Jump to content

oh211

Members
 View Profile  See their activity

  • Posts

    3

  • Joined

  • Last visited

Reputation

0 Neutral
  1. oh211
    AhnLab-V3 2011.02.06.00 2011.02.06 - AntiVir 7.11.2.88 2011.02.07 - Antiy-AVL 2.0.3.7 2011.01.28 - Avast 4.8.1351.0 2011.02.07 - Avast5 5.0.677.0 2011.02.07 - AVG 10.0.0.1190 2011.02.07 - BitDefender 7.2 2011.02.07 - CAT-QuickHeal 11.00 2011.02.07 - ClamAV 0.96.4.0 2011.02.07 - Commtouch 5.2.11.5 2011.02.07 - Comodo 7607 2011.02.07 - DrWeb 5.0.2.03300 2011.02.07 - Emsisoft 5.1.0.2 2011.02.07 - eSafe 7.0.17.0 2011.02.06 - eTrust-Vet 36.1.8144 2011.02.07 - F-Prot 4.6.2.117 2011.02.04 - F-Secure 9.0.16160.0 2011.02.07 - Fortinet 4.2.254.0 2011.02.07 - GData 21 2011.02.07 - Ikarus T3.1.1.97.0 2011.02.07 - Jiangmin 13.0.900 2011.02.05 - K7AntiVirus 9.81.3771 2011.02.07 - Kaspersky 7.0.0.125 2011.02.07 - McAfee 5.400.0.1158 2011.02.07 - McAfee-GW-Edition 2010.1C 2011.02.07 - Microsoft 1.6502 2011.02.07 - NOD32 5853 2011.02.07 - Norman 6.07.03 2011.02.07 - nProtect 2011-01-27.01 2011.02.02 - Panda 10.0.3.5 2011.02.07 - PCTools 7.0.3.5 2011.02.07 - Prevx 3.0 2011.02.07 - Rising 23.44.00.08 2011.02.07 - Sophos 4.61.0 2011.02.07 - SUPERAntiSpyware 4.40.0.1006 2011.02.07 Rogue.Agent/Gen-Nullo[DLL] Symantec 20101.3.0.103 2011.02.07 - TheHacker 6.7.0.1.125 2011.02.07 - TrendMicro 9.200.0.1012 2011.02.07 - TrendMicro-HouseCall 9.200.0.1012 2011.02.07 - VBA32 3.12.14.3 2011.02.07 - VIPRE 8337 2011.02.07 - ViRobot 2011.2.7.4297 2011.02.07 - VirusBuster 13.6.187.0 2011.02.07 - Additional informationShow all MD5 : ac812530dc390239e250418fdbaaf4b5 SHA1 : 5a306a03d26093b1fe334e87cbd8f5fc01775b36 SHA256: 25367b54664e1770bcaf349b4e033d819ebe334b5314223f895095e2c630ca97 ssdeep: 96:gNbY73GZlUtxWWf438fcVPwy3utMFf/hwKdwU5yhFBNCvItFfwOH9afssLj9:CW3SzW48EVP wUuMFnmKdDOBNCgznUsq5 File size : 4961 bytes First seen: 2011-02-07 17:07:15 Last seen : 2011-02-07 17:07:15 TrID: Unknown! sigcheck: publisher....: n/a copyright....: n/a product......: n/a description..: n/a original name: n/a internal name: n/a file version.: n/a comments.....: n/a signers......: - signing date.: - verified.....: Unsigned ExifTool: file metadata Error: File format error FileSize: 4.8 kB AhnLab-V3 2011.01.27.01 2011.01.27 - AntiVir 7.11.2.59 2011.02.02 Joke/BadJoke.Formatter.J Antiy-AVL 2.0.3.7 2011.01.28 Hoax/Win32.BadJoke.gen Avast 4.8.1351.0 2011.02.02 - Avast5 5.0.677.0 2011.02.02 - BitDefender 7.2 2011.02.02 Trojan.Clicker.Agent.ADJ CAT-QuickHeal 11.00 2011.02.02 Hoax.BadJoke.Formatter.j (Not a Virus) ClamAV 0.96.4.0 2011.02.02 - Commtouch 5.2.11.5 2011.02.02 - Comodo 7568 2011.02.02 UnclassifiedMalware Emsisoft 5.1.0.2 2011.02.02 Hoax.Win32.BadJoke.Formatter!IK eTrust-Vet 36.1.8137 2011.02.02 - F-Prot 4.6.2.117 2011.02.01 - Fortinet 4.2.254.0 2011.02.02 - GData 21 2011.02.02 Trojan.Clicker.Agent.ADJ Ikarus T3.1.1.97.0 2011.02.02 Hoax.Win32.BadJoke.Formatter Jiangmin 13.0.900 2011.02.02 - K7AntiVirus 9.81.3725 2011.02.02 Trojan McAfee 5.400.0.1158 2011.02.02 Artemis!6C4661D4D840 McAfee-GW-Edition 2010.1C 2011.02.02 Artemis!6C4661D4D840 Microsoft 1.6502 2011.02.02 Trojan:Win32/Tikuffed.U NOD32 5841 2011.02.02 Win32/Agent.QTP nProtect 2011-01-27.01 2011.02.02 Joke/W32.BadJoke.675033 Panda 10.0.3.5 2011.02.02 Trj/CI.A PCTools 7.0.3.5 2011.02.02 Virus.DOS.Downloader Prevx 3.0 2011.02.02 - Rising 23.43.02.07 2011.02.02 Trojan.Win32.Generic.11E8A58A Sophos 4.61.0 2011.02.02 Mal/Generic-L SUPERAntiSpyware 4.40.0.1006 2011.02.02 - TheHacker 