Jump to content

ilovetea

Honorary Members
 View Profile  See their activity

  • Posts

    28

  • Joined

  • Last visited

 Content Type 

Everything posted by ilovetea

  1. ilovetea
    Adw and asw logs are as follows: # AdwCleaner v2.006 - Logfile created 11/03/2012 at 21:31:01 # Updated 30/10/2012 by Xplode # Operating system : Windows 7 Professional Service Pack 1 (64 bits) # User : GTI - GTI-PC # Boot Mode : Normal # Running from : C:\Users\GTI\Desktop\AdwCleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E1230F8-EA50-42A9-983C-D22ABC2EED3B} Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D} Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D} Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169} Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C} Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061} Key Found : HKLM\SOFTWARE\Classes\Interface\{95B92D92-8B7D-4A19-A3F1-43113B4DBCAF} Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB} Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE} Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5} Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC} Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD} Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C} Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2} Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680} Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED} Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Key Found : HKU\S-1-5-21-1640854216-2499995478-324988698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26 [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default-1351042774930 [Profil par défaut] File : C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.94 File : C:\Users\GTI\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.15] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ] Found [l.1717] : urls_to_restore_on_startup = [ "hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26" ] ************************* AdwCleaner[R1].txt - [4378 octets] - [03/11/2012 21:31:01] ########## EOF - C:\AdwCleaner[R1].txt - [4438 octets] ########## aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-11-03 21:33:49 ----------------------------- 21:33:49.334 OS Version: Windows x64 6.1.7601 Service Pack 1 21:33:49.334 Number of processors: 8 586 0x2A07 21:33:49.334 ComputerName: GTI-PC UserName: GTI 21:33:49.502 Initialize success 21:34:27.401 AVAST engine defs: 12110301 21:34:56.984 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 21:34:56.985 Disk 0 Vendor: INTEL_SS 2CV1 Size: 76319MB BusType: 3 21:34:56.992 Disk 1 \Device\Harddisk1\DR1 -> \Device\0000006f 21:34:56.993 Disk 1 Vendor: SAMSUNG_ 1AJ1 Size: 953869MB BusType: 11 21:34:56.994 Disk 2 \Device\Harddisk2\DR2 -> \Device\00000070 21:34:56.996 Disk 2 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 11 21:34:56.997 Disk 0 MBR read successfully 21:34:56.998 Disk 0 MBR scan 21:34:57.000 Disk 0 Windows 7 default MBR code 21:34:57.001 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 21:34:57.003 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 76217 MB offset 206848 21:34:57.007 Disk 0 scanning C:\Windows\system32\drivers 21:34:59.029 Service scanning 21:35:03.530 Modules scanning 21:35:03.534 Disk 0 trace - called modules: 21:35:03.536 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 21:35:03.538 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800a983790] 21:35:03.540 3 CLASSPNP.SYS[fffff880017cc43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800704b050] 21:35:03.701 AVAST engine scan C:\Windows 21:35:04.175 AVAST engine scan C:\Windows\system32 21:35:47.441 AVAST engine scan C:\Windows\system32\drivers 21:35:49.915 AVAST engine scan C:\Users\GTI 21:36:17.467 AVAST engine scan C:\ProgramData 21:36:20.601 Scan finished successfully 21:36:39.334 Disk 0 MBR has been saved successfully to "C:\Users\GTI\Desktop\MBR.dat" 21:36:39.336 The log file has been saved successfully to "C:\Users\GTI\Desktop\aswMBR.txt"
  2. ilovetea
