KentT

October 16, 2012

I Keep getting blocked ACCESS after having a virus called Trojan.Maljava . It took over my email for awhile, not Malware bytes keeps giving me this message every few seconds. What do I do to clean it. Tried multiple virus scans and they find nothing.

DDS (Ver_2012-10-14.05) - NTFS_x86

Internet Explorer: 9.0.8112.16421

Run by Kent Tabor at 11:57:47 on 2012-10-16

Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.2520.785 [GMT -5:00]

.

AV: Symantec Endpoint Protection *Disabled/Updated* {88C95A36-8C3B-2F2C-1B8B-30FCCFDC4855}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Symantec Endpoint Protection *Disabled/Updated* {33A8BBD2-AA01-20A2-213B-0B8EB45B02E8}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\ibmpmsvc.exe

C:\Windows\system32\AtService.exe

C:\Windows\system32\atiesrxx.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe

C:\Windows\system32\atieclxx.exe

C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\LENOVO\HOTKEY\TPHKLOAD.exe

C:\Program Files\LENOVO\HOTKEY\TPHKSVC.exe

C:\Program Files\Lenovo\Access Connections\AcPrfMgrSvc.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\LENOVO\HOTKEY\tposdsvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\EbService\EbService.exe

C:\Windows\Explorer.EXE

C:\Program Files\Lenovo\HOTKEY\TPONSCR.exe

C:\Program Files\Lenovo\Zoom\TpScrex.exe

C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe

C:\Program Files\Lenovo\Communications Utility\CAMMUTE.exe

C:\Program Files\Lenovo\Communications Utility\TPKNRSVC.exe

C:\Program Files\LENOVO\VIRTSCRL\lvvsst.exe

C:\PROGRA~1\LENOVO\VIRTSCRL\virtscrl.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Memeo\AutoBackup\MemeoBackgroundService.exe

C:\Program Files\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe

C:\Program Files\Seagate\Seagate Dashboard\SeagateDashboardService.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe

C:\Program Files\FLIR Systems\FLIR Device Drivers\FLIR T3Srv\sysx86\T3Srv.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Lenovo\Access Connections\AcSvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\WUDFHost.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Windows\System32\TpShocks.exe

C:\Program Files\Lenovo\Access Connections\SvcGuiHlpr.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Intel\AMT\LMS.exe

c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

c:\program files\lenovo\system update\suservice.exe

C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe

C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\Microsoft Office\Office12\WINWORD.EXE

C:\Program Files\Common Files\eDrawings2012\eModelViewer.exe

C:\Program Files\Real\RealPlayer\update\realsched.exe

C:\Program Files\Microsoft Office\Office12\EXCEL.EXE

C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil32_11_4_402_287_ActiveX.exe

C:\Program Files\Symantec\Symantec Endpoint Protection\SymCorpUI.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Ask.com\UpdateTask.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k HPService

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k HsfXAudioService

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uSearch Bar = Preserve

uDefault_Page_URL = hxxp://lenovo.msn.com

uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - c:\program files\ask.com\GenericAskToolbar.dll

uURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll

BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll

TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\ask.com\GenericAskToolbar.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [TpShocks] TpShocks.exe

mRun: [FingerPrintSoftware] "c:\program files\lenovo fingerprint software\fpapp.exe" \s

mRun: [AcWin7Hlpr] c:\program files\lenovo\access connections\AcTBenabler.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [TkBellExe] "c:\program files\real\realplayer\update\realsched.exe" -osboot

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:255

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: DisableCAD = dword:1

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: Microsoft XML Parser for Java - file:///C:/Windows/Java/classes/xmldso.cab

DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://oesx.webex.com/client/T27LC/webex/ieatgpc1.cab

DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=724

TCP: NameServer = 10.113.245.30

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE} : DHCPNameServer = 10.113.245.30

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\34573747F6D6562737 : DHCPNameServer = 216.165.129.157

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\34F657274797162746 : DHCPNameServer = 10.255.1.1

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\451626F62713 : DHCPNameServer = 209.18.47.61 209.18.47.62 192.168.1.1

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\765756374777966696 : DHCPNameServer = 192.168.10.2 192.168.10.3

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\B456C6C697E274564716771697 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{7EEB709B-BA3B-4D77-86CB-783D467FE3FE}\C696E6B6379737 : DHCPNameServer = 10.113.245.30

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll

Notify: igfxcui - igfxdev.dll

SSODL: WebCheck - <orphaned>

LSA: Notification Packages = scecli ACGina

LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

============= SERVICES / DRIVERS ===============

.