6.7.0.1.123 2011.02.02 - TrendMicro 9.200.0.1012 2011.02.02 - VBA32 3.12.14.3 2011.02.02 - VIPRE 8285 2011.02.02 Trojan.Win32.Generic!BT ViRobot 2011.2.2.4288 2011.02.02 Hoax.BadJoke.675033 VirusBuster 13.6.178.0 2011.02.02 Trojan.Agent!9epyfnZkVQc Additional informationShow all MD5 : 6c4661d4d840f5903381c5dc66382aef SHA1 : 94fd4657cedf276724c8c66cd4ec6571bfa5ab2c SHA256: 9cbd2f51a1102b69a78f2522325048c23de53acb33bc333d236567c0fa0505fb ssdeep: 12288:sxtx6cjhDBPl8/jDxGP7QFV2e+vWabM4aHYNEVe5LRLgjnues8Ya:Mtx6cjhDBPmDkzQ3 2n44uYNEo51LLesA File size : 675033 bytes First seen: 2010-02-08 17:19:43 Last seen : 2011-02-02 20:29:52 Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID: InstallShield setup (42.6%) Win32 Executable MS Visual C++ (generic) (37.3%) Win32 Executable Generic (8.4%) Win32 Dynamic Link Library (generic) (7.5%) Generic Win/DOS Executable (1.9%) sigcheck: publisher....: Microsoft Corporation copyright....: © Microsoft Corporation. All rights reserved. product......: n/a description..: Host Application original name: n/a internal name: n/a file version.: 6.0.2900.5512 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x5E10 timedatestamp....: 0x48623C65 (Wed Jun 25 12:39:01 2008) machinetype......: 0x14C (Intel I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x942A, 0xA000, 6.33, cc186e3b407d8234cfd17dc9962b7925 .rdata, 0xB000, 0xF86, 0x1000, 5.09, 658c23261b80012a995b64832ba351db .data, 0xC000, 0x4000, 0x4000, 1.53, 2a4e5dc502dce8b3328199f97b582e03 .rsrc, 0x10000, 0x6F28, 0x7000, 5.5, 263ab8f809b69e2f7a7329f6967eac38 [[ 2 import(s) ]] kernel32.dll: GetTempFileNameA, GetTempPathA, CreateDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, FindFirstFileA, Sleep, SetCurrentDirectoryA, CloseHandle, GetExitCodeProcess, CreateProcessA, GetModuleFileNameA, GetStringTypeW, GetStringTypeA, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, LoadLibraryA, GetProcAddress, LCMapStringW, LCMapStringA, CreateFileA, GetLastError, ReadFile, WriteFile, SetFilePointer, SetEnvironmentVariableA, GetCurrentDirectoryA, HeapFree, HeapAlloc, DeleteFileA, ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, RtlUnwind, HeapCompact, HeapReAlloc, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar user32.dll: wsprintfA, PeekMessageA, GetMessageA, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageA, LoadStringA, MessageBoxA ThreatExpert: http://www.threatexpert.com/report.aspx?md...381c5dc66382aef ExifTool: file metadata CharacterSet: Unicode CodeSize: 40960 CompanyName: Microsoft Corporation EntryPoint: 0x5e10 FileDescription: Host Application FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 659 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 6.0.2900.5512 FileVersionNumber: 6.0.2900.5512 ImageVersion: 0.0 InitializedDataSize: 49152 LanguageCode: English (U.S.) LegalCopyright: Microsoft Corporation. All rights reserved. LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application PEType: PE32 ProductVersionNumber: 6.0.2900.5512 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2008:06:25 14:39:01+02:00 UninitializedDataSize: 0 AhnLab-V3 2011.01.18.00 2011.01.17 - AntiVir 7.11.1.201 2011.01.20 Joke/BadJoke.Formatter.AF Antiy-AVL 2.0.3.7 2011.01.18 - Avast 4.8.1351.0 2011.01.20 - Avast5 5.0.677.0 2011.01.20 - AVG 10.0.0.1190 2011.01.20 - BitDefender 7.2 2011.01.20 - CAT-QuickHeal 11.00 2011.01.20 Hoax.BadJoke.Formatter.af (Not a Virus) ClamAV 0.96.4.0 2011.01.20 - Commtouch 5.2.11.5 2011.01.20 - Comodo 