioService;HsfXAudioService;C:\Windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992] R2 LENOVO.CAMMUTE;Lenovo Camera Mute;C:\Program Files\Lenovo\Communications Utility\CamMute.exe [2011-9-27 50536] R2 LGE NDIS Connection Service;LGE NDIS Connection Service;C:\Program Files (x86)\LG Electronics\LGE LTE Driver\LGVL600SVC.exe [2010-12-13 140224] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-7-13 655944] R2 MsDtsServer100;SQL Server Integration Services 10.0;C:\Program Files\Microsoft SQL Server\100\DTS\Binn\MsDtsSrvr.exe [2011-6-17 210784] R2 MSSQL$SQL2008;SQL Server (SQL2008);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072] R2 PGP RDD Service;PGP RDD Service;C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [2011-9-19 1588456] R2 TPHKLOAD;Lenovo Hotkey Client Loader;C:\Program Files\Lenovo\HOTKEY\tphkload.exe [2011-11-25 145256] R2 TPHKSVC;On Screen Display;C:\Program Files\Lenovo\HOTKEY\TPHKSVC.exe [2011-11-25 142696] R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Virtual Adapter;C:\Windows\system32\DRIVERS\AMPPAL.sys --> C:\Windows\system32\DRIVERS\AMPPAL.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?] R3 CAXHWAZL;CAXHWAZL;C:\Windows\system32\DRIVERS\CAXHWAZL.sys --> C:\Windows\system32\DRIVERS\CAXHWAZL.sys [?] R3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\system32\DRIVERS\e1y62x64.sys --> C:\Windows\system32\DRIVERS\e1y62x64.sys [?] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys --> C:\Windows\system32\DRIVERS\klmouflt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 NETwNs64;___ Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?] S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\system32\Drivers\uim_vimx64.sys --> C:\Windows\system32\Drivers\uim_vimx64.sys [?] S2 BotkindSyncService;Botkind Service;C:\Program Files\Allway Sync\Bin\SyncService.exe service --> C:\Program Files\Allway Sync\Bin\SyncService.exe service [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-8-25 13672] S2 LENOVO.MICMUTE;Lenovo Microphone Mute;C:\Program Files\Lenovo\HOTKEY\micmute.exe [2011-11-25 101736] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-17 250056] S3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] S3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protocol;C:\Windows\system32\DRIVERS\amppal.sys --> C:\Windows\system32\DRIVERS\amppal.sys [?] S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-10-2 1038088] S3 LGELTEBus;LGE Composite Device;C:\Windows\system32\DRIVERS\LGELTEBus.sys --> C:\Windows\system32\DRIVERS\LGELTEBus.sys [?] S3 LGELTEmdm;LGE LTE USB Device for Modem Communication;C:\Windows\system32\DRIVERS\LGELTEmdm.sys --> C:\Windows\system32\DRIVERS\LGELTEmdm.sys [?] S3 LGELTEMux;LGE LTE Mux Enumerator ;C:\Windows\system32\DRIVERS\LGELTEMux.sys --> C:\Windows\system32\DRIVERS\LGELTEMux.sys [?] S3 LGELTENdis;LGE USB NDIS Miniport Ethernet Adapter Service;C:\Windows\system32\DRIVERS\LGELTENdis.sys --> C:\Windows\system32\DRIVERS\LGELTENdis.sys [?] S3 LGELTEprt;LGE USB Device for Serial Communication;C:\Windows\system32\DRIVERS\LGELTEprt.sys --> C:\Windows\system32\DRIVERS\LGELTEprt.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-7 113120] S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\system32\DRIVERS\netw5v64.sys --> C:\Windows\system32\DRIVERS\netw5v64.sys [?] S3 SQLAgent$SQL2008;SQL Server Agent (SQL2008);C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQL2008\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\system32\DRIVERS\VSTAZL6.SYS --> C:\Windows\system32\DRIVERS\VSTAZL6.SYS [?] S3 SrvHsfV92;SrvHsfV92;C:\Windows\system32\DRIVERS\VSTDPV6.SYS --> C:\Windows\system32\DRIVERS\VSTDPV6.SYS [?] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\system32\DRIVERS\VSTCNXT6.SYS --> C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [?] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 tvnserver;TightVNC Server;C:\Program Files (x86)\TightVNC\tvnserver.exe [2011-8-3 828944] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744] . =============== Created Last 30 ================ . 