Jump to content

Security Protection - Can't get rid of it!


Recommended Posts

OK, so I'm not even sure how or when I got infected, but two days ago I had a pop up of "Security Protection". I tried a system restore to no avail. I booted to safe mode, ran Malwarebytes and deleted like 16 files. I rebooted and I got a pop up from malwarebytes IP Blocked 208.xxx.xxx.xxx (not sure) svchost.exe and then a blue screen. I reboot, and now Security Protection is back. Back to safe mode - and Malwarebytes detects more infected files...

Logs -

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7494

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/17/2011 8:40:07 PM

mbam-log-2011-08-17 (20-40-07).txt

Scan type: Quick scan

Objects scanned: 164343

Time elapsed: 2 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 14

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kximuneburi (Trojan.Hiloti) -> Value: Kximuneburi -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.038495194601316784.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.15650728480928044.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.1844032401464989.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\2ED3.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\4D7C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\4F20.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\jar_cache7106412428970004528.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\srv1A8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\oxx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\application data\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\application data\oxx.exe (Trojan.Agent) -> Quarantined and deleted successfully.

c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Second Scan -

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7494

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/17/2011 10:18:25 PM

mbam-log-2011-08-17 (22-18-25).txt

Scan type: Full scan (C:\|)

Objects scanned: 289423

Time elapsed: 27 minute(s), 10 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 2

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 9

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\gA01602KhDgC01602 (Trojan.FakeAlert) -> Value: gA01602KhDgC01602 -> Quarantined and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\programdata\ga01602khdgc01602\ga01602khdgc01602.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\LocalLow\Sun\Java\deployment\cache\6.0\62\45c923be-6fbbe832 (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\plugs\mmc232.exe (VirTool.Obfuscator) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.053151268680833086.exe (Trojan.Ransom.Gen) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.5753256391106913.exe (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\7898.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\jar_cache8530220809430180293.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Roaming\Adobe\shed\thr1.chm (Malware.Trace) -> Quarantined and deleted successfully.

Third Scan -

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7502

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/18/2011 7:21:35 PM

mbam-log-2011-08-18 (19-21-35).txt

Scan type: Full scan (C:\|)

Objects scanned: 289371

Time elapsed: 28 minute(s), 1 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 2

Registry Keys Infected: 0

Registry Values Infected: 3

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\ima027.dll (Trojan.Hiloti) -> Delete on reboot.

c:\Windows\System32\config\systemprofile\AppData\Local\ubufivuta.dll (IPH.Trojan.Hiloti.7B) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kximuneburi (Trojan.Hiloti) -> Value: Kximuneburi -> Delete on reboot.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Rjoxizuxa (IPH.Trojan.Hiloti.7B) -> Value: Rjoxizuxa -> Delete on reboot.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Security Protection (Trojan.FakeAlert) -> Value: Security Protection -> Quarantined and deleted successfully.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\AppData\Local\ubufivuta.dll (IPH.Trojan.Hiloti.7B) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.7354424438864159.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.7785120250179365.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\19C6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\695C.tmp (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.

c:\Windows\Temp\B7E2.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.

c:\Windows\Temp\srv4DC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\Windows\Temp\srv5BC.tmp (Trojan.Agent) -> Quarantined and deleted successfully.

c:\programdata\defender.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.62959696463532.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

4th Scan -

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7502

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/18/2011 8:02:41 PM

mbam-log-2011-08-18 (20-02-41).txt

Scan type: Quick scan

Objects scanned: 167468

Time elapsed: 1 minute(s), 37 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 1

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 4

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\ima027.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Kximuneburi (Trojan.Hiloti) -> Value: Kximuneburi -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

c:\Windows\System32\config\systemprofile\AppData\Local\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\Temp\0.9916966340127285.exe (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

c:\Windows\System32\config\systemprofile\local settings\application data\ima027.dll (Trojan.Hiloti) -> Quarantined and deleted successfully.