7454 2011.01.20 Heur.Suspicious DrWeb 5.0.2.03300 2011.01.20 - Emsisoft 5.1.0.1 2011.01.20 Hoax.Win32.BadJoke.Formatter!IK eSafe 7.0.17.0 2011.01.20 - eTrust-Vet 36.1.8113 2011.01.20 - F-Prot 4.6.2.117 2011.01.20 - F-Secure 9.0.16160.0 2011.01.20 - Fortinet 4.2.254.0 2011.01.20 - GData 21 2011.01.20 - Ikarus T3.1.1.97.0 2011.01.20 Hoax.Win32.BadJoke.Formatter Jiangmin 13.0.900 2011.01.20 - K7AntiVirus 9.77.3603 2011.01.20 - Kaspersky 7.0.0.125 2011.01.20 Hoax.Win32.BadJoke.Formatter.af McAfee 5.400.0.1158 2011.01.20 Artemis!0AA5473341B9 McAfee-GW-Edition 2010.1C 2011.01.20 Artemis!0AA5473341B9 Microsoft 1.6402 2011.01.20 Trojan:Win32/Tikuffed.F NOD32 5804 2011.01.20 - Norman 6.06.12 2011.01.20 - nProtect 2011-01-18.01 2011.01.18 Joke/W32.BadJoke.659676 Panda 10.0.2.7 2011.01.20 Trj/CI.A PCTools 7.0.3.5 2011.01.20 - Prevx 3.0 2011.01.20 - Rising 23.41.03.06 2011.01.20 - Sophos 4.61.0 2011.01.20 - SUPERAntiSpyware 4.40.0.1006 2011.01.20 - Symantec 20101.3.0.103 2011.01.20 WS.Reputation.1 TheHacker 6.7.0.1.116 2011.01.18 - TrendMicro 9.120.0.1004 2011.01.20 - TrendMicro-HouseCall 9.120.0.1004 2011.01.20 - VBA32 3.12.14.3 2011.01.20 - VIPRE 8134 2011.01.20 Trojan.Win32.Generic!SB.0 ViRobot 2011.1.20.4265 2011.01.20 Hoax.BadJoke.659676 VirusBuster 13.6.156.0 2011.01.20 - Additional informationShow all MD5 : 0aa5473341b933f096edb84bdb8bf4e6 SHA1 : 230a83b9604fee52b49bf6518ac3f619b935e7bc SHA256: 00886fb25e2d295b0c89cc01e0dca2224259decbb07b2dec80f76e1b69bff4cc ssdeep: 12288:sxKMh6cjhDBPl8/jDxHEP7QFV2e+vWabM4aHYNEVe5LRLgnIEpLVub2i:MFh6cjhDBPmD FEzQ32n44uYNEo51LqRC File size : 659676 bytes First seen: 2010-02-22 00:10:52 Last seen : 2011-01-20 21:30:26 Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit TrID: Win32 Executable MS Visual C++ (generic) (65.2%) Win32 Executable Generic (14.7%) Win32 Dynamic Link Library (generic) (13.1%) Generic Win/DOS Executable (3.4%) DOS Executable Generic (3.4%) sigcheck: publisher....: Intuit, Inc copyright....: © Intuit Inc. All rights reserved. product......: n/a description..: QuickBooks 2010 Agent original name: n/a internal name: n/a file version.: 16.0.0.328 comments.....: n/a signers......: - signing date.: - verified.....: Unsigned PEiD: - PEInfo: PE structure information [[ basic data ]] entrypointaddress: 0x5E10 timedatestamp....: 0x48623C65 (Wed Jun 25 12:39:01 2008) machinetype......: 0x14C (Intel I386) [[ 4 section(s) ]] name, viradd, virsiz, rawdsiz, ntropy, md5 .text, 0x1000, 0x942A, 0xA000, 6.33, cc186e3b407d8234cfd17dc9962b7925 .rdata, 0xB000, 0xF86, 0x1000, 5.09, 658c23261b80012a995b64832ba351db .data, 0xC000, 0x4000, 0x4000, 1.53, 2a4e5dc502dce8b3328199f97b582e03 .rsrc, 0x10000, 0x6F28, 0x7000, 5.24, f7bf1f1415e32fb9ae6bb8d8faabba40 [[ 2 import(s) ]] kernel32.dll: GetTempFileNameA, GetTempPathA, CreateDirectoryA, RemoveDirectoryA, FindClose, FindNextFileA, FindFirstFileA, Sleep, SetCurrentDirectoryA, CloseHandle, GetExitCodeProcess, CreateProcessA, GetModuleFileNameA, GetStringTypeW, GetStringTypeA, IsBadCodePtr, IsBadReadPtr, SetUnhandledExceptionFilter, LoadLibraryA, GetProcAddress, LCMapStringW, LCMapStringA, CreateFileA, GetLastError, ReadFile, WriteFile, SetFilePointer, SetEnvironmentVariableA, GetCurrentDirectoryA, HeapFree, HeapAlloc, DeleteFileA, ExitProcess, TerminateProcess, GetCurrentProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersion, RtlUnwind, HeapCompact, HeapReAlloc, GetEnvironmentVariableA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, IsBadWritePtr, UnhandledExceptionFilter, FreeEnvironmentStringsA, FreeEnvironmentStringsW, WideCharToMultiByte, GetEnvironmentStrings, GetEnvironmentStringsW, SetHandleCount, GetStdHandle, GetFileType, GetCPInfo, GetACP, GetOEMCP, MultiByteToWideChar