Jump to content

Calum

Members
 View Profile  See their activity

  • Posts

    1

  • Joined

  • Last visited

 Content Type 

Posts posted by Calum

    Am I Infected?

    in Resolved Malware Removal Logs

    Posted · Edited by Maurice Naggar

    Hello, I keep getting the following:

    2012/12/04 16:53:12 GMT CALUM-PC Calum IP-BLOCK 58.240.163.101 (Type: outgoing, Port: 57959, Process: svchost.exe)

    Is this bad or can I ignore it?

    Thanks for your help!

    The IP address belongs to a known Chinese spam mail server so my guess is that you are infected and you should follow the instructions here

    Done :)

    I read in other topics that I wasn't allowed uTorrent and to post logs directly into the post.

    attach

    .

    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

    IF REQUESTED, ZIP IT UP & ATTACH IT

    .

    DDS (Ver_2012-11-20.01)

    .

    Microsoft Windows 8 Pro

    Boot Device: \Device\HarddiskVolume4

    Install Date: 26/11/2012 21:37:29

    System Uptime: 28/11/2012 21:31:58 (141 hours ago)

    .

    Motherboard: Gigabyte Technology Co., Ltd. | | Z68XP-UD4

    Processor: Intel® Core i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz

    .

    ==== Disk Partitions =========================

    .

    C: is FIXED (NTFS) - 112 GiB total, 68.54 GiB free.

    D: is FIXED (NTFS) - 111 GiB total, 108.678 GiB free.

    E: is FIXED (NTFS) - 930 GiB total, 919.055 GiB free.

    G: is CDROM ()

    .

    ==== Disabled Device Manager Items =============

    .

    ==== System Restore Points ===================

    .

    RP1: 26/11/2012 23:25:17 - Installed Microsoft Office Home and Student 2010

    RP2: 01/12/2012 09:58:04 - Installed Adobe Reader XI.

    RP3: 02/12/2012 17:01:57 - Installed Java 7 Update 9 (64-bit)

    .

    ==== Installed Programs ======================

    .

    7-Zip 9.20 (x64 edition)

    Adobe Flash Player 11 Plugin

    Adobe Reader XI

    Amazon MP3 Downloader 1.0.17

    AMD Accelerated Video Transcoding

    AMD APP SDK Runtime

    AMD Catalyst Install Manager

    Anki

    Catalyst Control Center

    Catalyst Control Center - Branding

    Catalyst Control Center Graphics Previews Common

    Catalyst Control Center InstallProxy

    Catalyst Control Center Localization All

    ccc-utility64

    CCC Help Chinese Standard

    CCC Help Chinese Traditional

    CCC Help Czech

    CCC Help Danish

    CCC Help Dutch

    CCC Help English

    CCC Help Finnish

    CCC Help French

    CCC Help German

    CCC Help Greek

    CCC Help Hungarian

    CCC Help Italian

    CCC Help Japanese

    CCC Help Korean

    CCC Help Norwegian

    CCC Help Polish

    CCC Help Portuguese

    CCC Help Russian

    CCC Help Spanish

    CCC Help Swedish

    CCC Help Thai

    CCC Help Turkish

    Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

    Google Chrome

    Google Update Helper

    Intel® Processor Graphics

    Malwarebytes Anti-Malware version 1.65.1.1000

    Microsoft Mathematics Add-in (64-bit)

    Microsoft Office 2010 Service Pack 1 (SP1)

    Microsoft Office Access MUI (English) 2010

    Microsoft Office Access Setup Metadata MUI (English) 2010

    Microsoft Office Excel MUI (English) 2010

    Microsoft Office Home and Student 2010

    Microsoft Office Office 32-bit Components 2010

    Microsoft Office OneNote MUI (English) 2010

    Microsoft Office Outlook MUI (English) 2010

    Microsoft Office PowerPoint MUI (English) 2010

    Microsoft Office Proof (English) 2010

    Microsoft Office Proof (French) 2010

    Microsoft Office Proof (Spanish) 2010

    Microsoft Office Proofing (English) 2010

    Microsoft Office Publisher MUI (English) 2010

    Microsoft Office Shared 32-bit MUI (English) 2010

    Microsoft Office Shared MUI (English) 2010

    Microsoft Office Shared Setup Metadata MUI (English) 2010

    Microsoft Office Single Image 2010

    Microsoft Office Word MUI (English) 2010

    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

    Mozilla Firefox 17.0 (x86 en-US)

