Jump to content

Recommended Posts

In the last several days Mbam has been blocking multiple attempts by svchost.exe to contact IPs at China telecom (WHOIS).

Thinking I may have a rootkit, worm or trojan, I have taken the following actions.

1. I run Avast Antivirus and have all modes enabled and the program updated hourly. I do a full scan every night.

2. I have a paid copy of Malwarebytes have all protections enabled and run a full scan every night.

3. Windows defender is enabled and runs a full scan every night.

4. Windows 7 firewall is enabled.

Also:

I have run Hijackthis and see no unusual of unaccounted programs.

GMER found nothing suspicious but NOTE GMER not fully operational on 64 bit Windows.

Process Explorer--saw nothing unusual (not an expert)

CurrPorts-googled all processes, seemed ok (not an expert)

Ran Spybot and found only one bookmark issue--deleted

MBAM log of today:

00:06:08 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe)

00:06:08 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe)

00:06:16 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe)

00:06:16 Barry Wolborsky IP-BLOCK 222.68.164.222 (Type: outgoing, Port: 60820, Process: svchost.exe)

01:12:07 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe)

01:12:15 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe)

01:12:15 Barry Wolborsky IP-BLOCK 219.153.141.28 (Type: outgoing, Port: 60820, Process: svchost.exe)

02:26:41 Barry Wolborsky MESSAGE IP Protection stopped

02:26:42 Barry Wolborsky MESSAGE Database updated successfully

02:26:42 Barry Wolborsky MESSAGE IP Protection started successfully

04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

04:07:21 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

04:07:30 Barry Wolborsky IP-BLOCK 222.76.235.121 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:10 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:18 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

06:18:18 Barry Wolborsky IP-BLOCK 222.65.114.114 (Type: outgoing, Port: 60820, Process: svchost.exe)

07:00:00 Barry Wolborsky MESSAGE Scheduled scan executed successfully

08:46:02 Barry Wolborsky MESSAGE Scheduled update executed successfully

08:46:17 Barry Wolborsky MESSAGE IP Protection stopped

08:46:18 Barry Wolborsky MESSAGE Database updated successfully

08:46:19 Barry Wolborsky MESSAGE IP Protection started successfully

11:44:15 Barry Wolborsky MESSAGE IP Protection stopped

11:44:16 Barry Wolborsky MESSAGE Database updated successfully

11:44:16 Barry Wolborsky MESSAGE IP Protection started successfully

11:57:56 Barry Wolborsky IP-BLOCK 204.13.160.53 (Type: outgoing, Port: 57201, Process: avastsvc.exe)

11:57:56 Barry Wolborsky IP-BLOCK 204.13.160.53 (Type: outgoing, Port: 57202, Process: avastsvc.exe)

11:58:54 Barry Wolborsky MESSAGE Added 204.13.160.53 to ignore list

11:59:10 Barry Wolborsky MESSAGE IP Protection stopped

11:59:10 Barry Wolborsky MESSAGE IP Protection started successfully

12:44:36 Barry Wolborsky MESSAGE IP Protection stopped

12:44:36 Barry Wolborsky MESSAGE IP Protection started successfully

DDS file:

DDS (Ver_10-12-12.02) - NTFS_AMD64

Run by Barry Wolborsky at 14:54:06.21 on Thu 01/27/2011

Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23

Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.12279.8719 [GMT -8:00]

AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}

SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files (x86)\APC\APC PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe

C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe

C:\Windows\runservice.exe

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe

C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe

C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe

C:\Windows\SysWOW64\Ctxfihlp.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe

C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe

C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\SysWOW64\CTXFISPI.EXE

C:\Windows\system32\svchost.exe -k HPService

C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\AA\Zips3\dds.com

C:\Windows\system32\conhost.exe

============== Pseudo HJT Report ===============

uSearch Bar = Preserve

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

mWinlogon: Userinit=userinit.exe,

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

TB: ReGet Bar: {17939a30-18e2-471e-9d3a-56dd725f1215} -

TB: ShareThis: {6a719530-8443-4898-9bc4-69e76b5f1c89} - C:\Program Files (x86)\ShareThis Toolbar\share2me.dll

uRun: [PxDotNetLoader] "C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\ATPStartupAssistant.exe"

mRun: [<NO NAME>]

mRun: [AcronisTimounterMonitor] C:\Program Files (x86)\Common Files\Acronis\Timounter\TimounterMonitor.exe

mRun: [backupAndRecoveryMonitor.exe] C:\Program Files (x86)\Acronis\BackupAndRecovery\BackupAndRecoveryMonitor.exe

mRun: [TrayMonitor.exe] C:\Program Files (x86)\Acronis\TrayMonitor\TrayMonitor.exe

mRun: [updReg] C:\Windows\UpdReg.EXE

mRun: [CTxfiHlp] CTXFIHLP.EXE

mRun: [T-Mobile webConnect Manager] "C:\Program Files (x86)\T-Mobile\webConnect Manager\TMobileCM.exe" -a

mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

dRun: [CtxfiReg] CTXFIREG.exe /FAIL1

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\APC PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\IREBOO~1.LNK - C:\Program Files (x86)\NeoSmart Technologies\iReboot\iReboot.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe

mPolicies-explorer: NoActiveDesktop = 1 (0x1)

mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableLUA = 0 (0x0)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

mPolicies-system: PromptOnSecureDesktop = 0 (0x0)