user32.dll: wsprintfA, PeekMessageA, GetMessageA, MsgWaitForMultipleObjects, TranslateMessage, DispatchMessageA, LoadStringA, MessageBoxA ExifTool: file metadata CharacterSet: Unicode CodeSize: 40960 CompanyName: Intuit, Inc EntryPoint: 0x5e10 FileDescription: QuickBooks 2010 Agent FileFlagsMask: 0x003f FileOS: Windows NT 32-bit FileSize: 644 kB FileSubtype: 0 FileType: Win32 EXE FileVersion: 16.0.0.328 FileVersionNumber: 16.0.0.328 ImageVersion: 0.0 InitializedDataSize: 49152 LanguageCode: English (U.S.) LegalCopyright: Intuit Inc. All rights reserved. LinkerVersion: 6.0 MIMEType: application/octet-stream MachineType: Intel 386 or later, and compatibles OSVersion: 4.0 ObjectFileType: Executable application PEType: PE32 ProductVersionNumber: 16.0.0.328 Subsystem: Windows GUI SubsystemVersion: 4.0 TimeStamp: 2008:06:25 14:39:01+02:00 UninitializedDataSize: 0
  2. oh211
    This log file is located at C:\rkill.log. Please post this only if requested to by the person helping you. Otherwise you can close this log when you wish. Rkill was run on 02/06/2011 at 13:04:42. Operating System: Windows 7 Home Premium Processes terminated by Rkill or while it was running: C:\windows\SysWOW64\InfDefaultInstall.exe C:\windows\SysWOW64\runonce.exe C:\windows\SysWOW64\InfDefaultInstall.exe C:\windows\SysWOW64\runonce.exe Rkill completed on 02/06/2011 at 13:04:48. Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 5690 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 2/6/2011 12:32:31 PM mbam-log-2011-02-06 (12-32-31).txt Scan type: Quick scan Objects scanned: 161100 Time elapsed: 1 minute(s), 59 second(s) Memory Processes Infected: 1 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 1 Memory Processes Infected: c:\Windows\Temp\mrt7DF5.tmp\stdrt.exe (Trojan.FakeMS) -> 2792 -> Unloaded process successfully. Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: c:\Windows\Temp\mrt7DF5.tmp\stdrt.exe (Trojan.FakeMS) -> Quarantined and deleted successfully. DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Boost Mobile at 12:34:03.83 on Sun 02/06/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4223 [GMT -5:00] AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\CITIZEN\Message.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\windows\system32\taskhost.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\windows\system32\SearchIndexer.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\iPod\bin\iPodService.exe C:\windows\system32\DllHost.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe C:\windows\system32\SearchProtocolHost.exe c:\program files\windows defender\MpCmdRun.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\Boost Mobile\Desktop\Misc\dds.scr C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s uInternet Settings,ProxyOverride = *.local mURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickBooks Agent] C:\windows\qbagent.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE mRun: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Message.lnk - C:\CITIZEN\Message.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Boost Mobile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: qpay123.com Trusted Zone: t-mobile.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/en-us/wlscctrl2.