    Mozilla Maintenance Service

    Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition

    Security Update for Microsoft InfoPath 2010 (KB2687417) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553091)

    Security Update for Microsoft Office 2010 (KB2553096)

    Security Update for Microsoft Office 2010 (KB2553260) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2589322) 64-Bit Edition

    Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

    Security Update for Microsoft PowerPoint 2010 (KB2553185) 64-Bit Edition

    Security Update for Microsoft Visio Viewer 2010 (KB2598287) 64-Bit Edition

    Security Update for Microsoft Word 2010 (KB2553488) 64-Bit Edition

    Sublime Text 2.0.1

    Update for Microsoft Office 2010 (KB2553065)

    Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553272) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

    Update for Microsoft Office 2010 (KB2566458)

    Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition

    Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

    Update for Microsoft OneNote 2010 (KB2687277) 64-Bit Edition

    Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition

    Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

    Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition

    VLC media player 2.0.4

    .

    ==== Event Viewer Messages From Past Week ========

    .

    27/11/2012 01:05:46, Error: Microsoft-Windows-WMPNSS-Service [14353] - A media delivery engine with ID '0' was not initialised due to error '0x80070005' when adding the URL 'http://+:10243/WMPNSSv4/1287810425/'. Restart your computer, then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    27/11/2012 01:05:46, Error: Microsoft-Windows-WMPNSS-Service [14349] - A new media server was not initialised because the Windows Media Delivery Engine did not initialise due to error '0x80070005'. Restart your computer, then restart the WMPNetworkSvc service. If the problem persists, reinstall Windows Media Player if possible.

    03/12/2012 23:27:13, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    01/12/2012 16:22:51, Error: Schannel [36887] - A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

    .

    ==== End Of File =========================

    dds

    DDS (Ver_2012-11-20.01) - NTFS_AMD64

    Internet Explorer: 10.0.9200.16442

    Run by Calum at 18:52:47 on 2012-12-04

    Microsoft Windows 8 Pro 6.2.9200.0.1252.44.2057.18.16301.13697 [GMT 0:00]

    .

    AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    ============== Running Processes ===============

    .

    C:\WINDOWS\system32\svchost.exe -k DcomLaunch

    C:\WINDOWS\system32\svchost.exe -k RPCSS

    C:\WINDOWS\system32\atiesrxx.exe

    C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted

    C:\WINDOWS\system32\svchost.exe -k netsvcs

    C:\WINDOWS\system32\svchost.exe -k LocalService

    C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted

    C:\WINDOWS\system32\svchost.exe -k NetworkService

    C:\WINDOWS\System32\spoolsv.exe

    C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

    C:\WINDOWS\system32\svchost.exe -k imgsvc

    C:\Program Files\Windows Defender\MsMpEng.exe

    C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation

    C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

    C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\WINDOWS\System32\dwm.exe

    C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\taskhostex.exe

    C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe

    C:\Windows\System32\RuntimeBroker.exe

    C:\WINDOWS\system32\wwahost.exe

    C:\Windows\System32\igfxpers.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

    C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

    C:\WINDOWS\system32\atieclxx.exe

    C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

    C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE

    C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

    C:\Program Files (x86)\Mozilla Firefox\firefox.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

    C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\vssvc.exe

    C:\WINDOWS\System32\svchost.exe -k swprv

    C:\WINDOWS\system32\SearchProtocolHost.exe

    C:\WINDOWS\system32\SearchFilterHost.exe

    C:\WINDOWS\System32\cscript.exe

    .

