Jump to content

AnorexicElephant

Members
  • Posts

    3
  • Joined

  • Last visited

Everything posted by AnorexicElephant

  1. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_27 Run by Banana at 2:07:58 on 2011-08-28 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.2079 [GMT -7:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\SddSUpdate\SddSUpdate.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Electronic Arts\EADM\Core.exe C:\Program Files (x86)\Steam\Steam.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Ask.com\Updater\Updater.exe C:\Program Files (x86)\Winamp\winampa.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Common Files\Steam\SteamService.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\sppsvc.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\system32\wuauclt.exe C:\Users\Banana\Desktop\Games\RF Reactor\RF_Online.bin C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe C:\Windows\system32\wbem\wmiprvse.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local {0c746b92-6d88-4d67-a62b-f309235452d3} BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Avira SearchFree Toolbar plus WebGuard: {d4027c7f-154a-4066-a1ad-4243d8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) Trusted Zone: com.cn\*.cga Trusted Zone: ogdev.net Trusted Zone: sdo.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D7A5F328-CBFE-49C9-8AB3-775E6C12618F} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Avira SearchFree Toolbar plus WebGuard: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll BHO-X64: Ask Toolbar BHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: Avira SearchFree Toolbar plus WebGuard: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" mRun-x64: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Banana\AppData\Roaming\Mozilla\Firefox\Profiles\izl6jtru.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= FF - prefs.js: keyword.URL - www.google.com FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R2 SddSUpdate;SddSUpdate;C:\Program Files (x86)\SddSUpdate\SddSUpdate.exe [2011-1-29 331112] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-18 399416] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 GamingMsFltr;HP HDX Mouse;C:\Windows\system32\drivers\gamingms.sys --> C:\Windows\system32\drivers\gamingms.sys [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 Power32;Power ;C:\Windows\system32\mlang32.exe --> C:\Windows\system32\mlang32.exe [?] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2011-08-26 13:25:56 -------- d-----w- C:\Users\Banana\AppData\Local\AskToolbar 2011-08-26 08:58:59 -------- d-sh--w- C:\$RECYCLE.BIN 2011-08-26 03:14:53 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2011-08-26 03:09:18 -------- d-s---w- C:\ComboFix 2011-08-25 09:24:04 -------- d-----w- C:\Program Files (x86)\Winamp Detect 2011-08-25 09:24:01 -------- d-----w- C:\Program Files (x86)\Common Files\PX Storage Engine 2011-08-25 08:12:20 -------- d-----w- C:\Program Files (x86)\Ask.com 2011-08-23 15:53:29 -------- d-----w- C:\Program Files (x86)\eSupport.com 2011-08-23 14:38:16 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2011-08-23 14:38:16 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2011-08-23 14:38:16 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2011-08-23 14:36:17 -------- d-----w- C:\Program Files\iPod 2011-08-23 14:36:14 -------- d-----w- C:\Program Files\iTunes 2011-08-23 14:36:14 -------- d-----w- C:\Program Files (x86)\iTunes 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-08-23 14:34:05 -------- d-----w- C:\Program Files\Bonjour 2011-08-23 14:34:05 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-08-23 14:32:21 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll 2011-08-23 14:32:19 -------- d-----w- C:\Program Files (x86)\QuickTime Alternative 2011-08-23 14:18:24 -------- d-----w- C:\Users\Banana\AppData\Local\uTorrent 2011-08-23 13:18:10 -------- d-----w- C:\Users\Banana\AppData\Local\Secunia PSI 2011-08-23 13:17:13 -------- d-----w- C:\Program Files (x86)\Secunia 2011-08-23 13:11:24 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-08-23 13:11:24 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-08-23 13:08:18 -------- d-----w- C:\Program Files (x86)\ESET 2011-08-23 11:48:05 -------- d-----w- C:\Windows\pss 2011-08-23 02:20:28 -------- d-----w- C:\Users\Banana\AppData\Local\DDMSettings 2011-08-23 02:17:21 -------- d-----w- C:\Program Files\DivX 2011-08-23 02:17:07 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2011-08-23 02:14:55 -------- d-----w- C:\Program Files (x86)\DivX 2011-08-23 02:13:49 -------- d-----w- C:\ProgramData\DivX 2011-08-20 00:21:37 -------- d-----w- C:\Users\Banana\STAAR 2011-08-13 12:24:15 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 07:10:21 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry 2011-08-10 07:10:17 -------- d-----w- C:\Users\Banana\AppData\Roaming\Gmote 2011-08-10 07:09:49 -------- d-----w- C:\Program Files (x86)\GmoteServer 2011-08-05 09:31:13 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-08-05 09:30:52 244736 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2011-08-05 09:30:52 189952 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2011-08-05 09:30:46 2871808 ----a-w- C:\Windows\explorer.exe 2011-08-05 09:30:45 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-08-05 09:30:19 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-08-05 09:30:19 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-08-05 09:30:18 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-08-05 09:30:18 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-08-05 09:30:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-08-05 09:30:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-08-03 20:27:34 -------- d-----w- C:\AeriaGames 2011-08-02 21:06:54 -------- d-----w- C:\Users\Banana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-08-02 21:06:54 -------- d-----w- C:\Users\Banana\AppData\Roaming\Adobe Mini Bridge CS5 . ==================== Find3M ==================== . 2011-08-26 03:14:39 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-08-23 13:43:23 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-06 01:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-07-06 01:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 2:08:46.21 =============== MBAM.txt
  2. Oh! I actually was using the 2nd antivirus to do a one time scan just to see if the trojan would show up as well. I read that it was a little more thorough so I decided to try it to see. I ran MBAM right after I scanned with Antivir cause I neglected to uninstall it. I will post again after I have finished running another scan of MBAM. Thank you for your reply.