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CB50428B-657F-47DF-9B32-671F82AA73F7} - hxxp://www.photodex.com/pxplay.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

DPF: {F5D98C43-DB16-11CF-8ECA-0000C0FD59C7} - hxxp://webmap.abbotsford.ca/webmap/AppRequirements/Acgm.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15112/CTPID.cab

TCP: {13B90567-45B3-4D32-9969-640F5FF5D878} = 10.177.0.34 10.166.71.132

Handler: x-atng - {7e8717b0-d862-11d5-8c9e-00010304f989} - C:\Program Files (x86)\Fidelity Investments\Fidelity Active Trader\System\atngprot.dll

SEH: {16664848-0E00-11D2-8059-000000000000} - No File

TB-X64: {17939A30-18E2-471E-9D3A-56DD725F1215} - No File

TB-X64: {6A719530-8443-4898-9BC4-69E76B5F1C89} - No File

mRun-x64: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE

mRun-x64: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"

mRun-x64: [iAAnotif] "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - C:\Users\BARRYW~1\AppData\Roaming\Mozilla\Firefox\Profiles\rcw2cnrm.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Users\Barry Wolborsky\AppData\Roaming\Mozilla\plugins\npPxPlay.dll

FF - plugin: C:\Windows\system32\Wat\npWatWeb.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}

FF - Ext: DownThemAll!: {DDC359D1-844A-42a7-9AA1-88A850A938A8} - %profile%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

============= SERVICES / DRIVERS ===============

R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2011-1-17 490064]

R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2009-1-17 273488]

R2 AcronisAgent;Acronis Remote Agent Service;C:\Program Files (x86)\Common Files\Acronis\Agent\agent.exe [2010-10-11 1910664]

R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2009-1-17 20560]

R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2009-1-17 62032]

R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-17 40384]

R2 iReboot;iReboot Background Service;C:\Program Files (x86)\NeoSmart Technologies\iReboot\iRebootd.exe [2008-4-27 9216]

R2 LicCtrlService;LicCtrl Service;C:\Windows\Runservice.exe [2009-1-19 2560]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2010-12-24 363344]

R2 MMS;Acronis Managed Machine Service;C:\Program Files (x86)\Acronis\BackupAndRecovery\mms.exe [2010-10-11 4594864]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-6-7 240232]

R3 CT20XUT.SYS;CT20XUT.SYS;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-29 230488]

R3 CTEXFIFX.SYS;CTEXFIFX.SYS;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-29 1445976]

R3 CTHWIUT.SYS;CTHWIUT.SYS;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-29 95320]

R3 ha20x22k;Creative 20X2 HAL Driver;C:\Windows\System32\drivers\ha20x22k.sys [2009-7-29 1622616]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-12-24 24152]

R3 tmobile_mf691_cdc_acm;T-Mobile MF691 CDC-ACM driver;C:\Windows\System32\drivers\tmobile_mf691_cdc_acm.sys [2010-4-9 78336]

R3 tmobile_mf691_dc_enum;T-Mobile MF691 DC Enumerator;C:\Windows\System32\drivers\tmobile_mf691_dc_enum.sys [2010-4-9 75776]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 CATmobile;T-Mobile Con App Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\conappssvc.exe [2010-6-11 118784]

S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2009-1-7 79360]

S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2009-1-7 79360]

S3 CT20XUT;CT20XUT;C:\Windows\System32\drivers\CT20XUT.sys [2009-7-29 230488]

S3 CTEXFIFX;CTEXFIFX;C:\Windows\System32\drivers\CTEXFIFX.sys [2009-7-29 1445976]

S3 CTHWIUT;CTHWIUT;C:\Windows\System32\drivers\CTHWIUT.sys [2009-7-29 95320]

S3 ENTECH64;ENTECH64;C:\Windows\System32\drivers\Entech64.sys [2007-10-30 12744]

S3 PCTINDIS5X64;PCTINDIS5X64 NDIS Protocol Driver;C:\Windows\System32\PCTINDIS5X64.sys [2010-6-11 43032]

S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-8-8 19936]

S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-8-8 13280]