    ============== Pseudo HJT Report ===============

    .

    mWinlogon: Userinit = userinit.exe

    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

    uRun: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED

    mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

    StartupFolder: C:\Users\Calum\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE

    IE: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Se&nd to OneNote - C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    TCP: NameServer = 194.168.4.100 194.168.8.100

    TCP: Interfaces\{3284CA4D-1C05-482F-AD55-506A3411AC6A} : DHCPNameServer = 194.168.4.100 194.168.8.100

    TCP: Interfaces\{DAA5DE5E-72FD-443E-BDDB-B9CF0C888463} : DHCPNameServer = 194.168.4.100 194.168.8.100

    Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    SSODL: WebCheck - <orphaned>

    x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

    x64-Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    x64-Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    x64-Run: [Persistence] C:\WINDOWS\System32\igfxpers.exe

    x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

    x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    x64-Notify: igfxcui - igfxdev.dll

    x64-SSODL: WebCheck - <orphaned>

    .

    ================= FIREFOX ===================

    .

    FF - ProfilePath - C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\

    FF - prefs.js: browser.search.selectedEngine - Bing

    FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

    FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

    FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

    FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll

    FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll

    FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll

    FF - ExtSQL: 2012-12-03 16:52; omnibar@ajitk.com; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\omnibar@ajitk.com.xpi

    FF - ExtSQL: 2012-12-03 16:53; {73a6fe31-595d-460b-a920-fcc0f8843232}; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

    FF - ExtSQL: 2012-12-03 16:55; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; C:\Users\Calum\AppData\Roaming\Mozilla\Firefox\Profiles\txu8b47a.default-1354553513147\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

    .

    ============= SERVICES / DRIVERS ===============

    .

    R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2012-10-18 239616]

    R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-26 399432]

    R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-26 676936]

    R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\Drivers\AtihdW86.sys [2012-8-21 91648]

    R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\Drivers\mbam.sys [2012-11-26 25928]

    R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE [2010-1-9 174440]

    R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\Drivers\Rt630x64.sys [2012-6-2 589824]

    S3 vmbusr;Virtual Machine Bus Provider;C:\WINDOWS\System32\Drivers\vmbusr.sys [2012-7-26 117248]

    S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\Drivers\WUDFRd.sys [2012-7-26 198656]

    S3 xusb22;Xbox 360 Wireless Receiver Driver Service 22;C:\WINDOWS\System32\Drivers\xusb22.sys [2012-7-26 89088]

    .

    =============== Created Last 30 ================

    .

    2012-12-04 18:46:13 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C112CEF5-8CA1-4D11-9B23-85FDA31458AC}\mpengine.dll