  3. I scanned and deleted the malware and partially solved the problem. I have not been redirected since the different scans I performed but the trojan still remains. From time to time, my anti-virus will also block activities from the IP 91.217.153.48 and 91.217.153.48.80. . DDS (Ver_2011-06-23.01) - NTFSAMD64 Internet Explorer: 8.0.7601.17514 Run by Banana at 6:01:38 on 2011-08-24 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1940 [GMT -7:00] . AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5} AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7} SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\SddSUpdate\SddSUpdate.exe C:\Program Files (x86)\Secunia\PSI\PSIA.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe C:\Program Files (x86)\AIM\aim.exe C:\Program Files (x86)\Electronic Arts\EADM\Core.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Secunia\PSI\psi_tray.exe C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\Secunia\PSI\sua.exe C:\Windows\system32\DllHost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Windows\system32\wuauclt.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\conhost.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\taskhost.exe C:\Users\Banana\Desktop\w4jkcoep.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\vssvc.exe C:\Windows\System32\svchost.exe -k swprv C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uInternet Settings,ProxyOverride = *.local {0c746b92-6d88-4d67-a62b-f309235452d3} BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL uRun: [Aim] "C:\Program Files (x86)\AIM\aim.exe" /d locale=en-US uRun: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\SECUNI~1.LNK - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) Trusted Zone: com.cn\*.cga Trusted Zone: ogdev.net Trusted Zone: sdo.com DPF: {99CAAA27-FA0C-4FA4-B88A-4AB1CC7A17FE} - hxxp://www.netgame.com/mplugin/mglaunch_USAv1005.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: DhcpNameServer = 192.168.2.1 TCP: Interfaces\{D7A5F328-CBFE-49C9-8AB3-775E6C12618F} : DhcpNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll BHO-X64: Increase performance and video formats for your HTML5 <video> - No File BHO-X64: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No File BHO-X64: WormRadar.com IESiteBlocker.NavFilter - No File BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime Alternative\QTTask.exe" -atboottime mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Banana\AppData\Roaming\Mozilla\Firefox\Profiles\izl6jtru.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.bing.com/search?FORM=BABTDF&PC=BBLN&q= FF - prefs.js: keyword.URL - www.google.com FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll FF - plugin: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npijjiautoinstallpluginff.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPMFireLauncher.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(network.protocol-handler.warn-external.dnupdate, false . ============= SERVICES / DRIVERS =============== . R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-8-24 136360] R2 AntiVirService;Avira AntiVir Guard;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-8-24 269480] R2 avgntflt;avgntflt;C:\Windows\system32\DRIVERS\avgntflt.sys --> C:\Windows\system32\DRIVERS\avgntflt.sys [?] R2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-29 735960] R2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys --> C:\Windows\system32\DRIVERS\epfwwfpr.sys [?] R2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2010-9-16 80896] R2 SddSUpdate;SddSUpdate;C:\Program Files (x86)\SddSUpdate\SddSUpdate.exe [2011-1-29 331112] R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2011-4-18 993848] R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2011-4-18 399416] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 GamingMsFltr;HP HDX Mouse;C:\Windows\system32\drivers\gamingms.sys --> C:\Windows\system32\drivers\gamingms.sys [?] R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 Power32;Power ;C:\Windows\system32\mlang32.exe --> C:\Windows\system32\mlang32.exe [?] S3 HTCAND64;HTC Device Driver;C:\Windows\system32\Drivers\ANDROIDUSB.sys --> C:\Windows\system32\Drivers\ANDROIDUSB.sys [?] S3 htcnprot;HTC NDIS Protocol Driver;C:\Windows\system32\DRIVERS\htcnprot.sys --> C:\Windows\system32\DRIVERS\htcnprot.sys [?] S3 npggsvc;nProtect GameGuard Service;C:\Windows\system32\GameMon.des -service --> C:\Windows\system32\GameMon.des -service [?] S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] . =============== Created Last 30 ================ . 