2012-07-13 16:11:39 -------- d-----w- C:\Users\user\AppData\Roaming\Malwarebytes 2012-07-13 16:11:27 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-13 16:11:26 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-07-13 16:11:25 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-13 07:06:45 9013136 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{64E9F20F-969B-4193-BA72-35EC69D79A69}\mpengine.dll 2012-07-12 17:52:16 -------- d-----w- C:\Users\user\AppData\Roaming\AV Burning Pro 2012-07-12 17:51:59 -------- d-----w- C:\Program Files (x86)\AV Burning Pro 2012-07-11 15:22:53 -------- d-----w- C:\Users\user\AppData\Roaming\pdfforge 2012-07-11 15:22:48 95744 ----a-w- C:\Windows\System32\pdfcmon.dll 2012-07-11 15:22:48 137000 ----a-w- C:\Windows\SysWow64\MSMAPI32.OCX 2012-07-11 15:22:46 23552 ----a-w- C:\Windows\SysWow64\MSMPIDE.DLL 2012-07-11 15:22:44 -------- d-----w- C:\Program Files (x86)\PDFCreator 2012-07-10 19:43:18 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-10 17:32:39 -------- d-----w- C:\accessauditorsvo - Copy 2012-07-03 21:43:14 -------- d-----w- C:\Users\user\AppData\Roaming\PictureMover 2012-07-03 21:42:18 -------- d-----w- C:\ProgramData\PictureMover 2012-07-03 21:42:18 -------- d-----w- C:\Program Files (x86)\PictureMover 2012-07-03 06:47:54 -------- d-----w- C:\Windows\1CE60928832549A88B06633E48DD2B67.TMP 2012-07-03 06:47:05 -------- d-----w- C:\Users\user\1CE60928832549A88B06633E48DD2B67.TMP 2012-07-01 18:17:38 -------- d-----w- C:\Users\user\AppData\Roaming\MySQL 2012-07-01 18:17:19 -------- d-----w- C:\Program Files (x86)\MySQL 2012-06-23 03:30:28 -------- d-----w- C:\Program Files\iTunes 2012-06-23 03:30:28 -------- d-----w- C:\Program Files\iPod 2012-06-23 03:30:28 -------- d-----w- C:\Program Files (x86)\iTunes 2012-06-22 23:55:11 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-22 23:55:00 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-22 23:54:44 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-22 23:54:44 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-18 02:49:35 -------- d-----w- C:\Users\user\AppData\Local\Research In Motion 2012-06-18 02:43:29 44032 ----a-w- C:\Windows\System32\drivers\RimSerial_AMD64.sys 2012-06-18 02:43:07 -------- d-----w- C:\Program Files (x86)\Common Files\XCPCSync.OEM 2012-06-17 20:27:00 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll 2012-06-17 20:27:00 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll 2012-06-17 20:26:37 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-06-17 20:26:37 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe . ==================== Find3M ==================== . 2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll 2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-04-28 03:55:21 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys 2012-04-26 05:41:56 77312 ----a-w- C:\Windows\System32\rdpwsx.dll 2012-04-26 05:41:55 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll 2012-04-26 05:34:27 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe 2012-04-24 05:37:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-04-24 05:37:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-04-24 05:37:36 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-04-24 04:36:42 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-04-24 04:36:42 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-04-24 04:36:42 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-04-20 03:45:41 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2012-04-20 03:16:44 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-04-19 03:56:30 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2012-04-19 03:56:30 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts . ============= FINISH: 10:42:02.65 =============== Attach.txt DDS.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.