    2012-12-03 16:05:32 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll

    2012-12-03 14:01:54 -------- d-----w- C:\Program Files (x86)\xampp

    2012-12-02 17:02:51 -------- d-----w- C:\Users\Calum\AppData\Roaming\.minecraft

    2012-12-01 19:15:55 -------- d-----w- C:\WINDOWS\System32\appmgmt

    2012-12-01 19:08:53 916456 ----a-w- C:\WINDOWS\System32\deployJava1.dll

    2012-12-01 19:08:53 1034216 ----a-w- C:\WINDOWS\System32\npDeployJava1.dll

    2012-12-01 09:58:34 -------- d-----w- C:\Users\Calum\AppData\Local\Adobe

    2012-11-30 18:27:14 -------- d-----w- C:\Program Files (x86)\Amazon

    2012-11-27 21:38:01 405504 ----a-w- C:\WINDOWS\System32\pcasvc.dll

    2012-11-27 21:38:01 31232 ----a-w- C:\WINDOWS\System32\pcadm.dll

    2012-11-27 21:38:01 13312 ----a-w- C:\WINDOWS\System32\pcalua.exe

    2012-11-27 21:38:01 11776 ----a-w- C:\WINDOWS\System32\pcaevts.dll

    2012-11-27 16:03:04 -------- d-----w- C:\Users\Calum\AppData\Roaming\aacs

    2012-11-27 16:01:02 -------- d-----w- C:\Program Files\VideoLAN

    2012-11-27 15:26:26 -------- d-----w- C:\Program Files (x86)\VideoLAN

    2012-11-27 14:31:38 -------- d-----w- C:\Users\Calum\AppData\Local\Diagnostics

    2012-11-27 14:18:32 -------- d-----w- C:\ProgramData\AMD

    2012-11-27 14:18:32 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies

    2012-11-27 14:18:32 -------- d-----w- C:\Program Files (x86)\AMD AVT

    2012-11-27 14:18:30 -------- d-----w- C:\Program Files (x86)\AMD APP

    2012-11-27 14:18:03 -------- d-----w- C:\Program Files\ATI Technologies

    2012-11-27 14:18:01 -------- d-----w- C:\Program Files\ATI

    2012-11-27 14:17:28 -------- d-----w- C:\AMD

    2012-11-27 13:55:42 -------- d-----w- C:\Users\Calum\AppData\Local\ATI

    2012-11-27 13:55:00 114704 ----a-w- C:\WINDOWS\System32\drivers\AtihdW76.sys

    2012-11-27 13:54:52 462848 ----a-w- C:\WINDOWS\System32\ATIDEMGX.dll

    2012-11-27 13:54:13 -------- d-----w- C:\Program Files (x86)\ATI Technologies

    2012-11-27 13:49:12 -------- d-----w- C:\Program Files\Common Files\ATI Technologies

    2012-11-27 13:46:00 0 ----a-w- C:\WINDOWS\ativpsrm.bin

    2012-11-27 11:05:20 -------- d-----w- C:\Program Files (x86)\Anki

    2012-11-27 01:26:57 -------- d-----w- C:\Program Files\Microsoft Mathematics Add-in

    2012-11-27 01:24:10 5425496 ----a-w- C:\WINDOWS\System32\D3DX9_41.dll

    2012-11-27 01:24:10 4178264 ----a-w- C:\WINDOWS\SysWow64\D3DX9_41.dll

    2012-11-27 01:18:49 778856 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll

    2012-11-27 01:18:49 35400 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe

    2012-11-27 01:18:49 35400 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe

    2012-11-27 01:18:49 124040 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll

    2012-11-27 01:18:49 1166440 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll

    2012-11-27 01:18:49 102528 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll

    2012-11-27 01:07:49 80728 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl

    2012-11-27 01:07:49 695648 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe

    2012-11-27 01:02:36 -------- d-----r- C:\WINDOWS\BrowserChoice

    2012-11-27 00:59:34 11272192 ----a-w- C:\Program Files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

    2012-11-27 00:59:34 10768384 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll

    2012-11-27 00:55:51 279656 ------w- C:\WINDOWS\System32\MpSigStub.exe

    2012-11-27 00:50:59 80896 ----a-w- C:\WINDOWS\SysWow64\SettingSyncHost.exe

    2012-11-27 00:48:33 98304 ----a-w- C:\WINDOWS\System32\wudriver.dll

    2012-11-27 00:47:50 8856576 ----a-w- C:\WINDOWS\SysWow64\twinui.dll

    2012-11-26 23:28:51 -------- d-----w- C:\WINDOWS\PCHEALTH

    2012-11-26 23:26:21 -------- d-----w- C:\Program Files\Microsoft Analysis Services

    2012-11-26 23:26:21 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services

    2012-11-26 23:26:06 -------- d-----w- C:\Users\Calum\AppData\Local\Microsoft Help

    2012-11-26 23:25:42 -------- d-----w- C:\Users\Calum\AppData\Local\Google

    2012-11-26 22:45:07 -------- d-----w- C:\Users\Calum\AppData\Roaming\Sublime Text 2

    2012-11-26 22:43:07 -------- d-----w- C:\Program Files\Sublime Text 2

    2012-11-26 22:04:31 206528 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10186.bin

    2012-11-26 22:03:42 -------- d-----w- C:\Users\Calum\AppData\Local\Macromedia

    2012-11-26 21:52:13 -------- d-----w- C:\Intel

    2012-11-26 21:48:30 -------- d-----w- C:\Users\Calum\AppData\Local\Mozilla

    2012-11-26 21:48:00 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

    2012-11-26 21:46:15 -------- d-----w- C:\Users\Calum\AppData\Roaming\Malwarebytes