    Jeff, thanks for the reply. Combofix log: ComboFix 12-10-31.03 - GTI 10/31/2012 23:01:02.1.8 - x64 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.6282 [GMT -4:00] Running from: f:\download\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\SysWow64\muzapp.exe . . ((((((((((((((((((((((((( Files Created from 2012-10-01 to 2012-11-01 ))))))))))))))))))))))))))))))) . . 2012-11-01 03:02 . 2012-11-01 03:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-11-01 02:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{619049A8-E822-4370-9B8F-2FC5085B0D7B}\mpengine.dll 2012-11-01 02:33 . 2012-11-01 02:41 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-11-01 02:33 . 2012-11-01 02:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-31 23:59 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-10-30 23:39 . 2012-10-30 23:39 -------- d-----w- c:\users\GTI\AppData\Local\Programs 2012-10-24 00:55 . 2012-10-24 00:55 -------- d-----w- c:\program files (x86)\Perion 2012-10-24 00:55 . 2011-06-10 23:15 829264 ----a-w- c:\windows\system32\msvcr100.dll 2012-10-24 00:55 . 2011-06-10 23:15 608080 ----a-w- c:\windows\system32\msvcp100.dll 2012-10-23 01:16 . 2012-10-23 01:16 -------- d-----w- C:\Reditr 2012-10-19 21:26 . 2012-09-27 03:35 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll 2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\program files (x86)\Common Files\Java 2012-10-18 00:57 . 2012-10-18 00:57 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-18 00:57 . 2012-10-18 00:57 -------- d-----w- c:\programdata\McAfee 2012-10-14 07:59 . 2012-10-14 10:19 -------- d-----w- c:\users\GTI\AppData\Roaming\Mumble 2012-10-14 07:58 . 2012-10-14 07:58 -------- d-----w- c:\program files (x86)\Mumble 2012-10-13 22:23 . 2012-09-20 04:35 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys 2012-10-13 22:23 . 2012-09-20 04:35 102368 ----a-w- c:\windows\system32\drivers\ssudbus.sys 2012-10-13 19:53 . 2012-10-13 19:53 -------- d-----w- c:\programdata\RELOADED 2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\users\UpdatusUser 2012-10-13 18:05 . 2012-10-13 18:05 -------- d-----w- c:\programdata\NVIDIA 2012-10-13 18:05 . 2012-10-02 19:51 3536817 ----a-w- c:\windows\system32\nvcoproc.bin 2012-10-13 18:05 . 2012-10-02 19:51 3293544 ----a-w- c:\windows\system32\nvsvc64.dll 2012-10-13 18:05 . 2012-10-02 19:51 6200680 ----a-w- c:\windows\system32\nvcpl.dll 2012-10-13 18:05 . 2012-10-02 19:50 891240 ----a-w- c:\windows\system32\nvvsvc.exe 2012-10-13 18:05 . 2012-10-02 19:50 63336 ----a-w- c:\windows\system32\nvshext.dll 2012-10-13 18:05 . 2012-10-02 19:50 2557800 ----a-w- c:\windows\system32\nvsvcr.dll 2012-10-13 18:05 . 2012-10-02 19:50 118120 ----a-w- c:\windows\system32\nvmctray.dll 2012-10-13 18:04 . 2012-10-13 18:04 -------- d-----w- c:\programdata\NVIDIA Corporation 2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\users\GTI\AppData\Roaming\AccurateRip 2012-10-10 23:12 . 2012-10-10 23:12 4779592 ----a-w- c:\windows\SysWow64\SpoonUninstall.exe 2012-10-10 23:12 . 2012-10-10 23:12 -------- d-----w- c:\program files (x86)\Illustrate 2012-10-10 22:39 . 2012-10-10 22:39 -------- d-----w- c:\users\GTI\temp 2012-10-10 22:39 . 2012-10-11 00:25 -------- d-----w- c:\users\GTI\AppData\Roaming\TeamViewer 2012-10-10 22:31 . 2012-10-10 22:31 -------- d-----w- c:\program files (x86)\Microsoft Chart Controls 2012-10-10 09:36 . 2012-09-27 18:07 160992 ----a-w- c:\windows\system32\drivers\idmwfp.sys 2012-10-09 22:55 . 2012-10-09 22:55 -------- d-----w- c:\program files\Recuva . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-18 00:57 . 2012-09-08 03:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-18 00:57 . 2012-09-08 03:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-10-11 07:00 . 2012-09-08 05:23 65309168 ----a-w- c:\windows\system32\MRT.exe 2012-10-10 06:22 . 2012-05-21 15:55 12836864 ----a-w- c:\windows\system32\igd10umd64.dll 2012-10-10 06:22 . 2012-03-20 02:17 110592 ----a-w- c:\windows\system32\hccutils.dll 2012-10-10 06:22 . 2012-05-21 14:42 9007616 ----a-w- c:\windows\system32\igfxress.dll 2012-10-10 06:22 . 2012-03-20 02:17 63488 ----a-w- c:\windows\system32\igfxsrvc.dll 2012-10-10 06:22 . 2012-05-21 14:43 386048 ----a-w- c:\windows\system32\igfxpph.dll 2012-10-02 22:21 . 2012-09-08 02:54 973672 ----a-w- c:\windows\system32\nvumdshimx.dll 2012-10-02 22:21 . 2012-09-08 02:54 9146728 ----a-w- c:\windows\system32\nvcuda.dll 2012-10-02 22:21 . 2012-09-08 02:54 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2012-10-02 22:21 . 2012-09-08 02:54 7697768 ----a-w- c:\windows\SysWow64\nvcuda.dll 2012-10-02 22:21 . 2012-09-08 02:54 7414632 ----a-w- c:\windows\system32\nvopencl.dll 2012-10-02 22:21 . 2012-09-08 02:54 6127464 ----a-w- c:\windows\SysWow64\nvopencl.dll 2012-10-02 22:21 . 2012-09-08 02:54 364904 ----a-w- c:\windows\system32\nvEncodeAPI64.dll 2012-10-02 22:21 . 2012-09-08 02:54 313704 ----a-w- c:\windows\SysWow64\nvEncodeAPI.dll 2012-10-02 22:21 . 2012-09-08 02:54 2747240 ----a-w- c:\windows\system32\nvcuvid.dll 2012-10-02 22:21 . 2012-09-08 02:54 2731880 ----a-w- c:\windows\system32\nvapi64.dll 2012-10-02 22:21 . 2012-09-08 02:54 26331496 ----a-w- c:\windows\system32\nvoglv64.dll 2012-10-02 22:21 . 2012-09-08 02:54 2574696 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2012-10-02 22:21 . 