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295214306442 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {FC14D208-0AF3-4BF5-9498-59C09229491B} - hxxps://www.qpay123.com/WQVPS/activeX/PrinterActiveX.ocx Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {00F2C0C6-2194-484E-9064-44E57787867B} - No File TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB-X64: {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe ================= FIREFOX =================== FF - ProfilePath - C:\Users\BOOSTM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/?pc=Z007&form=ZGAPHP FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z007&form=ZGAADF&q= FF - component: C:\Users\Boost Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: C:\Users\Boost Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - BRI/1 ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-27 273488] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-27 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-27 62032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-20 40384] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-22 240160] R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-10-27 1101600] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-10-27 245760] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\system\regsrv.exe [2010-11-12 675033] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 135664] S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2009-8-22 1621760] S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2009-8-22 607232] S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-29 1255736] =============== Created Last 30 ================ 2011-02-04 14:54:21 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{96F96CBD-38DF-40D9-8826-CEC95B482F48}\mpengine.dll 2011-02-03 20:41:50 -------- d-----w- C:\Program Files (x86)\WhiteSmoke 2011-01-31 21:54:35 4961 ----a-w- C:\windows\system\viewed.dll 2011-01-24 18:47:27 373760 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HP1006S.DLL 2011-01-24 18:44:26 64512 ----a-w- C:\windows\System32\HPPLVS.dll 2011-01-24 18:44:26 403968 ----a-w- C:\windows\System32\HP1006LM.DLL 2011-01-18 23:33:35 -------- d-----w- C:\Users\BOOSTM~1\AppData\Local\Research In Motion 2011-01-18 23:32:10 -------- d-----w- C:\PROGRA~3\Research In Motion 2011-01-16 17:29:10 513080 ----a-w- C:\windows\System32\drivers\sptd.sys 2011-01-16 17:27:44 -------- d-----w- C:\Program Files (x86)\LSoft Technologies Inc 2011-01-16 17:16:09 91568 ----a-w- C:\windows\System32\drivers\scdemu.sys 2011-01-16 17:16:09 -------- d-----w- C:\Program Files (x86)\PowerISO 2011-01-16 17:08:16 -------- d-----w- C:\Temp 2011-01-11 19:32:17 -------- d-----w- C:\Users\BOOSTM~1\AppData\Roaming\DVDVideoSoftIEHelpers 2011-01-11 19:32:10 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft 2011-01-11 19:32:10 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft 2011-01-11 19:25:48 -------- d-----w- C:\Program Files (x86)\YouTube Downloader 2011-01-09 20:41:19 -------- d-----w- C:\Program Files\CCleaner ==================== Find3M ==================== 2011-01-13 08:47:35 38848 ----a-w- C:\windows\avastSS.scr 2011-01-13 08:37:23 62032 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys 2010-11-13 01:07:45 675033 ----a-w- C:\windows\system\regsrv.exe 2010-11-13 01:07:38 659676 ----a-w- C:\windows\qbagent.exe 2010-11-12 23:53:06 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll ============= FINISH: 12:34:35.67 =============== attach2.txt.txt