THEN ran ComboFix and it deleted two files. I rebooted and ran Malwarebytes

LOG

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7502

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/18/2011 8:07:47 PM

mbam-log-2011-08-18 (20-07-47).txt

Scan type: Quick scan

Objects scanned: 165744

Time elapsed: 2 minute(s), 57 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Then Combofix again -

ComboFix 11-08-18.03 - Shane 08/18/2011 20:11:42.2.2 - x86 NETWORK

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2586 [GMT -4:00]

Running from: c:\users\Shane\Desktop\ComboFix.exe

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

.

((((((((((((((((((((((((( Files Created from 2011-07-19 to 2011-08-19 )))))))))))))))))))))))))))))))

.

.

2011-08-19 00:15 . 2011-08-19 00:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2011-08-18 01:26 . 2011-08-18 01:26 50176 ---ha-w- c:\windows\system32\fingdate.dll

2011-08-18 01:25 . 2011-08-18 02:18 -------- d-----w- c:\programdata\gA01602KhDgC01602

2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\users\Shane\AppData\Roaming\Malwarebytes

2011-08-18 00:35 . 2011-07-08 11:55 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 00:35 . 2011-08-18 00:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-18 00:35 . 2011-07-08 11:55 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-17 01:42 . 2011-06-15 09:04 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-17 01:42 . 2011-06-15 09:04 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-17 01:42 . 2011-06-15 09:04 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-17 01:21 . 2011-08-17 23:54 53248 ---ha-w- c:\windows\system32\chglutil.dll

2011-08-17 01:09 . 2011-08-17 01:09 -------- d-----w- c:\windows\Sun

2011-08-09 22:40 . 2011-06-15 09:04 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-09 22:40 . 2011-06-15 09:04 163840 ----a-w- c:\windows\system32\odbctrac.dll

2011-08-09 22:40 . 2011-06-15 09:04 94208 ----a-w- c:\program files\Common Files\System\Ole DB\msdaosp.dll

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2011-06-30 01:51 . 2011-06-24 04:48 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 02:37 . 2011-07-13 01:54 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-06-02 05:59 . 2011-07-13 01:54 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 05:58 . 2011-07-13 01:54 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-02 05:55 . 2011-07-13 01:54 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-02 05:45 . 2011-07-13 01:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2011-06-02 05:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2011-06-02 03:45 . 2011-07-13 01:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45 . 2011-07-13 01:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45 . 2011-07-13 01:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45 . 2011-07-13 01:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:00 . 2011-06-16 23:33 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 10:35 . 2011-06-28 22:07 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

.

.

((((((((((((((((((((((((((((( SnapShot@2011-08-18_23.52.26 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-08-17 01:09 . 2011-08-19 00:03 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2011-08-17 01:09 . 2011-08-18 23:29 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\DOMStore\index.dat

- 2011-08-18 23:24 . 2011-08-18 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-19 00:03 . 2011-08-19 00:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2011-08-19 00:03 . 2011-08-19 00:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2011-08-18 23:24 . 2011-08-18 23:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2010-09-25 01:21 . 2011-08-19 00:03 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2010-09-25 01:21 . 2011-08-18 23:38 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2010-09-25 04:18 . 2011-08-19 00:03 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2010-09-25 04:18 . 2011-08-18 23:48 114688 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-07-14 04:41 . 2011-08-19 00:03 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:41 . 2011-08-18 23:48 196608 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2010-09-25 04:18 . 2011-08-18 23:48 1703936 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2010-09-25 04:18 . 2011-08-19 00:03 1703936 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]

2011-03-18 12:11 2471240 ----a-w- c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{CCC7A320-B3CA-4199-B1A6-9F516DD69829}"= "c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll" [2011-03-18 2471240]

.

[HKEY_CLASSES_ROOT\clsid\{ccc7a320-b3ca-4199-b1a6-9f516dd69829}]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-10-26 1029416]

"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2011-03-14 2071904]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]

"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]

"V0650Mon.exe"="c:\windows\V0650Mon.exe" [2010-02-23 28672]

"Rocket Live! Central 2"="c:\program files\Rocketfish HD Webcam\Live! Central\RFLVCentral2.exe" [2010-02-24 430247]

"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2009-09-13 103768]

"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]

"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2011-01-08 288872]

"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]

"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2011-07-08 1047656]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]

"GrpConv"="grpconv -o" [X]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-08 449584]

.

c:\users\Shane\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

MagicDisc.lnk - c:\program files\MagicDisc\MagicDisc.exe [2011-3-10 576000]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

PHOTOfunSTUDIO 5.0 HD Edition.lnk - c:\program files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe [2010-12-25 172544]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\srv1A8]

@="service"

.