    2012-11-26 21:46:12 -------- d-----w- C:\ProgramData\Malwarebytes

    2012-11-26 21:46:11 25928 ----a-w- C:\WINDOWS\System32\drivers\mbam.sys

    2012-11-26 21:46:11 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

    2012-11-26 21:43:38 50784 ----a-w- C:\ProgramData\Microsoft\windowsfiltering\Sqm\Manifest\Sqm3.bin

    2012-11-26 21:43:37 18528 ----a-w- C:\ProgramData\Microsoft\windowssampling\Sqm\Manifest\Sqm2.bin

    2012-11-26 21:34:07 -------- d-----w- C:\WINDOWS\Panther

    2012-11-26 21:33:25 -------- d-sh--w- C:\Boot

    .

    ==================== Find3M ====================

    .

    2012-11-02 05:22:08 34304 ----a-w- C:\WINDOWS\SysWow64\wuapp.exe

    2012-11-02 05:21:44 83968 ----a-w- C:\WINDOWS\SysWow64\wudriver.dll

    2012-11-02 05:21:44 125952 ----a-w- C:\WINDOWS\SysWow64\wuwebv.dll

    2012-11-02 05:21:28 246784 ----a-w- C:\WINDOWS\SysWow64\ubpm.dll

    2012-11-02 05:20:31 39424 ----a-w- C:\WINDOWS\System32\wuapp.exe

    2012-11-02 05:20:28 77824 ----a-w- C:\WINDOWS\System32\taskhost.exe

    2012-11-02 05:20:28 72192 ----a-w- C:\WINDOWS\System32\taskhostex.exe

    2012-11-02 05:20:10 141824 ----a-w- C:\WINDOWS\System32\wuwebv.dll

    2012-11-02 05:20:09 251904 ----a-w- C:\WINDOWS\System32\WUSettingsProvider.dll

    2012-11-02 05:20:09 17408 ----a-w- C:\WINDOWS\System32\wuaext.dll

    2012-11-02 05:20:09 1619968 ----a-w- C:\WINDOWS\System32\wucltux.dll

    2012-11-02 05:19:50 318464 ----a-w- C:\WINDOWS\System32\ubpm.dll

    2012-11-02 05:01:27 99328 ----a-w- C:\WINDOWS\System32\wushareduxresources.dll

    2012-11-02 04:55:32 212992 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb20.sys

    2012-11-02 04:53:13 366080 ----a-w- C:\WINDOWS\System32\drivers\mrxsmb.sys

    2012-10-29 05:04:47 522640 ----a-w- C:\WINDOWS\System32\AUDIOKSE.dll

    2012-10-29 05:04:47 490064 ----a-w- C:\WINDOWS\System32\AudioEng.dll

    2012-10-29 05:04:47 447792 ----a-w- C:\WINDOWS\System32\AudioSes.dll

    2012-10-29 05:04:47 253512 ----a-w- C:\WINDOWS\System32\audiodg.exe

    2012-10-29 03:21:53 1526784 ----a-w- C:\WINDOWS\System32\mfcore.dll

    2012-10-29 03:21:21 267264 ----a-w- C:\WINDOWS\System32\EncDump.dll

    2012-10-29 03:20:49 785920 ----a-w- C:\WINDOWS\System32\audiosrv.dll

    2012-10-29 03:20:49 169472 ----a-w- C:\WINDOWS\System32\AudioEndpointBuilder.dll

    2012-10-29 03:19:08 463768 ----a-w- C:\WINDOWS\SysWow64\AUDIOKSE.dll

    2012-10-29 03:19:08 427568 ----a-w- C:\WINDOWS\SysWow64\AudioEng.dll

    2012-10-29 03:19:08 324344 ----a-w- C:\WINDOWS\SysWow64\AudioSes.dll

    2012-10-29 02:46:23 1451520 ----a-w- C:\WINDOWS\SysWow64\mfcore.dll

    2012-10-24 04:54:06 6972136 ----a-w- C:\WINDOWS\System32\ntoskrnl.exe

    2012-10-24 03:25:41 26624 ----a-w- C:\WINDOWS\System32\ReAgentc.exe

    2012-10-24 03:24:42 439296 ----a-w- C:\WINDOWS\System32\ReAgent.dll

    2012-10-24 03:06:12 2706432 ----a-w- C:\WINDOWS\System32\mshtml.tlb

    2012-10-24 02:48:12 24064 ----a-w- C:\WINDOWS\SysWow64\ReAgentc.exe

    2012-10-24 02:47:29 371712 ----a-w- C:\WINDOWS\SysWow64\ReAgent.dll

    2012-10-24 02:27:01 2706432 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb

    2012-10-20 03:22:05 39936 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll

    2012-10-20 02:44:53 431104 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll

    2012-10-20 02:25:35 310784 ----a-w- C:\WINDOWS\apppatch\AcRes.dll

    2012-10-19 04:59:28 4056576 ----a-w- C:\WINDOWS\System32\win32k.sys

    2012-10-18 06:17:18 69864 ----a-w- C:\WINDOWS\System32\drivers\pdc.sys

    2012-10-18 03:20:46 10096640 ----a-w- C:\WINDOWS\System32\twinui.dll

    2012-10-18 03:18:40 2302464 ----a-w- C:\WINDOWS\System32\authui.dll

    2012-10-18 03:18:33 2146816 ----a-w- C:\WINDOWS\System32\actxprxy.dll

    2012-10-18 02:44:38 2033664 ----a-w- C:\WINDOWS\SysWow64\authui.dll

    2012-10-18 02:44:33 753664 ----a-w- C:\WINDOWS\SysWow64\actxprxy.dll

    2012-10-17 04:32:52 1172992 ----a-w- C:\WINDOWS\System32\mfnetsrc.dll

    2012-10-17 04:32:51 677888 ----a-w- C:\WINDOWS\System32\mfnetcore.dll

    2012-10-17 04:32:51 673280 ----a-w- C:\WINDOWS\System32\mfmpeg2srcsnk.dll

    2012-10-17 04:32:50 1048064 ----a-w- C:\WINDOWS\System32\mfasfsrcsnk.dll

    2012-10-17 03:57:37 929792 ----a-w- C:\WINDOWS\SysWow64\mfnetsrc.dll

    2012-10-17 03:57:37 568832 ----a-w- C:\WINDOWS\SysWow64\mfnetcore.dll

    2012-10-17 03:57:37 513024 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll

    2012-10-17 03:57:36 850944 ----a-w- C:\WINDOWS\SysWow64\mfasfsrcsnk.dll

    2012-10-12 08:08:01 27880 ----a-w- C:\WINDOWS\System32\drivers\rdpvideominiport.sys