2011-08-24 11:20:56 -------- d-----w- C:\Users\Banana\AppData\Roaming\Avira 2011-08-24 11:08:43 83120 ----a-w- C:\Windows\System32\drivers\avgntflt.sys 2011-08-24 11:08:42 -------- d-----w- C:\ProgramData\Avira 2011-08-24 11:08:42 -------- d-----w- C:\Program Files (x86)\Avira 2011-08-24 11:06:54 158720 ----a-w- C:\ProgramData\api-ms-win-core-errorhandling-l1-1-032.dll 2011-08-24 11:00:01 -------- d-----w- C:\$RECYCLE.BIN 2011-08-24 10:49:14 98816 ----a-w- C:\Windows\sed.exe 2011-08-24 10:49:14 518144 ----a-w- C:\Windows\SWREG.exe 2011-08-24 10:49:14 256000 ----a-w- C:\Windows\PEV.exe 2011-08-24 10:49:14 208896 ----a-w- C:\Windows\MBR.exe 2011-08-23 15:53:29 -------- d-----w- C:\Program Files (x86)\eSupport.com 2011-08-23 14:38:16 34152 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2011-08-23 14:38:16 126312 ----a-w- C:\Windows\System32\GEARAspi64.dll 2011-08-23 14:38:16 107368 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2011-08-23 14:36:17 -------- d-----w- C:\Program Files\iPod 2011-08-23 14:36:14 -------- d-----w- C:\Program Files\iTunes 2011-08-23 14:36:14 -------- d-----w- C:\Program Files (x86)\iTunes 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin5.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin4.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin3.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin2.dll 2011-08-23 14:34:51 159744 ----a-w- C:\Program Files (x86)\Internet Explorer\Plugins\npqtplugin.dll 2011-08-23 14:34:05 -------- d-----w- C:\Program Files\Bonjour 2011-08-23 14:34:05 -------- d-----w- C:\Program Files (x86)\Bonjour 2011-08-23 14:32:21 180224 ----a-w- C:\Windows\SysWow64\QTCF.dll 2011-08-23 14:32:19 -------- d-----w- C:\Program Files (x86)\QuickTime Alternative 2011-08-23 14:18:24 -------- d-----w- C:\Users\Banana\AppData\Local\uTorrent 2011-08-23 13:18:10 -------- d-----w- C:\Users\Banana\AppData\Local\Secunia PSI 2011-08-23 13:17:13 -------- d-----w- C:\Program Files (x86)\Secunia 2011-08-23 13:11:24 31232 ----a-w- C:\Windows\SysWow64\prevhost.exe 2011-08-23 13:11:24 31232 ----a-w- C:\Windows\System32\prevhost.exe 2011-08-23 13:08:18 -------- d-----w- C:\Program Files (x86)\ESET 2011-08-23 11:48:05 -------- d-----w- C:\Windows\pss 2011-08-23 02:20:28 -------- d-----w- C:\Users\Banana\AppData\Local\DDMSettings 2011-08-23 02:17:21 -------- d-----w- C:\Program Files\DivX 2011-08-23 02:17:07 -------- d-----w- C:\Program Files (x86)\Common Files\DivX Shared 2011-08-23 02:14:55 -------- d-----w- C:\Program Files (x86)\DivX 2011-08-23 02:13:49 -------- d-----w- C:\ProgramData\DivX 2011-08-20 00:21:37 -------- d-----w- C:\Users\Banana\STAAR 2011-08-13 12:24:15 94208 ----a-w- C:\Program Files (x86)\Common Files\System\Ole DB\msdaosp.dll 2011-08-10 07:10:21 -------- d--h--w- C:\Program Files (x86)\InstallJammer Registry 2011-08-10 07:10:17 -------- d-----w- C:\Users\Banana\AppData\Roaming\Gmote 2011-08-10 07:09:49 -------- d-----w- C:\Program Files (x86)\GmoteServer 2011-08-05 09:31:13 2315776 ----a-w- C:\Windows\System32\tquery.dll 2011-08-05 09:30:52 244736 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll 2011-08-05 09:30:52 189952 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll 2011-08-05 09:30:46 2871808 ----a-w- C:\Windows\explorer.exe 2011-08-05 09:30:45 2616320 ----a-w- C:\Windows\SysWow64\explorer.exe 2011-08-05 09:30:19 158208 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys 2011-08-05 09:30:19 128000 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys 2011-08-05 09:30:18 759296 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2011-08-05 09:30:18 1110528 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2011-08-05 09:30:01 870912 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2011-08-05 09:30:01 1465344 ----a-w- C:\Windows\System32\XpsPrint.dll 2011-08-03 20:27:34 -------- d-----w- C:\AeriaGames 2011-08-02 21:06:54 -------- d-----w- C:\Users\Banana\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 2011-08-02 21:06:54 -------- d-----w- C:\Users\Banana\AppData\Roaming\Adobe Mini Bridge CS5 2011-07-28 01:06:29 -------- d-----w- C:\Users\Banana\AppData\Roaming\KUAIYA_TITLE 2011-07-27 03:51:28 -------- d-----w- C:\ProgramData\Nexon 2011-07-26 14:01:55 -------- d-----w- C:\Program Files\?? 