Jump to content

f12ank622

Members
  • Posts

    5
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Log from scanning in "normal" mode of Windows 7. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.02.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 FWu :: OFFICE-FWU [administrator] Protection: Enabled 8/2/2012 2:56:40 PM mbam-log-2012-08-02 (15-01-46).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 298205 Time elapsed: 4 minute(s), 2 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe (Trojan.FakeAV) -> No action taken. (end)
  2. I ran ComboFix and it didn't produce a log file for me but instead the PC shut down and then reboot itself. Now I can log in and Windows starts up fine (no longer need to F8/Safe Mode) but a bit slower than before.
  3. Here it is. Thank you for your help. Malwarebytes Anti-Malware (PRO) 1.62.0.1300 www.malwarebytes.org Database version: v2012.08.02.09 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 FWu :: OFFICE-FWU [administrator] Protection: Disabled 8/2/2012 2:39:39 PM mbam-log-2012-08-02 (14-40-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 298667 Time elapsed: 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|7531CC8B0000E6FAEA694C6BF875EF60 (Trojan.FakeAV) -> Data: C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe -> No action taken. Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe (Trojan.FakeAV) -> No action taken. (end)
  4. My PC was infected with Live Security Malware so I downloaded MalwareBytes and scan, then removed all infected items. Rebooted and always get Blue Screen now. Error on Blue Screen is: IRQL_NOT_LESS_OR EQUAL Technical information: *** STOP: 0x00000000A (0x0000000000000000, 0x0000000000000002, 0x0000000000000001, 0xfffff800308f6ca) My DSS log is attached below. Thanks in advance for your help! . DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_31 Run by FWu at 15:01:33 on 2012-08-01 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.6135.5037 [GMT -7:00] . AV: ESET Smart Security 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5} SP: ESET Smart Security 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: ESET Personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\Explorer.EXE C:\Windows\system32\ctfmon.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\fwu\Desktop\mbam-setup-1.62.0.1300.exe C:\Users\fwu\AppData\Local\Temp\is-H0O3M.tmp\mbam-setup-1.62.0.1300.tmp \\.\globalroot\systemroot\Installer\{8baed504-271e-bf8b-046f-07197357cecd}\U C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://companyweb uDefault_Page_URL = hxxp://companyweb uInternet Settings,ProxyOverride = <local>;*.local mWinlogon: Userinit=userinit.exe, BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Java Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_265_Plugin.exe -update plugin uRunOnce: [7531CC8B0000E6FAEA694C6BF875EF60] C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60\7531CC8B0000E6FAEA694C6BF875EF60.exe mRun: [<NO NAME>] mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent uPolicies-explorer: HideSCAHealth = 1 (0x1) mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 0 (0x0) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableLUA = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) mPolicies-system: PromptOnSecureDesktop = 0 (0x0) mPolicies-system: RunStartupScriptSync = 1 (0x1) mPolicies-system: EnableLinkedConnections = 1 (0x1) IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200 IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office10\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll Trusted Zone: homeserver.com\wuresidence Trusted Zone: intuit.com\community Trusted Zone: intuit.com\ttlc DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} - hxxps://simulcast.manheim.com/simulcast/lib/LiveSound.dll DPF: {62FC5539-7373-420B-AA75-89DE9ECF6CAB} - hxxp://192.168.10.32/DvrOcx.