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\Drivers\avgldx86.sys [2010-09-25 216400]

R1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2009-09-08 65584]

R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [2010-09-25 921952]

R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [2010-09-25 308136]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-08 366640]

R2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184]

R2 srv1A8;srv1A8;c:\windows\system32\svchost.exe [2009-07-14 20992]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-08 378984]

R3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG9\Toolbar\ToolbarBroker.exe [2011-03-18 947528]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2010-03-26 144640]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2010-07-07 44432]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-07-08 22712]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]

R3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\Microsoft Dynamics NAV\60\Service\Microsoft.Dynamics.Nav.Server.exe [2009-08-14 141184]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4640000]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]

R3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\DRIVERS\V0650Vid.sys [2010-03-31 322176]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-25 1343400]

S1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\Drivers\avgtdix.sys [2011-05-06 243152]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

WindowsMobile REG_MULTI_SZ wcescomm rapimgr

LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

srv1A8

.

.

------- Supplementary Scan -------

.

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\AVG\AVG9\Toolbar\IEToolbar.dll

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\srv1A8]

"servicedll"="\\?\globalroot\Device\HarddiskVolume2\Windows\Temp\srv1A8.tmp"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Completion time: 2011-08-18 20:16:52

ComboFix-quarantined-files.txt 2011-08-19 00:16

ComboFix2.txt 2011-08-18 23:53

.

Pre-Run: 134,619,508,736 bytes free

Post-Run: 134,541,299,712 bytes free

.

- - End Of File - - 796AFE0614655634B5F0EE33A4ABD25B

After all of this, I boot up in normal, and bam - Malwarebytes blocks some IP (svchost.exe) and I get the blue screen.

HELP!!

Link to post
Share on other sites

Quickscan in Safe Mode just now -

Malwarebytes' Anti-Malware 1.51.1.1800

www.malwarebytes.org

Database version: 7503

Windows 6.1.7600 (Safe Mode)

Internet Explorer 8.0.7600.16385

8/18/2011 8:48:08 PM

mbam-log-2011-08-18 (20-48-08).txt

Scan type: Quick scan

Objects scanned: 167100

Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

.

DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK

Internet Explorer: 8.0.7600.16385

Run by Shane at 21:14:28 on 2011-08-18

Microsoft Windows 7 Professional 6.1.7600.0.1252.1.1033.18.3582.2331 [GMT -4:00]

.

AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}

SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\WUDFHost.exe

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\Explorer.EXE

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\ctfmon.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\rundll32.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

.

============== Pseudo HJT Report ===============

.

uInternet Settings,ProxyOverride = *.local

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - c:\progra~1\micros~1\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

mRun: [synTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe

mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [V0650Mon.exe] c:\windows\V0650Mon.exe

mRun: [Rocket Live! Central 2] "c:\program files\rocketfish hd webcam\live! central\RFLVCentral2.exe" /mode2

mRun: [ConnectionCenter] "c:\program files\citrix\ica client\concentr.exe" /startup

mRun: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NVHotkey] rundll32.exe c:\windows\system32\nvHotkey.dll,Start

mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet

mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript

mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent

mRunOnce: [GrpConv] grpconv -o

dRun: [Kximuneburi] rundll32.exe "c:\windows\system32\config\systemprofile\appdata\local\ima027.dll",Startup

StartupFolder: c:\users\shane\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\photof~1.lnk - c:\program files\common files\panasonic\photofunstudio autostart\AutoStartupService.exe

mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)

mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)

mPolicies-system: EnableUIADesktopToggle = 0 (0x0)

IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab

DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

TCP: DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{09E9C12D-B854-4F27-BBA9-0425849B4188} : DhcpNameServer = 209.18.47.61 209.18.47.62

TCP: Interfaces\{C1EEF202-5EBC-4682-A820-E45D6359DE9B} : DhcpNameServer = 10.1.0.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg9\toolbar\IEToolbar.dll