S3 tmobile_mf691_cdc_ecm;tmobile_mf691_cdc_ecm;C:\Windows\System32\drivers\tmobile_mf691_cdc_ecm.sys [2010-4-9 88064]

S3 tmobile_mf691_cpo;T-Mobile webConnect CPO device;C:\Windows\System32\drivers\tmobile_mf691_cpo.sys [2010-4-9 13824]

S3 TMobileRcAppSvc;T-Mobile RcApp Svc;C:\Program Files (x86)\T-Mobile\webConnect Manager\RcAppSvc.exe [2010-6-11 114688]

S3 vpcuxd;USB Virtualization Stub Service;C:\Windows\System32\drivers\vpcuxd.sys [2010-5-23 16384]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-5-23 1255736]

=============== Created Last 30 ================

2011-01-27 10:04:00 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy

2011-01-27 10:04:00 -------- d-----w- C:\PROGRA~3\Spybot - Search & Destroy

2011-01-27 09:47:33 34560 ----a-w- C:\Windows\SysWow64\drivers\Normandy.sys

2011-01-27 09:23:34 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll

2011-01-27 09:23:34 472808 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll

2011-01-27 03:16:59 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{E5D95A73-8292-46C4-B418-CC5852A35677}\mpengine.dll

2011-01-27 03:14:27 987136 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll

2011-01-27 03:14:27 720896 ----a-w- C:\Windows\System32\odbc32.dll

2011-01-27 03:14:27 573440 ----a-w- C:\Windows\SysWow64\odbc32.dll

2011-01-27 03:14:27 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll

2011-01-27 03:14:27 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll

2011-01-27 03:14:27 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll

2011-01-27 03:14:27 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll

2011-01-27 03:14:27 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll

2011-01-27 03:14:27 208896 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll

2011-01-27 03:14:27 1425408 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll

2011-01-25 06:52:31 101376 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\HPZPPWN7.DLL

2011-01-18 07:21:00 490064 ----a-w- C:\Windows\System32\drivers\aswSnx.sys

2011-01-18 07:20:27 38848 ----a-w- C:\Windows\avastSS.scr

2011-01-18 07:20:04 -------- d-----w- C:\PROGRA~3\Alwil Software

2011-01-14 22:35:00 -------- d-----w- C:\Users\BARRYW~1\AppData\Roaming\WinBatch

2011-01-07 10:48:42 -------- d-----w- C:\Program Files\CCleaner

==================== Find3M ====================

2011-01-27 03:24:08 7545 --sha-w- C:\Windows\SysWow64\mmf.sys

2011-01-13 08:37:23 62032 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys

2010-12-21 02:08:40 24152 ----a-w- C:\Windows\System32\drivers\mbam.sys

2010-11-21 02:43:30 971360 ----a-w- C:\Windows\System32\drivers\timntr.sys

2010-11-21 02:38:35 278112 ----a-w- C:\Windows\System32\drivers\snapman.sys

2010-11-04 06:35:53 1194496 ----a-w- C:\Windows\System32\wininet.dll

2010-11-04 06:31:34 57856 ----a-w- C:\Windows\System32\licmgr10.dll

2010-11-04 05:52:17 978944 ----a-w- C:\Windows\SysWow64\wininet.dll

2010-11-04 05:48:36 44544 ----a-w- C:\Windows\SysWow64\licmgr10.dll

2010-11-04 05:16:14 482816 ----a-w- C:\Windows\System32\html.iec

2010-11-04 04:41:26 386048 ----a-w- C:\Windows\SysWow64\html.iec

2010-11-04 04:35:37 1638912 ----a-w- C:\Windows\System32\mshtml.tlb

2010-11-04 04:08:54 1638912 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2010-11-02 05:18:17 524288 ----a-w- C:\Windows\System32\wmicmiplugin.dll

2010-11-02 05:17:38 473600 ----a-w- C:\Windows\System32\taskcomp.dll

2010-11-02 05:17:38 1169408 ----a-w- C:\Windows\System32\taskschd.dll

2010-11-02 05:16:53 1114624 ----a-w- C:\Windows\System32\schedsvc.dll

2010-11-02 05:10:47 464384 ----a-w- C:\Windows\System32\taskeng.exe

2010-11-02 05:10:32 285696 ----a-w- C:\Windows\System32\schtasks.exe

2010-11-02 04:40:36 496128 ----a-w- C:\Windows\SysWow64\taskschd.dll

2010-11-02 04:40:36 305152 ----a-w- C:\Windows\SysWow64\taskcomp.dll

2010-11-02 04:34:44 192000 ----a-w- C:\Windows\SysWow64\taskeng.exe

2010-11-02 04:34:33 179712 ----a-w- C:\Windows\SysWow64\schtasks.exe

============= FINISH: 14:54:29.15 ===============

Attach_Gmer.ZIP

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.