2012-09-08 02:54 25256296 ----a-w- c:\windows\system32\nvcompiler.dll 2012-10-02 22:21 . 2012-09-08 02:54 247144 ----a-w- c:\windows\system32\nvinitx.dll 2012-10-02 22:21 . 2012-09-08 02:54 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll 2012-10-02 22:21 . 2012-09-08 02:54 2218344 ----a-w- c:\windows\system32\nvcuvenc.dll 2012-10-02 22:21 . 2012-09-08 02:54 202600 ----a-w- c:\windows\SysWow64\nvinit.dll 2012-10-02 22:21 . 2012-09-08 02:54 19906920 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2012-10-02 22:21 . 2012-09-08 02:54 1867112 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2012-10-02 22:21 . 2012-09-08 02:54 18252136 ----a-w- c:\windows\system32\nvd3dumx.dll 2012-10-02 22:21 . 2012-09-08 02:54 1760104 ----a-w- c:\windows\system32\nvdispco64.dll 2012-10-02 22:21 . 2012-09-08 02:54 17559912 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2012-10-02 22:21 . 2012-09-08 02:54 15309160 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2012-10-02 22:21 . 2012-09-08 02:54 14922600 ----a-w- c:\windows\system32\nvwgf2umx.dll 2012-10-02 22:21 . 2012-09-08 02:54 1482600 ----a-w- c:\windows\system32\nvdispgenco64.dll 2012-10-02 22:21 . 2012-09-08 02:54 13443944 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2012-10-02 22:21 . 2012-09-08 02:54 12501352 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2012-09-29 23:54 . 2012-09-08 03:19 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-27 03:35 . 2012-09-08 03:21 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll 2012-09-16 18:42 . 2012-09-16 18:42 1174993 ----a-w- c:\windows\unins001.exe 2012-09-16 18:41 . 2012-09-16 18:41 1174993 ----a-w- c:\windows\unins000.exe 2012-09-16 01:59 . 2012-09-16 01:59 191472 ----a-w- c:\windows\system32\javaws.exe 2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\javaw.exe 2012-09-16 01:59 . 2012-09-16 01:59 172528 ----a-w- c:\windows\system32\java.exe 2012-09-09 01:02 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll 2012-09-09 01:02 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll 2012-09-08 05:31 . 2012-09-08 05:31 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll 2012-09-08 05:31 . 2012-09-08 05:31 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe 2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe 2012-09-08 05:31 . 2012-09-08 05:31 74752 ----a-w- c:\windows\SysWow64\iesetup.dll 2012-09-08 05:31 . 2012-09-08 05:31 63488 ----a-w- c:\windows\SysWow64\tdc.ocx 2012-09-08 05:31 . 2012-09-08 05:31 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll 2012-09-08 05:31 . 2012-09-08 05:31 367104 ----a-w- c:\windows\SysWow64\html.iec 2012-09-08 05:31 . 2012-09-08 05:31 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll 2012-09-08 05:31 . 2012-09-08 05:31 161792 ----a-w- c:\windows\SysWow64\msls31.dll 2012-09-08 05:31 . 2012-09-08 05:31 152064 ----a-w- c:\windows\SysWow64\wextract.exe 2012-09-08 05:31 . 2012-09-08 05:31 150528 ----a-w- c:\windows\SysWow64\iexpress.exe 2012-09-08 05:31 . 2012-09-08 05:31 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll 2012-09-08 05:30 . 2012-09-08 05:30 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe 2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe 2012-09-08 05:30 . 2012-09-08 05:30 89088 ----a-w- c:\windows\system32\ie4uinit.exe 2012-09-08 05:30 . 2012-09-08 05:30 85504 ----a-w- c:\windows\system32\iesetup.dll 2012-09-08 05:30 . 2012-09-08 05:30 82432 ----a-w- c:\windows\system32\icardie.dll 2012-09-08 05:30 . 2012-09-08 05:30 76800 ----a-w- c:\windows\system32\tdc.ocx 2012-09-08 05:30 . 2012-09-08 05:30 65024 ----a-w- c:\windows\system32\pngfilt.dll 2012-09-08 05:30 . 2012-09-08 05:30 55296 ----a-w- c:\windows\system32\msfeedsbs.dll 2012-09-08 05:30 . 2012-09-08 05:30 534528 ----a-w- c:\windows\system32\ieapfltr.dll 2012-09-08 05:30 . 2012-09-08 05:30 49664 ----a-w- c:\windows\system32\imgutil.dll 2012-09-08 05:30 . 2012-09-08 05:30 48640 ----a-w- c:\windows\system32\mshtmler.dll 2012-09-08 05:30 . 2012-09-08 05:30 452608 ----a-w- c:\windows\system32\dxtmsft.dll 2012-09-08 05:30 . 2012-09-08 05:30 448512 ----a-w- c:\windows\system32\html.iec 2012-09-08 05:30 . 2012-09-08 05:30 403248 ----a-w- c:\windows\system32\iedkcs32.dll 2012-09-08 05:30 . 2012-09-08 05:30 39936 ----a-w- c:\windows\system32\iernonce.dll 2012-09-08 05:30 . 2012-09-08 05:30 3695416 ----a-w- c:\windows\system32\ieapfltr.dat 2012-09-08 05:30 . 2012-09-08 05:30 35840 ----a-w- c:\windows\SysWow64\imgutil.dll 2012-09-08 05:30 . 2012-09-08 05:30 30720 ----a-w- c:\windows\system32\licmgr10.dll 2012-09-08 05:30 . 2012-09-08 05:30 282112 ----a-w- c:\windows\system32\dxtrans.dll 2012-09-08 05:30 . 