Bwolbo

In the last several days Mbam has been blocking multiple attempts by svchost.exe to contact IPs at China telecom (WHOIS). Thinking I may have a rootkit, worm or trojan, I have taken the following actions. 1. I run Avast Antivirus and have all modes enabled and the program updated hourly. I do a full scan every night. 2. I have a paid copy of Malwarebytes have all protections enabled and run a full scan every night. 3. Windows defender is enabled and runs a full scan every night. 4. Windows 7 firewall is enabled. Also: I have run Hijackthis and see no unusual of unaccounted programs. GMER found nothing suspicious but NOTE GMER not fully operational on 64 bit Windows. Process Explorer--saw nothing unusual (not an expert) CurrPorts-googled all processes, seemed ok (not an expert) Ran Spybot and found only one bookmark issue--deleted MBAM log of today: 00:06:08 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe) 00:06:08 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe) 00:06:16 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe) 00:06:16 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe) 01:12:07 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe) 01:12:15 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe) 01:12:15 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe) 02:26:41 Barry Wolborsky MESSAGE IP Protection stopped 02:26:42 Barry Wolborsky MESSAGE Database updated successfully 02:26:42 Barry Wolborsky MESSAGE IP Protection started successfully 04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:18 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 06:18:18 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe) 07:00:00 Barry Wolborsky MESSAGE Scheduled scan executed successfully 08:46:02 Barry Wolborsky MESSAGE Scheduled update executed successfully 08:46:17 Barry Wolborsky MESSAGE IP Protection stopped 08:46:18 Barry Wolborsky MESSAGE Database updated successfully 08:46:19 Barry Wolborsky MESSAGE IP Protection started successfully 11:44:15 Barry Wolborsky MESSAGE IP Protection stopped 11:44:16 Barry Wolborsky MESSAGE Database updated successfully 11:44:16 Barry Wolborsky MESSAGE IP Protection started successfully 11:57:56 Barry Wolborsky IP-BLOCK 204.13.160.53 (Type: outgoing, Port: 57201, Process: avastsvc.exe) 11:57:56 Barry Wolborsky IP-BLOCK 204.13.160.53 (Type: outgoing, Port: 57202, Process: avastsvc.exe) 11:58:54 Barry Wolborsky MESSAGE Added 204.13.160.53 to ignore list 11:59:10 Barry Wolborsky MESSAGE IP Protection stopped 11:59:10 Barry Wolborsky MESSAGE IP Protection started successfully 12:44:36 Barry Wolborsky MESSAGE IP Protection stopped 12:44:36 Barry Wolborsky MESSAGE IP Protection started successfully DDS file: DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Barry Wolborsky at 14:54:06.21 on Thu 01/27/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.8719 [GMT -8:00] AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe C:\Windows\runservice.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe C:\Windows\system32\WUDFHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\nvvsvc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe C:\Windows\SysWOW64\Ctxfihlp.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\SearchIndexer.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\SysWOW64\CTXFISPI.EXE C:\Windows\system32\svchost.exe -k HPService C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Windows\explorer.exe C:\Windows\explorer.exe C:\Windows\explorer.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\SearchProtocolHost.exe C:\AA\Zips3\dds.com C:\Windows\system32\conhost.exe ============== Pseudo HJT Report =============== uSearch Bar = Preserve uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local mWinlogon: Userinit=userinit.exe, BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} - TB: ShareThis: {6a719530-8443-4898-9bc4-69e76b5f1c89} - C:\Program Files (x86)\ShareThis Toolbar\share2me.dll uRun: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe" mRun: [<NO NAME>] mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe mRun: [backupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe mRun: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe mRun: [updReg] C:\Windows\UpdReg.EXE mRun: [CTxfiHlp] CTXFIHLP.EXE mRun: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" dRun: [CtxfiReg] CTXFIREG.exe /FAIL1 StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IREBOO~1.LNK - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL Trusted Zone: intuit.com\ttlc Trusted Zone: turbotax.com DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://webmap.abbotsford.ca/webmap/AppRequirements/Acgm.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab TCP: {13B90567-45B3-4D32-9969-640F5FF5D878} = 10.177.0.34 10.166.71.132 Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll SEH: {16664848-0E00-11D2-8059-000000000000} - No File TB-X64: {17939A30-18E2-471E-9D3A-56DD725F1215} - No File TB-X64: {6A719530-8443-4898-9BC4-69E76B5F1C89} - No File mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" mRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" Hosts: 127.0.0.1 www.spywareinfo.com ================= FIREFOX =================== FF - ProfilePath - C:\Users\BARRYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\rcw2cnrm.