  3. oh211
    Hello I need help in removing trojan.fakems. Here is DDS.text DDS (Ver_10-12-12.02) - NTFS_AMD64 Run by Boost Mobile at 12:28:54.77 on Tue 02/01/2011 Internet Explorer: 8.0.7600.16385 BrowserJavaVersion: 1.6.0_23 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.5887.4360 [GMT -5:00] AV: avast! Antivirus *Enabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308} SP: avast! Antivirus *Enabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ============== Running Processes =============== C:\windows\system32\wininit.exe C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\system32\atieclxx.exe C:\Program Files\Alwil Software\Avast5\AvastSvc.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\windows\system32\taskhost.exe C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\TEMP\mrt672A.tmp\stdrt.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\CITIZEN\Message.exe C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Program Files\Alwil Software\Avast5\AvastUI.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe c:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\WUDFHost.exe C:\windows\system32\SearchProtocolHost.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\PowerISO\PWRISOVM.EXE C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SCServer\SCServer.exe C:\windows\system32\DllHost.exe C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\windows\SysWOW64\Macromed\Flash\FlashUtil10l_ActiveX.exe C:\windows\system32\taskeng.exe C:\windows\splwow64.exe C:\windows\splwow64.exe C:\windows\system32\sppsvc.exe C:\windows\System32\svchost.exe -k secsvcs C:\windows\system32\SearchFilterHost.exe C:\windows\system32\NOTEPAD.EXE C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\windows\system32\DllHost.exe C:\Users\Boost Mobile\Desktop\dds.scr C:\windows\system32\conhost.exe C:\windows\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s mDefault_Page_URL = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s mStart Page = hxxp://homepage.gateway.com/rdr.aspx?b=ACGW&l=0409&m=dx4300&r=173605109416p0315v1i5k4881520s uInternet Settings,ProxyOverride = *.local uURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll uURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll mURLSearchHooks: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll mURLSearchHooks: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll BHO: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.6.5805.1910\swg.dll BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: SearchElf 1.1 Toolbar: {00f2c0c6-2194-484e-9064-44e57787867b} - C:\Program Files (x86)\SearchElf_1.1\tbSear.dll TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: Elf 1 Toolbar: {22e03916-85c5-44b0-8dc9-1830c11238d9} - C:\Program Files (x86)\Elf_1\prxtbElf_.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\BackupManagerTray.exe" -h -k mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Gateway Photo Frame] C:\Program Files (x86)\Gateway Photo Frame\ButtonMonitor.exe -A mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [avast5] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui mRun: [intuit SyncManager] C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe startup mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [QuickBooks Agent] C:\windows\qbagent.exe mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe mRun: [<NO NAME>] mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume mRun: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Message.lnk - C:\CITIZEN\Message.