2012-09-08 05:30 267776 ----a-w- c:\windows\system32\ieaksie.dll 2012-09-08 05:30 . 2012-09-08 05:30 249344 ----a-w- c:\windows\system32\webcheck.dll 2012-09-08 05:30 . 2012-09-08 05:30 222208 ----a-w- c:\windows\system32\msls31.dll 2012-09-08 05:30 . 2012-09-08 05:30 197120 ----a-w- c:\windows\system32\msrating.dll 2012-09-08 05:30 . 2012-09-08 05:30 163840 ----a-w- c:\windows\system32\ieakui.dll 2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\ieakeng.dll 2012-09-08 05:30 . 2012-09-08 05:30 149504 ----a-w- c:\windows\system32\occache.dll 2012-09-08 05:30 . 2012-09-08 05:30 145920 ----a-w- c:\windows\system32\iepeers.dll 2012-09-08 05:30 . 2012-09-08 05:30 135168 ----a-w- c:\windows\system32\IEAdvpack.dll 2012-09-08 05:30 . 2012-09-08 05:30 12288 ----a-w- c:\windows\system32\mshta.exe 2012-09-08 05:30 . 2012-09-08 05:30 11776 ----a-w- c:\windows\SysWow64\mshta.exe 2012-09-08 05:30 . 2012-09-08 05:30 114176 ----a-w- c:\windows\system32\admparse.dll 2012-09-08 05:30 . 2012-09-08 05:30 111616 ----a-w- c:\windows\system32\iesysprep.dll 2012-09-08 05:30 . 2012-09-08 05:30 10752 ----a-w- c:\windows\system32\msfeedssync.exe 2012-09-08 05:30 . 2012-09-08 05:30 103936 ----a-w- c:\windows\system32\inseng.dll 2012-09-08 05:30 . 2012-09-08 05:30 101888 ----a-w- c:\windows\SysWow64\admparse.dll 2012-09-08 05:30 . 2012-09-08 05:30 165888 ----a-w- c:\windows\system32\iexpress.exe 2012-09-08 05:30 . 2012-09-08 05:30 160256 ----a-w- c:\windows\system32\wextract.exe 2012-09-08 03:24 . 2012-09-08 03:24 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2012-09-08 03:24 . 2012-09-08 03:24 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2012-09-08 03:24 . 2012-09-08 03:24 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-09-08 03:24 . 2012-09-08 03:24 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-09-08 03:17 . 2012-09-08 03:17 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-08 03:17 . 2012-09-08 03:17 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-10-10 3536320] "KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-10-11 966072] "KiesAirMessage"="c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096] "KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-10-11 842680] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "googletalk"="c:\program files (x86)\Google\Google Talk\googletalk.exe" [2007-01-01 3739648] "CTxfiHlp"="CTXFIHLP.EXE" [2011-08-12 25600] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128] "KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688] "Corsair M60 Mouse"="c:\program files (x86)\Corsair\M60 Mouse\M60Hid.exe" [2012-05-22 1766400] "Corsair laver"="c:\program files (x86)\Corsair\K90 Keyboard\K90Hid.exe" [2012-05-22 1780736] "VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "mixer2"=wdmaud.drv . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cphs;Intel® Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-10-10 277024] R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-06-02 17864] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-09-08 79360] R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [2011-08-12 230488] R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [2011-08-12 1494104] R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [2011-08-12 95320] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368] R3 dgderdrv;dgderdrv;c:\windows\system32\drivers\dgderdrv.sys [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-10-27 115168] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456] R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-08 1255736] S0 mvs91xx;mvs91xx;c:\windows\system32\DRIVERS\mvs91xx.sys [2011-04-08 312624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632] S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-09-27 160992] S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856] S3 CORSGKB;Corsair Gaming Keyboard;c:\windows\system32\drivers\CORSGKB.sys [2012-03-27 25600] S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [2011-08-12 230488] S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [2011-08-12 1494104] S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [2011-08-12 95320] S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-02-08 39936] S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-02-08 64512] S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [2011-08-12 1678936] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2011-02-14 412712] S3 MEIx64;Intel® Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344] S3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys [2012-09-17 13368] S3 WIMBLEMS;Corsair M60 Gaming Mouse;c:\windows\system32\drivers\WIMBLEMS.sys [2012-03-27 25600] . . Contents of the 'Scheduled Tasks' folder . 