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} - hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab DPF: {E865C40C-7EBF-408B-8FC5-05172921AA53} - hxxps://wuresidence.homeserver.com/remote/Microsoft.HomeServer.RichUpload.cab DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100 TCP: DhcpNameServer = 192.168.10.5 TCP: Interfaces\{8124478B-1895-4F29-823C-048F80ABA56E} : DhcpNameServer = 192.168.10.5 Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 9.0\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 10.0\HelpAsyncPluggableProtocol.dll Handler: intu-help-qb5 - {867FCB77-9823-4cd6-8210-D85F968D466F} - C:\Program Files (x86)\Intuit\QuickBooks Enterprise Solutions 12.0\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll AppInit_DLLs: acaptuser32.dll BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-X64: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO-X64: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll BHO-X64: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll BHO-X64: SmartSelect - No File TB-X64: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File mRun-x64: [(Default)] mRunOnce-x64: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript mRunOnce-x64: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent AppInit_DLLs-X64: acaptuser32.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\fwu\AppData\Roaming\Mozilla\Firefox\Profiles\8d79di5t.default\ FF - prefs.js: browser.startup.homepage - FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\fwu\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll . ============= SERVICES / DRIVERS =============== . R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\system32\DRIVERS\NBVol.sys --> C:\Windows\system32\DRIVERS\NBVol.sys [?] R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\system32\DRIVERS\NBVolUp.sys --> C:\Windows\system32\DRIVERS\NBVolUp.sys [?] R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\system32\DRIVERS\k57nd60a.sys --> C:\Windows\system32\DRIVERS\k57nd60a.sys [?] R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S1 mfehidk;McAfee Inc. mfehidk;C:\Windows\system32\drivers\mfehidk.sys --> C:\Windows\system32\drivers\mfehidk.sys [?] S2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2009-10-6 92160] S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe [2008-12-18 155648] S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-9-11 735960] S2 epfwwfp;epfwwfp;C:\Windows\system32\DRIVERS\epfwwfp.sys --> C:\Windows\system32\DRIVERS\epfwwfp.sys [?] S2 FedExAdminService;FedEx Administration Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\AdminService.exe [2009-10-5 28672] S2 FedExLoggingService;FedEx Logging Service;C:\Program Files (x86)\FedEx\ShipManager\BIN\FedEx.Gsm.Common.LoggingService.exe [2009-10-5 16384] S2 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;"C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe" -s DefaultInstance --> C:\Program Files (x86)\Fishbowl\database\bin\fb_inet_server.exe [?] S2 LMIInfo;LogMeIn Kernel Information Provider;C:\Program Files (x86)\LogMeIn\x64\rainfo.sys [2010-1-27 15928] S2 LMIRfsDriver;LogMeIn Remote File System Driver;\??\C:\Windows\system32\drivers\LMIRfsDriver.sys --> C:\Windows\system32\drivers\LMIRfsDriver.sys [?] S2 MSSQL$ACCTIVATE;SQL Server (ACCTIVATE);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.2\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 MSSQL$NOWCOMSQLEXPRESS;SQL Server (NOWCOMSQLEXPRESS);C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408] S2 NowUpdate Engine;Nowcom Application Updater Service;"C:\Program Files (x86)\Nowcom Corporation\NowUpdate 3.0\NowUpdate.Service.exe" --> C:\Program Files (x86)\Nowcom Corporation\NowUpdate 3.0\NowUpdate.Service.exe [?] S2 QBVSS;QBIDPService;C:\Program Files (x86)\Common Files\Intuit\DataProtect\QBIDPService.exe [2011-12-6 1248256] S2 SSPORT;SSPORT;\??\C:\Windows\system32\Drivers\SSPORT.sys --> C:\Windows\system32\Drivers\SSPORT.sys [?] S3 FedExShipnetDBService;FedEx Shipnet Database Service;C:\Program Files (x86)\FedEx\ShipManager\ASA\Win32\dbsrv9.exe [2008-4-23 83248] S3 FedExShipService;FedEx Shipping Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\ShipEngineService.exe [2009-10-5 16384] S3 FedExSmartPostService;FedEx SmartPost Shipping Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\SmartPostShipService.exe [2009-10-5 16384] S3 FedExTransactionService;FedEx Transaction Engine;C:\Program Files (x86)\FedEx\ShipManager\BIN\TransEngineService.exe [2009-10-5 16384] S3 ivusb;Initio Driver for USB Default Controller;C:\Windows\system32\DRIVERS\ivusb.sys --> C:\Windows\system32\DRIVERS\ivusb.sys [?] S3 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\system32\drivers\mfeavfk.sys --> C:\Windows\system32\drivers\mfeavfk.sys [?] S3 mfebopk;McAfee Inc. mfebopk;C:\Windows\system32\drivers\mfebopk.sys --> C:\Windows\system32\drivers\mfebopk.sys [?] S3 mferkdk;McAfee Inc. mferkdk;C:\Windows\system32\drivers\mferkdk.sys --> C:\Windows\system32\drivers\mferkdk.sys [?] S3 mfesmfk;McAfee Inc. mfesmfk;C:\Windows\system32\drivers\mfesmfk.sys --> C:\Windows\system32\drivers\mfesmfk.