Jump to content

Kubrick101

Members
  • Posts

    1
  • Joined

  • Last visited

Reputation

0 Neutral
  1. A friend was trying to watch a movie on my computer and downloaded Codec V not realizing that it was a Trojan. I did a Malwarebytes scan and deleted the malicious items. As of then, I haven't experienced any difficulties, other than slowness (but not necessarily slower than normal). I have pasted the Malwarebytes log in addition to the other logs. Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.12.01 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Evan :: EVAN-PC [administrator] 12/08/2012 12:41:02 AM mbam-log-2012-08-12 (00-41-02).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 204066 Time elapsed: 10 minute(s), 22 second(s) Memory Processes Detected: 1 C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> 6604 -> Delete on reboot. Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Codec (Trojan.Dropper) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\ProgramData\Codec\Codec.exe (Trojan.Dropper) -> Delete on reboot. C:\Users\Evan\Local Settings\Temporary Internet Files\Content.IE5\MCRTNFVS\updater[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully. (end) ______________________________________________________________________________________________________________________________________________________________ DDS.txt DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.0 Run by Evan at 1:16:12 on 2012-08-12 Microsoft® Windows Vista™ Ultimate 6.0.6002.2.1252.2.1033.18.3066.1855 [GMT -3:00] . AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {3D54B793-665E-3129-9103-206115370C8A} FW: McAfee Firewall *Enabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k rpcss C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\Dell\DellDock\DockLogin.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\WLTRYSVC.EXE C:\Windows\System32\bcmwltry.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\atieclxx.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe C:\Program Files\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k hpdevmgmt C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files\Nitro PDF\Reader 2\NitroPDFReaderDriverService2.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Microsoft\BingBar\SeaPort.EXE C:\Program Files\Secunia\PSI\PSIA.exe C:\Program Files\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\taskeng.exe C:\Program Files\Secunia\PSI\sua.exe C:\Windows\system32\taskeng.exe C:\Program Files\Dell\DellDock\DellDock.exe C:\Windows\system32\conime.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\WLTRAY.EXE C:\Program Files\Sensible Vision\Fast Access\FATrayMon.exe C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\HP\HP Software Update\hpwuSchd2.exe C:\Program Files\IDT\WDM\sttray.exe C:\Program Files\McAfee.com\Agent\mcagent.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\DivX\DivX Update\DivXUpdate.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Secunia\PSI\psi_tray.exe C:\Program Files\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\mobsync.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uSearch Bar = hxxp://www.google.com uStart Page = hxxp://isearch.avg.com/?cid={FA11E35F-50EE-4C4A-9752-31F8E682B394}&mid=e6ffcf62f1cd47d09629d16b19512a9d-5832330ce5a5246a794cc753c9f312e5aed5d2cf〈=en&ds=qw011&pr=sa&d=2012-06-26 14:46:36&v=11.1.0.12&sap=hp mSearch Bar = hxxp://www.google.com uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20120626184752.