2012-10-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000Core.job - c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45] . 2012-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1640854216-2499995478-324988698-1000UA.job - c:\users\GTI\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-16 17:45] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension] @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}" [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}] 2012-02-08 00:49 23432 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-10 171040] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-10 399392] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-10 441888] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26 mLocal Page = c:\windows\SysWOW64\blank.htm uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true IE: Download all links with IDM - c:\program files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm TCP: DhcpNameServer = 24.25.5.150 209.18.47.61 DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab FF - ProfilePath - c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\ FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; c:\users\GTI\AppData\Roaming\IDM\idmmzcc5 FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-23 21:41; jid1-xUfzOsOFlzSOXg@jetpack; c:\users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi . - - - - ORPHANS REMOVED - - - - . AddRemove-dBpoweramp DSP Effects - c:\windows\system32\SpoonUninstall.exe AddRemove-dBpoweramp Music Converter - c:\windows\system32\SpoonUninstall.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*] @="?????????????????? v1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID] @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*] @="?????????????????? v2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID] @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-31 23:04:16 ComboFix-quarantined-files.txt 2012-11-01 03:04 . Pre-Run: 35,814,309,888 bytes free Post-Run: 36,091,863,040 bytes free . - - End Of File - - CE5A0830251D6FCBAA90750EB193AA12
  3. ilovetea
    I have a lingering issue with MyStart Incredibar. I have removed all entries via control panel and browser plugins but it's lingering in Chrome and IE9, possibly Firefox but I don't see any indication of that. Unfortunately I already ran Combofix before I knew I wasn't supposed to, so hopefully that won't screw this process up too bad here. I'm running Win 7 x64 Pro. I ran combofix already...hope that's ok. DDS logs are as follows: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-10-19.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume4 Install Date: 9/7/2012 10:10:10 PM System Uptime: 11/3/2012 12:24:28 PM (5 hours ago) . Motherboard: ASRock | | Z68 Extreme4 Gen3 Processor: Intel® Core i7-2600K CPU @ 3.40GHz | CPUSocket | 3401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 74 GiB total, 32.965 GiB free. D: is CDROM () E: is FIXED (NTFS) - 0 GiB total, 0.069 GiB free. F: is FIXED (NTFS) - 932 GiB total, 332.296 GiB free. G: is FIXED (NTFS) - 466 GiB total, 180.57 GiB free. H: is CDROM () I: is Removable J: is CDROM () . ==== Disabled Device Manager Items ============= . Class GUID: Description: Multimedia Audio Controller Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_D6341412&REV_02\7&10DABA8B&0&08002000E7 Manufacturer: Name: Multimedia Audio Controller PNP Device ID: PCI\VEN_1412&DEV_1712&SUBSYS_D6341412&REV_02\7&10DABA8B&0&08002000E7 Service: . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent 7-Zip 9.25 (x64 edition) Adobe Flash Player 11 Plugin Alt.Binz 0.39.4 Borderlands 2 CDBurnerXP Corsair K90 Gaming Keyboard Driver V1.0 Corsair M60 Gaming Mouse Driver V1.0 CPUID CPU-Z 1.61.5 Creative Audio Control Panel Creative Console Launcher Creative Diagnostics Creative Software AutoUpdate Creative Sound Blaster Properties x64 Edition dBpoweramp DSP Effects dBpoweramp Music Converter Deadlight Dishonored © Bethesda Softworks version 1 Etron USB3.0 Host Controller foobar2000 v1.1.15 Foxit Reader Fraps (remove only) Google Chrome Google Talk (remove only) HashCheck Shell Extension (x86-32) HashCheck Shell Extension (x86-64) Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) ImgBurn Intel® OpenCL CPU Runtime Intel® Processor Graphics Intel® Rapid Storage Technology Intel® Solid-State Drive Toolbox Internet Download Manager Java 7 Update 9 Java Auto Updater Java 6 Update 35 Java 6 Update 35 (64-bit) K-Lite Codec Pack 9.3.0 (Full) League of Legends Left 4 Dead 2 LibreOffice 3.6 