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\QUICKB~1.LNK - C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe mPolicies-explorer: NoActiveDesktop = 1 (0x1) mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1) mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 IE: Free YouTube to MP3 Converter - C:\Users\Boost Mobile\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL Trusted Zone: qpay123.com Trusted Zone: t-mobile.com DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1295214306442 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {FC14D208-0AF3-4BF5-9498-59C09229491B} - hxxps://www.qpay123.com/WQVPS/activeX/PrinterActiveX.ocx Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: intu-help-qb3 - {c5e479ea-0a65-4b05-8c6c-2fc8cc682eb4} - C:\Program Files (x86)\Intuit\QuickBooks 2010\HelpAsyncPluggableProtocol.dll Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\System32\mscoree.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.5805.1910\swg64.dll TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll TB-X64: {00F2C0C6-2194-484E-9064-44E57787867B} - No File TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB-X64: {22E03916-85C5-44B0-8DC9-1830C11238D9} - No File mRun-x64: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe mRun-x64: [skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe ================= FIREFOX =================== FF - ProfilePath - C:\Users\BOOSTM~1\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\ FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13 FF - component: C:\Users\Boost Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\FFExternalAlert.dll FF - component: C:\Users\Boost Mobile\AppData\Roaming\Mozilla\Firefox\Profiles\0myul5n0.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\components\RadioWMPCore.dll FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.2.183.39\npGoogleOneClick8.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - C:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} FF - Ext: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - %profile%\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - BRI/1 ============= SERVICES / DRIVERS =============== R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2010-10-27 273488] R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\System32\drivers\vwififlt.sys [2009-7-13 59904] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-5-27 203264] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2010-10-27 20560] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2010-10-27 62032] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-1-20 40384] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Gateway MyBackup\IScheduleSvc.exe [2009-8-12 62208] R2 Updater Service;Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2009-8-22 240160] R3 AE1000;Linksys AE1000 Driver;C:\Windows\System32\drivers\ae1000w7.sys [2010-10-27 1101600] R3 amdkmdag;amdkmdag;C:\Windows\System32\drivers\atikmdag.sys [2010-8-4 7451648] R3 amdkmdap;amdkmdap;C:\Windows\System32\drivers\atikmpag.sys [2010-8-4 268288] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2010-10-27 245760] R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\System32\drivers\vwifimp.sys [2009-7-13 17920] R3 WSDPrintDevice;WSD Print Support via UMB;C:\Windows\System32\drivers\WSDPrint.sys [2009-7-13 