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - c:\program files\windows live\companion\companioncore.dll BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - c:\program files\sensible vision\fast access\FAIESSO.dll BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll" BHO: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll TB: AnchorFree Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll" {e7df6bff-55a5-4eb7-a673-4ed3e9456d39} uRun: [sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background uRun: [Download] c:\mediaholder\MediaHolder.exe uRun: [Google Update] "c:\users\evan\appdata\local\google\update\GoogleUpdate.exe" /c mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [FATrayAlert] c:\program files\sensible vision\fast access\FATrayMon.exe mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "c:\program files\dell webcam\dell webcam central\WebcamDell2.exe" /mode2 mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe mRun: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey mRun: [FAStartup] mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe" mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW StartupFolder: c:\users\evan\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\secuni~1.lnk - c:\program files\secunia\psi\psi_tray.exe StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{08b785c1-3893-4154-b53b-f5d341d0aaaa}\Icon3E5562ED7.ico mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\mi1933~1\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{BDD7B7A4-0FEA-4425-B0B6-5C689ED7F860} : DhcpNameServer = 192.168.1.1 Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~1\mcafee\msc\McSnIePl.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll Notify: FastAccess - c:\program files\sensible vision\fast access\FALogNot.dll Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll LSA: Notification Packages = scecli FAPassSync . ================= FIREFOX =================== . FF - ProfilePath - c:\users\evan\appdata\roaming\mozilla\firefox\profiles\cikcfdim.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - google.ca FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B8223d7df-a81b-4c21-9dc7-f307bd489bc2%7D&mid=e6ffcf62f1cd47d09629d16b19512a9d-5832330ce5a5246a794cc753c9f312e5aed5d2cf&ds=qw011&v=11.1.0.12〈=en&pr=sa&d=2012-06-26%2014%3A46%3A36&sap=ku&q= FF - prefs.js: network.proxy.http - 127.0.0.1 FF - prefs.js: network.proxy.http_port - 50370 FF - prefs.js: network.proxy.type - 0 FF - plugin: c:\progra~1\mcafee\msc\npMcSnFFPl.dll FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll FF - plugin: c:\program files\microsoft\office live\npOLW.dll FF - plugin: c:\program files\nitro pdf\reader 2\npdf.dll FF - plugin: c:\program files\nitro pdf\reader 2\npnitroie.dll FF - plugin: c:\program files\nitro pdf\reader 2\npnitromozilla.dll FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll FF - plugin: c:\users\evan\appdata\local\google\update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_3_300_270.dll FF - plugin: c:\windows\system32\npDeployJava1.dll FF - plugin: c:\windows\system32\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-8-24 464304] R1 mfenlfk;McAfee NDIS Light Filter;c:\windows\system32\drivers\mfenlfk.sys [2010-8-24 64912] R1 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [2010-8-24 169608] R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-1-3 63928] R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-8-13 81920] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-13 180224] R2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648] R2 FAService;FAService;c:\program files\sensible vision\fast access\FAService.exe [2008-9-5 2340096] R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504] R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904] R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904] R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-8-24 214904] R2 McShield;McAfee McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-8-24 166288] R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-8-24 161632] R2 mfevtp;McAfee Validation Trust Protection Service;c:\program files\common files\mcafee\systemcore\mfevtps.exe [2010-8-24 151880] R2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\nitro pdf\reader 2\NitroPDFReaderDriverService2.exe [2012-6-25 184848] R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\secunia\psi\psia.exe [2011-1-5 988216] R2 Secunia Update Agent;Secunia Update Agent;c:\program files\secunia\psi\sua.exe [2011-1-5 399416] R2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-8-13 658656] R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\drivers\btwl2cap.sys [2009-8-13 29736] R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-8-24 57600] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2009-8-13 144128] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-8-13 54784] R3 k57nd60x;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\k57nd60x.sys [2009-8-13 203264] R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2012-8-12 40776] R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-8-24 180848] R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-8-24 59456] R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-8-24 340920] R3 OA001Ufd;Creative Camera OA001 Upper Filter Driver;c:\windows\system32\drivers\OA001Ufd.sys [2009-8-13 133472] R3 OA001Vid;Creative Camera OA001 Function Driver;c:\windows\system32\drivers\OA001Vid.sys [2009-8-13 279488] R3 PSI;PSI;c:\windows\system32\drivers\psi_mf.sys [2010-9-1 15544] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-31 250056] S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560] S3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\drivers\facap.sys [2008-8-2 230912] S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-7-2 39272] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840] S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-8-24 87656] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040] . =============== Created Last 30 ================ . 2012-08-12 04:07:54 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2012-08-12 03:38:16 -------- d-----w- c:\programdata\Codec 2012-08-01 22:27:03 -------- d-----w- c:\users\evan\appdata\local\{60529DF5-A856-413E-A4BC-07CC4F619E6E} 2012-08-01 22:26:51 -------- d-----w- c:\users\evan\appdata\local\{A7F617D3-2BA2-458C-A516-06D31B8DB8CB} 2012-07-31 21:23:26 -------- d-----w- c:\users\evan\appdata\local\{31D0D9F7-077F-4D1E-93BA-50391F26CC1F} 2012-07-31 21:23:13 -------- d-----w- c:\users\evan\appdata\local\{6A70EED5-3F8F-4C4D-BAFD-7CB64E9CBB40} 2012-07-29 19:31:15 -------- d-----w- c:\users\evan\appdata\local\{F4C29857-3CFA-4F25-A997-EC512575F611} 2012-07-29 19:31:04 -------- d-----w- c:\users\evan\appdata\local\{88B2809C-869D-4D35-8BE3-6CCC99450021} 2012-07-29 00:25:24 -------- d-----w- c:\users\evan\appdata\local\{5788FCAD-FCB7-4CE3-884C-1BCF778321CC} 2012-07-29 00:25:13 -------- d-----w- c:\users\evan\appdata\local\{3F8D059B-CA8A-438F-9664-5456C8FD9104} 2012-07-27 20:43:24 -------- d-----w- c:\users\evan\appdata\local\{48D9760F-8F60-4BE1-ABDA-CEA85E407DD4} 2012-07-27 20:43:13 -------- d-----w- c:\users\evan\appdata\local\{69A92001-0054-4233-9AE3-7C8EE67210DC} 2012-07-26 20:20:26 -------- d-----w- c:\users\evan\appdata\local\{D572B553-5589-4FFB-BDFF-209DBA9C1DFD} 2012-07-26 20:19:52 -------- d-----w- c:\users\evan\appdata\local\{4E599C01-171D-4695-971E-1C583972B36E} 2012-07-25 21:10:00 -------- d-----w- c:\users\evan\appdata\local\{3D0C4FDA-4DFF-4B65-80C3-3D8BB9814A88} 2012-07-25 21:09:47 -------- d-----w- c:\users\evan\appdata\local\{5A503DD0-DABD-44F2-BE6B-64E84BA455FC} 2012-07-24 23:46:21 -------- d-----w- c:\users\evan\appdata\local\{8D3E2D72-A3D1-4860-8E47-892DFB303AD5} 2012-07-24 22:18:44 -------- d-----w- c:\windows\en 2012-07-24 22:14:23 -------- d-----w- c:\users\evan\appdata\local\{F163ED79-68B2-4BB3-AA0A-A536066E3437} 2012-07-24 22:14:11 -------- d-----w- c:\users\evan\appdata\local\{C274129E-3B64-4D95-8F62-64C4ABDEFFB6} 2012-07-24 20:52:06 -------- d-----w- c:\users\evan\appdata\local\{8DA5D940-C959-43D8-B9BB-2216C7BF69B9} 2012-07-24 20:51:55 -------- d-----w- c:\users\evan\appdata\local\{2319818E-CC76-43DA-838E-87069D38AC74} 2012-07-23 21:43:44 -------- d-----w- c:\users\evan\appdata\local\{A0711CFD-6141-4989-8EB2-82A0F55AA692} 