Malwarebytes Anti-Malware version 1.65.1.1000 marvell 91xx driver MediaInfo 0.7.61 Microsoft .NET Framework 4 Client Profile Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170) Microsoft Security Client Microsoft Security Essentials Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service Mozilla Thunderbird 16.0.2 (x86 en-US) MSI Afterburner 2.2.5 Mumble 1.2.3 Notepad++ NVIDIA Control Panel 306.97 NVIDIA Graphics Driver 306.97 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX System Software 9.12.0604 NVIDIA Update 1.10.8 NVIDIA Update Components OpenAL Pando Media Booster QuickPar 0.9 Realtek High Definition Audio Driver Recuva Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Skype™ 5.10 Source SDK Base 2007 SSD Tweaker version 2.1.1 System Requirements Lab for Intel Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) VirtualCloneDrive VLC media player 2.0.4 . ==== Event Viewer Messages From Past Week ======== . 10/31/2012 11:02:55 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly. 10/31/2012 11:02:44 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. . ==== End Of File =========================== DDS (Ver_2012-10-19.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.9.2 Run by GTI at 17:53:45 on 2012-11-03 Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8100.5252 [GMT -4:00] . AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C} SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\Microsoft Security Client\MsMpEng.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Microsoft Security Client\NisSrv.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\Eraser\Eraser.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Samsung\Kies\Kies.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Google\Google Talk\googletalk.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe C:\Program Files (x86)\Corsair\M60 Mouse\CorsTra.exe C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\MSI Afterburner\MSIAfterburner.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_500_104.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_500_104.exe C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.101\deploy\LoLLauncher.exe C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.0.220\deploy\LolClient.exe C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://mystart.incredibar.com/mb185?a=6OyS1UE0jU&i=26 uSearchAssistant = hxxp://www.searchamong.com/searchview.php?query={searchTerms}&cat=webs&bar=true BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll BHO: {0E1230F8-EA50-42A9-983C-D22ABC2EED3B} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll uRun: [iDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup uRun: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe /autostart mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60 mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe mRun: [Corsair M60 Mouse] C:\Program Files (x86)\Corsair\M60 Mouse\M60Hid.exe mRun: [Corsair laver] C:\Program Files (x86)\Corsair\K90 Keyboard\K90Hid.exe mRun: [VirtualCloneDrive] "C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 uPolicies-Explorer: NoDrives = dword:0 mPolicies-Explorer: NoDrives = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab TCP: NameServer = 24.25.5.150 209.18.47.61 TCP: Interfaces\{FE7FE438-F863-41E2-A433-FB88092E6DE8} : DHCPNameServer = 24.25.5.150 209.18.47.61 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey x64-Run: [Eraser] "C:\PROGRA~1\Eraser\Eraser.exe" --atRestart x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Notify: igfxcui - igfxdev.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\ FF - prefs.js: browser.startup.homepage - hxxp://rlslog.net FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\GTI\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_500_104.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-11 03:16; mozilla_cc@internetdownloadmanager.com; C:\Users\GTI\AppData\Roaming\IDM\idmmzcc5 FF - ExtSQL: 2012-10-11 17:59; {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}; C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} FF - ExtSQL: 2012-10-23 21:40; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF - ExtSQL: 2012-10-23 21:41; jid1-xUfzOsOFlzSOXg@jetpack; C:\Users\GTI\AppData\Roaming\Mozilla\Firefox\Profiles\omsorwl9.default-1351042774930\extensions\jid1-xUfzOsOFlzSOXg@jetpack.xpi . ============= SERVICES / DRIVERS =============== . R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 mvs91xx;mvs91xx;C:\Windows\System32\drivers\mvs91xx.sys [2011-4-8 312624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-9-8 13632] R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2012-10-26 