2011-07-26 10:05:32 -------- d-----w- C:\ProgramData\Electronic Arts 2011-07-26 10:01:58 -------- d-----w- C:\Program Files (x86)\Microsoft WSE . ==================== Find3M ==================== . 2011-08-23 13:43:23 404640 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2011-08-23 13:33:16 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2011-07-22 05:22:26 1638912 ----a-w- C:\Windows\System32\mshtml.tlb 2011-07-22 04:54:18 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2011-07-16 05:41:50 362496 ----a-w- C:\Windows\System32\wow64win.dll 2011-07-16 05:41:49 243200 ----a-w- C:\Windows\System32\wow64.dll 2011-07-16 05:41:49 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2011-07-16 05:39:10 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2011-07-16 05:37:12 421888 ----a-w- C:\Windows\System32\KernelBase.dll 2011-07-16 04:29:19 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2011-07-16 04:26:00 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2011-07-16 04:25:37 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2011-07-16 04:24:23 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2011-07-16 04:24:22 272384 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2011-07-16 02:21:44 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2011-07-16 02:21:41 2048 ----a-w- C:\Windows\SysWow64\user.exe 2011-07-16 02:17:19 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2011-07-16 02:17:19 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2011-07-16 02:17:19 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2011-07-16 02:17:19 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2011-07-12 18:34:00 96104 ----a-w- C:\Windows\System32\dns-sd.exe 2011-07-12 18:34:00 85864 ----a-w- C:\Windows\System32\dnssd.dll 2011-07-12 18:34:00 61288 ----a-w- C:\Windows\System32\jdns_sd.dll 2011-07-12 18:34:00 212840 ----a-w- C:\Windows\System32\dnssdX.dll 2011-07-12 18:20:54 83816 ----a-w- C:\Windows\SysWow64\dns-sd.exe 2011-07-12 18:20:54 73064 ----a-w- C:\Windows\SysWow64\dnssd.dll 2011-07-12 18:20:54 50536 ----a-w- C:\Windows\SysWow64\jdns_sd.dll 2011-07-12 18:20:54 178536 ----a-w- C:\Windows\SysWow64\dnssdX.dll 2011-07-09 02:46:28 288768 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys 2011-07-07 02:52:42 41272 ----a-w- C:\Windows\SysWow64\drivers\mbamswissarmy.sys 2011-07-07 02:52:42 25912 ----a-w- C:\Windows\System32\drivers\mbam.sys 2011-07-06 01:37:00 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx 2011-07-06 01:37:00 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts 2011-06-24 05:34:53 214528 ----a-w- C:\Windows\System32\winsrv.dll 2011-06-24 05:25:49 338432 ----a-w- C:\Windows\System32\conhost.exe 2011-06-23 05:43:12 5561216 ----a-w- C:\Windows\System32\ntoskrnl.exe 2011-06-23 04:33:57 3967872 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2011-06-23 04:33:57 3912576 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2011-06-21 06:34:00 1923968 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2011-06-21 06:20:53 1188864 ----a-w- C:\Windows\System32\wininet.dll 2011-06-21 05:28:33 981504 ----a-w- C:\Windows\SysWow64\wininet.dll 2011-06-15 10:02:23 212992 ----a-w- C:\Windows\System32\odbctrac.dll 2011-06-15 10:02:23 163840 ----a-w- C:\Windows\System32\odbccp32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccu32.dll 2011-06-15 10:02:23 106496 ----a-w- C:\Windows\System32\odbccr32.dll 2011-06-15 08:55:19 86016 ----a-w- C:\Windows\SysWow64\odbccu32.dll 2011-06-15 08:55:19 81920 ----a-w- C:\Windows\SysWow64\odbccr32.dll 2011-06-15 08:55:19 319488 ----a-w- C:\Windows\SysWow64\odbcjt32.dll 2011-06-15 08:55:19 163840 ----a-w- C:\Windows\SysWow64\odbctrac.dll 2011-06-15 08:55:19 122880 ----a-w- C:\Windows\SysWow64\odbccp32.dll 2011-06-11 03:07:25 3137536 ----a-w- C:\Windows\System32\win32k.sys . ============= FINISH: 6:01:52.73 =============== attach.rar
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.