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-4-30 113120] S3 QuickBooksDB22;QuickBooksDB22;C:\PROGRA~2\Intuit\QUICKB~3.0\QBDBMgrN.exe -hvQuickBooksDB22 --> C:\PROGRA~2\Intuit\QUICKB~3.0\QBDBMgrN.exe -hvQuickBooksDB22 [?] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys --> C:\Windows\system32\drivers\rdpvideominiport.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] S4 QuickBooksDB20;QuickBooksDB20;C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB20 --> C:\PROGRA~2\Intuit\QUICKB~2.0\QBDBMgrN.exe -hvQuickBooksDB20 [?] . =============== Created Last 30 ================ . 2012-08-01 21:58:54 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-01 21:58:54 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-07-31 00:18:58 -------- d-----w- C:\Users\fwu\AppData\Roaming\Malwarebytes 2012-07-31 00:18:52 -------- d-----w- C:\ProgramData\Malwarebytes 2012-07-31 00:00:57 -------- d-sh--w- C:\Windows\System32\%APPDATA% 2012-07-30 23:55:30 -------- d-----w- C:\ProgramData\7531CC8B0000E6FAEA694C6BF875EF60 2012-07-27 07:27:17 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA462F21-F1FD-4AAC-BC40-27E42452F11D}\mpengine.dll 2012-07-11 23:39:41 -------- d-----w- C:\Users\fwu\AppData\Local\Nero_AG 2012-07-11 10:04:42 3148800 ----a-w- C:\Windows\System32\win32k.sys 2012-07-11 10:04:02 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll 2012-07-11 10:04:02 2048 ----a-w- C:\Windows\System32\msxml3r.dll 2012-07-11 10:04:01 2004480 ----a-w- C:\Windows\System32\msxml6.dll 2012-07-11 10:04:01 1881600 ----a-w- C:\Windows\System32\msxml3.dll 2012-07-11 10:04:01 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-07-11 10:04:01 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-07-11 10:03:08 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2012-07-11 10:03:08 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys 2012-07-11 10:03:08 458704 ----a-w- C:\Windows\System32\drivers\cng.sys 2012-07-11 10:03:08 340992 ----a-w- C:\Windows\System32\schannel.dll 2012-07-11 10:03:08 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-07-11 10:03:08 225280 ----a-w- C:\Windows\SysWow64\schannel.dll 2012-07-11 10:03:08 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2012-07-11 10:03:08 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-07-11 10:03:08 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2012-07-11 10:02:22 184320 ----a-w- C:\Windows\System32\cryptsvc.dll 2012-07-11 10:02:22 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll 2012-07-11 10:02:22 140288 ----a-w- C:\Windows\System32\cryptnet.dll 2012-07-11 10:02:22 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll 2012-07-11 10:02:21 1462272 ----a-w- C:\Windows\System32\crypt32.dll 2012-07-11 10:02:21 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll 2012-07-06 10:00:27 294912 ----a-w- C:\Windows\System32\browserchoice.exe . ==================== Find3M ==================== . 2012-07-11 21:22:29 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-07-11 21:22:29 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll 2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll 2012-06-02 22:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll 2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll 2012-06-02 22:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe 2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll 2012-06-02 12:12:17 2311680 ----a-w- C:\Windows\System32\jscript9.dll 2012-06-02 12:05:28 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-06-02 12:04:50 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-06-02 12:01:40 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-06-02 11:57:08 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-06-02 08:33:25 1800192 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-06-02 08:25:08 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-06-02 08:25:03 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-06-02 08:20:33 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-06-02 08:16:52 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-05-31 19:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe 2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe 2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe . ============= FINISH: 15:07:11.35 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.