    2012-10-12 06:14:54 87040 ----a-w- C:\WINDOWS\System32\srmtrace.dll

    2012-10-12 06:14:54 652800 ----a-w- C:\WINDOWS\System32\srmscan.dll

    2012-10-12 06:14:54 30720 ----a-w- C:\WINDOWS\System32\srm_ps.dll

    2012-10-12 06:14:54 279040 ----a-w- C:\WINDOWS\System32\srm.dll

    2012-10-12 06:14:54 274432 ----a-w- C:\WINDOWS\System32\srmstormod.dll

    2012-10-12 06:14:54 172032 ----a-w- C:\WINDOWS\System32\srmshell.dll

    2012-10-12 06:14:54 1347072 ----a-w- C:\WINDOWS\System32\srmclient.dll

    2012-10-12 06:14:54 134144 ----a-w- C:\WINDOWS\System32\adrclient.dll

    2012-10-12 06:14:40 36352 ----a-w- C:\WINDOWS\System32\rfxvmt.dll

    2012-10-12 06:14:39 3244032 ----a-w- C:\WINDOWS\System32\rdpcorets.dll

    2012-10-12 06:14:34 115712 ----a-w- C:\WINDOWS\System32\wbem\PolicMan.dll

    2012-10-12 06:13:32 109568 ----a-w- C:\WINDOWS\System32\dskquota.dll

    2012-10-12 05:50:01 235520 ----a-w- C:\WINDOWS\System32\rdpudd.dll

    2012-10-12 05:46:28 618496 ----a-w- C:\WINDOWS\System32\drivers\srv2.sys

    2012-10-12 05:41:02 987648 ----a-w- C:\WINDOWS\SysWow64\srmclient.dll

    2012-10-12 05:41:02 68096 ----a-w- C:\WINDOWS\SysWow64\srmtrace.dll

    2012-10-12 05:41:02 487936 ----a-w- C:\WINDOWS\SysWow64\srmscan.dll

    2012-10-12 05:41:02 278528 ----a-w- C:\WINDOWS\SysWow64\srm.dll

    2012-10-12 05:41:02 202240 ----a-w- C:\WINDOWS\SysWow64\srmstormod.dll

    2012-10-12 05:41:02 15872 ----a-w- C:\WINDOWS\SysWow64\srm_ps.dll

    2012-10-12 05:41:02 128000 ----a-w- C:\WINDOWS\SysWow64\srmshell.dll

    2012-10-12 05:41:02 104448 ----a-w- C:\WINDOWS\SysWow64\adrclient.dll

    2012-10-12 05:40:49 84992 ----a-w- C:\WINDOWS\SysWow64\wbem\PolicMan.dll

    2012-10-12 05:39:54 82944 ----a-w- C:\WINDOWS\SysWow64\dskquota.dll

    2012-10-11 07:47:18 793200 ----a-w- C:\WINDOWS\System32\mfplat.dll

    2012-10-11 07:35:16 2380944 ----a-w- C:\WINDOWS\explorer.exe

    2012-10-11 07:26:44 336104 ----a-w- C:\WINDOWS\System32\drivers\Classpnp.sys

    2012-10-11 07:25:48 56552 ----a-w- C:\WINDOWS\System32\drivers\sdstor.sys

    2012-10-11 07:23:33 1001192 ----a-w- C:\WINDOWS\System32\drivers\ndis.sys

    2012-10-11 07:23:32 441576 ----a-w- C:\WINDOWS\System32\drivers\netio.sys

    2012-10-11 07:18:25 172264 ----a-w- C:\WINDOWS\System32\drivers\ksecpkg.sys

    2012-10-11 07:16:20 1403784 ----a-w- C:\WINDOWS\System32\winload.efi

    2012-10-11 07:16:20 1267424 ----a-w- C:\WINDOWS\System32\winload.exe

    2012-10-11 07:16:20 1217328 ----a-w- C:\WINDOWS\System32\winresume.efi

    2012-10-11 07:16:19 1093880 ----a-w- C:\WINDOWS\System32\winresume.exe

    2012-10-11 07:13:54 194280 ----a-w- C:\WINDOWS\System32\drivers\sdbus.sys

    2012-10-11 07:13:51 124648 ----a-w- C:\WINDOWS\System32\drivers\dumpsd.sys

    2012-10-11 07:13:49 58088 ----a-w- C:\WINDOWS\System32\drivers\dam.sys

    2012-10-11 07:13:37 33512 ----a-w- C:\WINDOWS\System32\drivers\battc.sys

    2012-10-11 07:08:41 562392 ----a-w- C:\WINDOWS\System32\drivers\cng.sys

    2012-10-11 07:02:27 1636672 ----a-w- C:\WINDOWS\System32\WMALFXGFXDSP.dll

    2012-10-11 07:01:47 503080 ----a-w- C:\WINDOWS\System32\ci.dll

    2012-10-11 05:56:41 2115952 ----a-w- C:\WINDOWS\SysWow64\explorer.exe

    2012-10-11 05:45:58 907776 ----a-w- C:\WINDOWS\System32\uxtheme.dll

    2012-10-11 05:45:58 53760 ----a-w- C:\WINDOWS\System32\UXInit.dll

    2012-10-11 05:45:58 1045504 ----a-w- C:\WINDOWS\System32\usercpl.dll

    2012-10-11 05:45:53 3554304 ----a-w- C:\WINDOWS\System32\tquery.dll

    .

    ============= FINISH: 18:52:52.77 ===============

    </orphaned></orphaned>

    attach.txt

    dds.txt

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.