2012-07-23 21:43:32 -------- d-----w- c:\users\evan\appdata\local\{C4A337BD-A24C-4245-A443-6885C29A47F3} 2012-07-23 21:39:43 -------- d-----w- c:\users\evan\appdata\local\{4C68C2E7-7876-4AB1-AAB2-4E0B1D1BFE1E} 2012-07-23 21:39:31 -------- d-----w- c:\users\evan\appdata\local\{DB3A73A0-4D16-487C-B57F-BED487D14A43} 2012-07-22 04:18:28 -------- d-----w- c:\users\evan\appdata\local\{D271DB22-50D7-4C1D-8B87-D364750A6DEA} 2012-07-22 04:18:16 -------- d-----w- c:\users\evan\appdata\local\{97E30B85-7E22-45CC-AA50-C575E72E0B79} 2012-07-21 22:14:58 -------- d-----w- c:\users\evan\appdata\local\{285BBA35-D5A0-4D18-8BE5-698B575509C5} 2012-07-21 22:14:47 -------- d-----w- c:\users\evan\appdata\local\{B35AD8A6-9ECB-4D23-8CB2-4722344432D6} 2012-07-21 01:08:36 -------- d-----w- c:\users\evan\appdata\local\{C7FA9998-CDA9-4573-AC0A-E3AB2F80A0A9} 2012-07-21 01:08:25 -------- d-----w- c:\users\evan\appdata\local\{5C7E550D-072A-4390-B4BB-ECD09A0D1383} 2012-07-20 21:01:33 -------- d-----w- c:\users\evan\appdata\local\{BFB33320-8A70-4FAC-8C0F-544C473E9648} 2012-07-20 21:01:21 -------- d-----w- c:\users\evan\appdata\local\{8E3E88A7-E460-4077-BA7E-280329D86E2D} 2012-07-20 16:15:09 -------- d-----w- c:\users\evan\appdata\local\{B1D9CA9C-3B8E-45E7-AF39-A0C8367D4E2A} 2012-07-20 16:14:58 -------- d-----w- c:\users\evan\appdata\local\{B13BA3CD-CEEF-496A-A685-884BE70DADED} 2012-07-19 03:23:39 -------- d-----w- c:\users\evan\appdata\local\{41939811-296D-4D0B-A31A-04F97F72DCCA} 2012-07-19 03:23:28 -------- d-----w- c:\users\evan\appdata\local\{3F095810-EA9B-4741-8995-B5EBA5C4F242} 2012-07-19 01:04:17 -------- d-----w- c:\users\evan\appdata\local\{2AA53213-E13F-4D34-BE86-90677D29E667} 2012-07-19 01:03:28 -------- d-----w- c:\users\evan\appdata\local\{DACE0E68-80F1-4CD2-A686-61160170554E} 2012-07-18 23:10:13 -------- d-----w- c:\users\evan\appdata\local\{B3DB0485-EE0E-4D62-A31B-B3AA54664269} 2012-07-18 23:09:05 -------- d-----w- c:\users\evan\appdata\local\{7D76376A-9810-450F-8B70-7A95CDDA62C8} 2012-07-15 02:25:31 -------- d-----w- c:\users\evan\appdata\local\{2E4AF657-B01A-4B66-9455-E9C520910C63} 2012-07-15 02:25:16 -------- d-----w- c:\users\evan\appdata\local\{A0369A53-1B7F-45C3-A72E-29A3341AA637} 2012-07-14 03:34:22 -------- d-----w- c:\users\evan\appdata\local\{1C0A20EE-3D11-4BE0-AC41-3872FF463199} 2012-07-14 03:34:09 -------- d-----w- c:\users\evan\appdata\local\{E677FA00-953F-43D3-8E69-95A5C4BB8C77} . ==================== Find3M ==================== . 2012-08-02 23:21:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-08-02 23:21:59 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-07-03 16:46:44 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-07-01 22:43:39 772592 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-07-01 22:43:39 687600 ----a-w- c:\windows\system32\deployJava1.dll 2012-06-25 17:58:44 18448 ----a-w- c:\windows\system32\nitrolocalui2.dll 2012-06-25 17:58:42 27152 ----a-w- c:\windows\system32\nitrolocalmon2.dll 2012-06-13 13:40:21 2047488 ----a-w- c:\windows\system32\win32k.sys 2012-06-05 16:47:28 1401856 ----a-w- c:\windows\system32\msxml6.dll 2012-06-05 16:47:27 1248768 ----a-w- c:\windows\system32\msxml3.dll 2012-06-04 15:26:04 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys 2012-06-02 22:12:32 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-02 22:12:13 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-02 18:19:42 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-02 18:12:20 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-02 08:33:25 1800192 ----a-w- c:\windows\system32\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- c:\windows\system32\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-06-02 00:04:25 278528 ----a-w- c:\windows\system32\schannel.dll 2012-06-02 00:03:42 204288 ----a-w- c:\windows\system32\ncrypt.dll . ============= FINISH: 1:18:23.43 =============== Attach.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.