R0 DozeHDD;DozeHDD;c:\windows\system32\drivers\DOZEHDD.SYS [2012-2-17 25968]

R0 TPDIGIMN;TPDIGIMN;c:\windows\system32\drivers\ApsHM86.sys [2009-6-29 20520]

R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2012-2-17 13680]

R1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\drivers\vwififlt.sys [2009-7-13 48128]

R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-4-30 176128]

R2 ATService;AuthenTec Fingerprint Service;c:\windows\system32\AtService.exe [2009-9-1 1692920]

R2 EbService;Ethernet Bus Service;c:\windows\system32\ebservice\EbService.exe [2011-11-15 150288]

R2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe -k HsfXAudioService [2009-7-13 20992]

R2 LENOVO.CAMMUTE;Lenovo Camera Mute;c:\program files\lenovo\communications utility\CamMute.exe [2012-2-17 50536]

R2 LENOVO.TPKNRSVC;Lenovo Keyboard Noise Reduction;c:\program files\lenovo\communications utility\TPKNRSVC.exe [2012-2-17 74088]

R2 Lenovo.VIRTSCRLSVC;Lenovo Auto Scroll;c:\program files\lenovo\virtscrl\lvvsst.exe [2012-4-19 127336]

R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-10-11 676936]

R2 MemeoBackgroundService;MemeoBackgroundService;c:\program files\memeo\autobackup\MemeoBackgroundService.exe [2011-4-6 25824]

R2 MSSQL$ACT7;SQL Server (ACT7);c:\program files\microsoft sql server\mssql.2\mssql\binn\sqlservr.exe [2010-12-10 29293408]

R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]

R2 SeagateDashboardService;Seagate Dashboard Service;c:\program files\seagate\seagate dashboard\SeagateDashboardService.exe [2011-11-3 8704]

R2 Symantec AntiVirus;Symantec Endpoint Protection;c:\program files\symantec\symantec endpoint protection\Rtvscan.exe [2010-3-16 2477304]

R2 T3Srv;FLIR Systems Camera Monitor;c:\program files\flir systems\flir device drivers\flir t3srv\sysx86\T3Srv.exe [2010-5-3 457312]

R2 TPHKLOAD;Lenovo Hotkey Client Loader;c:\program files\lenovo\hotkey\tphkload.exe [2012-4-19 131432]

R2 TPHKSVC;On Screen Display;c:\program files\lenovo\hotkey\TPHKSVC.exe [2012-4-19 142696]

R2 UNS;Intel® Management and Security Application User Notification Service;c:\program files\common files\intel\privacy icon\uns\UNS.exe [2009-12-31 2058776]

R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2012-4-30 6574080]

R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2012-4-30 229888]

R3 ATSwpWDF;AuthenTec TruePrint USB WDF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2009-9-1 485376]

R3 e1yexpress;Intel® Gigabit Network Connections Driver;c:\windows\system32\drivers\e1y6232.sys [2012-2-17 223960]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2012-10-10 106656]

R3 intelkmd;intelkmd;c:\windows\system32\drivers\igdpmd32.sys [2012-4-30 9037312]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-10-11 22856]

R3 PCDSRVC{3037D694-FD904ACA-06020200}_0;PCDSRVC{3037D694-FD904ACA-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\pc-doctor\pcdsrvc.pkms [2011-3-31 22640]

R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\drivers\rtl8192se.sys [2010-3-9 1117800]

R3 TVTI2C;Lenovo SM bus driver;c:\windows\system32\drivers\tvti2c.sys [2009-7-2 38336]

R3 UsbFltr;WayTech USB Filter Driver1;c:\windows\system32\drivers\UsbFltr.sys [2007-4-9 9600]