160992] R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456] R2 nvUpdatusService;NVIDIA Update Service Daemon;C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-13 1258856] R3 CORSGKB;Corsair Gaming Keyboard;C:\Windows\System32\drivers\CORSGKB.sys [2012-9-8 25600] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-11 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-11 1494104] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-11 95320] R3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-2-8 39936] R3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-2-8 64512] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2011-8-11 1678936] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-2-14 412712] R3 MEIx64;Intel® Management Engine Interface ;C:\Windows\System32\drivers\HECIx64.sys [2010-10-19 56344] R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896] R3 RTCore64;RTCore64;C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [2012-10-30 13368] R3 WIMBLEMS;Corsair M60 Gaming Mouse;C:\Windows\System32\drivers\WIMBLEMS.sys [2012-9-8 25600] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 cphs;Intel® Content Protection HECI Service;C:\Windows\SysWOW64\IntelCpHeciSvc.exe [2012-10-10 277024] S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-9-7 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2011-8-11 230488] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2011-8-11 1494104] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2011-8-11 95320] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2012-10-13 102368] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-9-7 115168] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-30 19456] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2012-10-13 203104] S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-30 57856] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-9-8 1255736] . =============== Created Last 30 ================ . 2012-11-03 16:26:53 9291768 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AFE2CD4E-8CB5-4BD6-B78E-9CEF161D9135}\mpengine.dll 2012-11-03 02:40:10 9291768 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-11-02 04:04:45 -------- d-sh--w- C:\$RECYCLE.BIN 2012-11-01 03:00:42 98816 ----a-w- C:\Windows\sed.exe 2012-11-01 03:00:42 256000 ----a-w- C:\Windows\PEV.exe 2012-11-01 03:00:42 208896 ----a-w- C:\Windows\MBR.exe 2012-11-01 02:33:13 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-11-01 02:33:13 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-30 23:39:19 -------- d-----w- C:\Users\GTI\AppData\Local\Programs 2012-10-26 13:15:35 160992 ----a-w- C:\Windows\System32\drivers\idmwfp.sys 2012-10-24 00:55:32 -------- d-----w- C:\Program Files (x86)\Perion 2012-10-24 00:55:25 829264 ----a-w- C:\Windows\System32\msvcr100.dll 2012-10-24 00:55:25 608080 ----a-w- C:\Windows\System32\msvcp100.dll 2012-10-23 01:16:05 -------- d-----w- C:\Reditr 2012-10-19 21:26:58 972192 ------w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{AF05B71F-B655-4787-A31C-8322CDF2653F}\gapaengine.dll 2012-10-18 00:57:13 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 07:59:47 -------- d-----w- C:\Users\GTI\AppData\Roaming\Mumble 2012-10-14 07:58:26 -------- d-----w- C:\Program Files (x86)\Mumble 2012-10-13 22:23:50 203104 ----a-w- C:\Windows\System32\drivers\ssudmdm.sys 2012-10-13 22:23:50 102368 ----a-w- C:\Windows\System32\drivers\ssudbus.sys 2012-10-13 19:53:52 -------- d-----w- C:\ProgramData\RELOADED 2012-10-13 18:05:00 891240 ----a-w- C:\Windows\System32\nvvsvc.exe 2012-10-13 18:05:00 63336 ----a-w- C:\Windows\System32\nvshext.dll 2012-10-13 18:05:00 6200680 ----a-w- C:\Windows\System32\nvcpl.dll 2012-10-13 18:05:00 3536817 ----a-w- C:\Windows\System32\nvcoproc.bin 2012-10-13 18:05:00 3293544 ----a-w- C:\Windows\System32\nvsvc64.dll 2012-10-13 18:05:00 2557800 ----a-w- C:\Windows\System32\nvsvcr.dll 2012-10-13 18:05:00 118120 ----a-w- C:\Windows\System32\nvmctray.dll 2012-10-13 18:04:49 -------- d-----w- C:\ProgramData\NVIDIA Corporation 2012-10-10 23:12:34 -------- d-----w- C:\Users\GTI\AppData\Roaming\AccurateRip 2012-10-10 23:12:30 4779592 ----a-w- C:\Windows\SysWow64\SpoonUninstall.exe 2012-10-10 23:12:28 -------- d-----w- C:\Program Files (x86)\Illustrate 2012-10-10 22:39:59 -------- d-----w- C:\Users\GTI\temp 2012-10-10 22:39:58 -------- d-----w- C:\Users\GTI\AppData\Roaming\TeamViewer 2012-10-10 22:31:13 -------- d-----w- C:\Program Files (x86)\Microsoft Chart Controls 2012-10-10 06:22:42 80384 ----a-w- C:\Windows\System32\igdde64.dll . ==================== Find3M ==================== . 