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

AppInit_DLLs: c:\windows\system32\avgrsstx.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\progra~1\micros~1\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-9-24 243152]

R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

S1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-9-24 216400]

S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-9-24 29584]

S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\drivers\ctxusbm.sys [2009-9-8 65584]

S2 avg9emc;AVG Free E-mail Scanner;c:\program files\avg\avg9\avgemc.exe [2010-9-24 921952]

S2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-9-24 308136]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-8-17 366640]

S2 MicrosoftDynamicsNavServer;Microsoft Dynamics NAV Server;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184]

S2 srv1A8;srv1A8;c:\windows\system32\svchost.exe -k netsvcs [2009-7-13 20992]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2011-1-7 378984]

S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg9\toolbar\ToolbarBroker.exe [2010-10-26 947528]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\drivers\CtClsFlt.sys [2011-1-20 144640]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-8-17 22712]

S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\microsoft office\office14\GROOVE.EXE [2010-3-25 30969208]

S3 MicrosoftDynamicsNavWS;Microsoft Dynamics NAV Business Web Services;c:\program files\microsoft dynamics nav\60\service\Microsoft.Dynamics.Nav.Server.exe [2009-8-14 141184]

S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]

S3 V0650Vid;Rocketfish HD Webcam Driver;c:\windows\system32\drivers\V0650Vid.sys [2011-1-16 322176]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-9-25 1343400]

.

=============== Created Last 30 ================

.

2011-08-19 00:16:31 -------- d-sh--w- C:\$RECYCLE.BIN

2011-08-18 23:53:27 -------- d-----w- c:\users\shane\appdata\local\temp

2011-08-18 23:46:12 98816 ----a-w- c:\windows\sed.exe

2011-08-18 23:46:12 518144 ----a-w- c:\windows\SWREG.exe

2011-08-18 23:46:12 256000 ----a-w- c:\windows\PEV.exe

2011-08-18 23:46:12 208896 ----a-w- c:\windows\MBR.exe

2011-08-18 01:26:05 50176 ---ha-w- c:\windows\system32\fingdate.dll

2011-08-18 01:25:37 -------- d-----w- c:\programdata\gA01602KhDgC01602

2011-08-18 00:35:52 -------- d-----w- c:\users\shane\appdata\roaming\Malwarebytes

2011-08-18 00:35:47 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2011-08-18 00:35:46 -------- d-----w- c:\programdata\Malwarebytes

2011-08-18 00:35:43 22712 ----a-w- c:\windows\system32\drivers\mbam.sys

2011-08-18 00:35:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2011-08-17 01:42:58 86016 ----a-w- c:\windows\system32\odbccu32.dll

2011-08-17 01:42:58 81920 ----a-w- c:\windows\system32\odbccr32.dll

2011-08-17 01:42:58 122880 ----a-w- c:\windows\system32\odbccp32.dll

2011-08-17 01:21:56 53248 ---ha-w- c:\windows\system32\chglutil.dll

2011-08-09 22:40:53 94208 ----a-w- c:\program files\common files\system\ole db\msdaosp.dll

2011-08-09 22:40:53 319488 ----a-w- c:\windows\system32\odbcjt32.dll

2011-08-09 22:40:53 163840 ----a-w- c:\windows\system32\odbctrac.dll

.

==================== Find3M ====================

.

2011-06-30 01:51:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2011-06-11 02:37:19 2332672 ----a-w- c:\windows\system32\win32k.sys

2011-06-02 05:59:55 169984 ----a-w- c:\windows\system32\winsrv.dll

2011-06-02 05:58:05 290816 ----a-w- c:\windows\system32\KernelBase.dll

2011-06-02 05:55:31 271872 ----a-w- c:\windows\system32\conhost.exe

2011-06-02 03:45:49 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2011-06-02 03:45:49 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2011-06-02 03:45:49 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2011-06-02 03:45:49 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2011-05-28 03:00:02 1638912 ----a-w- c:\windows\system32\mshtml.tlb

2011-05-24 10:35:34 294912 ----a-w- c:\windows\system32\umpnpmgr.dll

.

============= FINISH: 21:15:09.48 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.