23040] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 FLEXnet Licensing Manager;FLEXnet Licensing Manager for Adobe Products;C:\Windows\system\regsrv.exe [2010-11-12 675033] S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-10-27 135664] S3 AVer7231_x64;AVerMedia 7231 capture service;C:\Windows\System32\drivers\AVer7231_x64.sys [2009-8-22 1621760] S3 rtl819xp;Realtek RTL8190\RTL8192E 802.11n Wireless LAN (Mini-)PCI NIC NT Driver;C:\Windows\System32\drivers\rtl819xp.sys [2009-8-22 607232] S3 SrvHsfPCI;SrvHsfPCI;C:\Windows\System32\drivers\VSTBS26.SYS [2009-7-13 411136] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2010-9-28 51712] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-10-29 1255736] =============== Created Last 30 ================ 2011-02-01 14:11:00 7844688 ----a-w- C:\PROGRA~3\Microsoft\Windows Defender\Definition Updates\{F1B156D3-130E-48B6-81C1-C45C7CF83DDC}\mpengine.dll 2011-01-31 21:54:35 4961 ----a-w- C:\windows\system\viewed.dll 2011-01-24 18:47:27 373760 ----a-w- C:\windows\System32\Spool\prtprocs\x64\HP1006S.DLL 2011-01-24 18:44:26 64512 ----a-w- C:\windows\System32\HPPLVS.dll 2011-01-24 18:44:26 403968 ----a-w- C:\windows\System32\HP1006LM.DLL 2011-01-18 23:33:35 -------- d-----w- C:\Users\BOOSTM~1\AppData\Local\Research In Motion 2011-01-18 23:32:10 -------- d-----w- C:\PROGRA~3\Research In Motion 2011-01-16 17:29:10 513080 ----a-w- C:\windows\System32\drivers\sptd.sys 2011-01-16 17:27:44 -------- d-----w- C:\Program Files (x86)\LSoft Technologies Inc 2011-01-16 17:16:09 91568 ----a-w- C:\windows\System32\drivers\scdemu.sys 2011-01-16 17:16:09 -------- d-----w- C:\Program Files (x86)\PowerISO 2011-01-16 17:08:16 -------- d-----w- C:\Temp 2011-01-11 19:32:17 -------- d-----w- C:\Users\BOOSTM~1\AppData\Roaming\DVDVideoSoftIEHelpers 2011-01-11 19:32:10 -------- d-----w- C:\Program Files (x86)\DVDVideoSoft 2011-01-11 19:32:10 -------- d-----w- C:\Program Files (x86)\Common Files\DVDVideoSoft 2011-01-11 19:25:48 -------- d-----w- C:\Program Files (x86)\YouTube Downloader 2011-01-09 20:41:19 -------- d-----w- C:\Program Files\CCleaner 2011-01-06 19:19:49 -------- d-----w- C:\Users\BOOSTM~1\AppData\Local\Conduit 2011-01-06 19:19:49 -------- d-----w- C:\Program Files (x86)\Elf_1 2011-01-04 18:01:44 -------- d-----w- C:\Users\BOOSTM~1\AppData\Local\ElevatedDiagnostics ==================== Find3M ==================== 2011-01-13 08:47:35 38848 ----a-w- C:\windows\avastSS.scr 2011-01-13 08:37:23 62032 ----a-w- C:\windows\System32\drivers\aswMonFlt.sys 2010-12-20 23:08:40 24152 ----a-w- C:\windows\System32\drivers\mbam.sys 2010-11-13 01:07:45 675033 ----a-w- C:\windows\system\regsrv.exe 2010-11-13 01:07:38 659676 ----a-w- C:\windows\qbagent.exe 2010-11-12 23:53:06 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll 2010-11-04 06:35:53 1194496 ----a-w- C:\windows\System32\wininet.dll 2010-11-04 06:31:34 57856 ----a-w- C:\windows\System32\licmgr10.dll 2010-11-04 05:52:17 978944 ----a-w- C:\windows\SysWow64\wininet.dll 2010-11-04 05:48:36 44544 ----a-w- C:\windows\SysWow64\licmgr10.dll 2010-11-04 05:16:14 482816 ----a-w- C:\windows\System32\html.iec 2010-11-04 04:41:26 386048 ----a-w- C:\windows\SysWow64\html.iec 2010-11-04 04:35:37 1638912 ----a-w- C:\windows\System32\mshtml.tlb 2010-11-04 04:08:54 1638912 ----a-w- C:\windows\SysWow64\mshtml.tlb ============= FINISH: 12:29:33.58 =============== I have also attached the attach.txt and ark.txt files. Attach.txt ark.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.