R3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\drivers\vwifimp.sys [2009-7-13 14336]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-8-4 136176]

S2 LENOVO.MICMUTE;Lenovo Microphone Mute;c:\program files\lenovo\hotkey\micmute.exe [2012-4-19 101736]

S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-8-16 250808]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 CprDrvr;Driver for Lantronix CPR Device;c:\windows\system32\drivers\CprDrvr.sys [2011-7-13 142456]

S3 DozeSvc;Lenovo Doze Mode Service;c:\program files\thinkpad\utilities\DOZESVC.EXE [2012-2-17 292200]

S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-8-4 136176]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S3 NWUSBCDFIL;Novatel Wireless Installation CD;c:\windows\system32\drivers\NwUsbCdFil.sys [2008-7-7 20480]

S3 NWUSBPort2;Novatel Wireless USB Status2 Port Driver;c:\windows\system32\drivers\nwusbser2.sys [2008-5-9 174336]

S3 Power Manager DBC Service;Power Manager DBC Service;c:\program files\thinkpad\utilities\PWMDBSVC.exe [2009-12-31 89152]

S3 PwmEWSvc;Cisco EnergyWise Enabler;c:\program files\thinkpad\utilities\PWMEWSVC.exe [2012-2-17 175168]

S3 RoxMediaDB10;RoxMediaDB10;c:\program files\common files\roxio shared\10.0\sharedcom\RoxMediaDB10.exe [2009-8-5 1124848]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-1 52224]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-3-11 1343400]

S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2009-7-13 17920]

S4 ADMonitor;AD Monitor;c:\windows\system32\ADMonitor.exe [2009-9-1 106496]

S4 dtsvc;Data Transfer Service;c:\windows\system32\DTS.exe [2009-9-1 98304]

.

=============== Created Last 30 ================

.

2012-10-12 04:50:37 2663232 ----a-w- C:\CCleaner.exe

2012-10-12 04:45:12 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-10-12 04:45:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-10-12 03:06:44 -------- d-----w- c:\users\kent tabor\appdata\local\LogMeIn Rescue Applet

2012-10-12 03:00:17 -------- d-----w- c:\windows\pss

2012-10-11 19:36:38 -------- d-----w- c:\windows\system32\appmgmt

2012-10-10 18:27:19 -------- d-----w- c:\users\kent tabor\appdata\local\NPE

2012-10-10 13:40:56 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 13:40:36 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 11:37:57 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 11:37:57 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 11:37:57 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 11:37:13 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-10-10 11:37:11 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 11:37:08 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 11:37:08 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-09 20:19:13 -------- d-----w- c:\users\kent tabor\appdata\roaming\BlueSprig

2012-10-09 20:19:06 -------- d-----w- c:\program files\BlueSprig

2012-09-26 18:11:57 245760 ----a-w- c:\windows\system32\OxpsConverter.exe

2012-09-19 16:07:55 -------- d-----w- c:\users\kent tabor\appdata\local\{D305DB7F-676C-43C2-B967-3BF3C6F9A748}

2012-09-18 13:03:37 -------- d-----w- c:\users\kent tabor\appdata\local\{1FC48B0D-4BB9-4DE6-867C-C763DFA0580F}

2012-09-17 17:01:02 -------- d-----w- c:\users\kent tabor\appdata\local\{9B041CB3-F345-4DEF-B093-7F6DF8915A4C}

.

==================== Find3M ====================

.

2012-10-09 14:07:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-10-09 14:07:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys

2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys

2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe

2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-08-02 16:57:20 490496 ----a-w- c:\windows\system32\d3d10level9.dll

2012-07-18 17:47:53 2345984 ----a-w- c:\windows\system32\win32k.sys

.

============= FINISH: 11:59:47.05 ===============

Sign In

KentT

Posts

Joined

Last visited

Content Type

Events

Profiles

Forums

Posts posted by KentT

Blocked access to potentially Malicious website 64.29.151.221

Browse

Activity

Personal

Business

Business Modules

Partners

Learn

Start here

Type of malware/attacks

How does it get on my computer?

Scams and grifts

Support

Important Information