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Users\Barry Wolborsky\AppData\Roaming\Mozilla\plugins\npPxPlay.dll FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8} ============= SERVICES / DRIVERS =============== R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-1-17 490064] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-1-17 273488] R2 AcronisAgent;Acronis Remote Agent Service;C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-11 1910664] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-1-17 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-1-17 62032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-17 40384] R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216] R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2009-1-19 2560] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-24 363344] R2 MMS;Acronis Managed Machine Service;C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [2010-10-11 4594864] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232] R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-29 230488] R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-29 1445976] R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-29 95320] R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-29 1622616] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-24 24152] R3 tmobile_mf691_cdc_acm;T-Mobile MF691 CDC-ACM driver;C:\Windows\System32\drivers\tmobile_mf691_cdc_acm.sys [2010-4-9 78336] R3 tmobile_mf691_dc_enum;T-Mobile MF691 DC Enumerator;C:\Windows\System32\drivers\tmobile_mf691_dc_enum.sys [2010-4-9 75776] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-6-11 118784] S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-1-7 79360] S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-1-7 79360] S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-29 230488] S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-29 1445976] S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-29 95320] S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2007-10-30 12744] S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-6-11 43032] S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-8-8 19936] S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-8-8 13280] S3 tmobile_mf691_cdc_ecm;tmobile_mf691_cdc_ecm;C:\Windows\System32\drivers\tmobile_mf691_cdc_ecm.sys [2010-4-9 88064] S3 tmobile_mf691_cpo;T-Mobile webConnect CPO device;C:\Windows\System32\drivers\tmobile_mf691_cpo.sys [2010-4-9 13824] S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-6-11 114688] S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2010-5-23 16384] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736] =============== Created Last 30 ================ 2011-01-27 10:04:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2011-01-27 10:04:00 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy 2011-01-27 09:47:33 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys 2011-01-27 09:23:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-01-27 09:23:34 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-01-27 03:16:59 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E5D95A73-8292-46C4-B418-CC5852A35677}\mpengine.dll 2011-01-27 03:14:27 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll 2011-01-27 03:14:27 720896 ----a-w- C:\Windows\System32\odbc32.dll 2011-01-27 03:14:27 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll 2011-01-27 03:14:27 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll 2011-01-27 03:14:27 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll 2011-01-27 03:14:27 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll 2011-01-27 03:14:27 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll 2011-01-27 03:14:27 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll 2011-01-27 03:14:27 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll 2011-01-27 03:14:27 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll 2011-01-25 06:52:31 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL 2011-01-18 07:21:00 490064 ----a-w- C:\Windows\System32\drivers\aswSnx.sys 2011-01-18 07:20:27 38848 ----a-w- C:\Windows\avastSS.scr 2011-01-18 07:20:04 -------- d-----w- C:\PROGRA~3\Alwil Software 2011-01-14 22:35:00 -------- d-----w- C:\Users\BARRYW~1\AppData\Roaming\WinBatch 2011-01-07 10:48:42 -------- d-----w- C:\Program Files\CCleaner ==================== Find3M ==================== 2011-01-27 03:24:08 7545 --sha-w- C:\Windows\SysWow64\mmf.sys 2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys 2010-12-21 02:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys 2010-11-21 02:43:30 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys 2010-11-21 02:38:35 278112 ----a-w- C:\Windows\System32\drivers\snapman.sys 2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll 2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll 2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll 2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec 2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec 2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll 2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll 2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll 2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll 2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe 2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe 2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll 2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll 2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe 2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe ============= FINISH: 14:54:29.15 =============== Attach_Gmer.ZIP