2012-10-18 00:57:11 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-18 00:57:11 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-02 22:21:00 973672 ----a-w- C:\Windows\System32\nvumdshimx.dll 2012-09-29 23:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-16 18:42:54 1174993 ----a-w- C:\Windows\unins001.exe 2012-09-16 18:41:47 1174993 ----a-w- C:\Windows\unins000.exe 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-09-09 01:02:38 175616 ----a-w- C:\Windows\System32\msclmd.dll 2012-09-09 01:02:38 152576 ----a-w- C:\Windows\SysWow64\msclmd.dll 2012-09-08 05:31:00 86528 ----a-w- C:\Windows\SysWow64\iesysprep.dll 2012-09-08 05:31:00 76800 ----a-w- C:\Windows\SysWow64\SetIEInstalledDate.exe 2012-09-08 05:31:00 74752 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe 2012-09-08 05:31:00 74752 ----a-w- C:\Windows\SysWow64\iesetup.dll 2012-09-08 05:31:00 63488 ----a-w- C:\Windows\SysWow64\tdc.ocx 2012-09-08 05:31:00 48640 ----a-w- C:\Windows\SysWow64\mshtmler.dll 2012-09-08 05:31:00 367104 ----a-w- C:\Windows\SysWow64\html.iec 2012-09-08 05:31:00 23552 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2012-09-08 05:31:00 161792 ----a-w- C:\Windows\SysWow64\msls31.dll 2012-09-08 05:31:00 152064 ----a-w- C:\Windows\SysWow64\wextract.exe 2012-09-08 05:31:00 150528 ----a-w- C:\Windows\SysWow64\iexpress.exe 2012-09-08 05:31:00 110592 ----a-w- C:\Windows\SysWow64\IEAdvpack.dll 2012-09-08 03:24:20 466520 ----a-w- C:\Windows\System32\wrap_oal.dll 2012-09-08 03:24:20 445016 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2012-09-08 03:24:20 123480 ----a-w- C:\Windows\System32\OpenAL32.dll 2012-09-08 03:24:19 109144 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2012-09-08 03:17:01 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-08 03:17:01 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-08-31 18:19:35 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys 2012-08-31 02:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys 2012-08-31 02:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys 2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2012-08-28 14:05:04 4659712 ----a-w- C:\Windows\SysWow64\Redemption.dll 2012-08-24 18:13:17 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-08-24 18:09:34 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll 2012-08-24 18:05:03 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-08-24 18:04:18 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-08-24 18:03:09 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll 2012-08-24 16:57:40 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-08-24 16:57:40 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-08-24 16:57:37 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-08-24 16:53:35 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-08-23 14:13:11 243200 ----a-w- C:\Windows\System32\rdpudd.dll 2012-08-23 14:10:20 19456 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys 2012-08-23 14:07:35 57856 ----a-w- C:\Windows\System32\drivers\TsUsbFlt.sys 2012-08-23 13:47:20 46592 ----a-w- C:\Windows\SysWow64\MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:\Windows\SysWow64\wksprtPS.dll 2012-08-23 13:41:52 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-08-23 13:40:56 13312 ----a-w- C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-08-23 13:24:57 15360 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll 2012-08-23 13:20:40 54272 ----a-w- C:\Windows\System32\MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:\Windows\SysWow64\tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:\Windows\System32\wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:\Windows\System32\TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:\Windows\System32\tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:\Windows\System32\TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:\Windows\SysWow64\aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:\Windows\System32\wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:\Windows\SysWow64\rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:\Windows\System32\aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:\Windows\System32\rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:\Windows\SysWow64\mstsc.exe 2012-08-23 10:22:22 1123840 ----a-w- C:\Windows\System32\mstsc.exe 2012-08-23 09:51:57 3174912 ----a-w- C:\Windows\System32\rdpcorets.dll 2012-08-23 08:19:01 4916224 ----a-w- C:\Windows\SysWow64\mstscax.dll 2012-08-23 08:13:07 5773824 ----a-w- C:\Windows\System32\mstscax.dll 2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll . ============= FINISH: 17:53:51.42 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.