Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 29

Thread: Laptop with Malware

  1. 2012-12-01, 00:14 #11
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    Removed Viewpoint Media Player

    Cant find a logfile for MBAM, not sure if it have been run, tell me if you want me to run it

    -------------------------------------------------------------------

    RogueKiller V8.3.1 [Nov 29 2012] by Tigzy
    mail : tigzyRK<at>gmail<dot>com
    Feedback : http://www.geekstogo.com/forum/files...3-roguekiller/
    Website : http://tigzy.geekstogo.com/roguekiller.php
    Blog : http://tigzyrk.blogspot.com/

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
    Started in : Normal mode
    User : TOJ [Admin rights]
    Mode : Scan -- Date : 12/01/2012 00:07:55

    ¤¤¤ Bad processes : 3 ¤¤¤
    [SUSP PATH] ouc.exe -- C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe -> KILLED [TermProc]
    [SUSP PATH] DCSHelper.exe -- C:\ProgramData\DatacardService\DCSHelper.exe -> KILLED [TermProc]
    [SUSP PATH] PLFSetI.exe -- C:\Windows\PLFSetI.exe -> KILLED [TermProc]

    ¤¤¤ Registry Entries : 9 ¤¤¤
    [RUN][SUSP PATH] HKLM\[...]\Run : PLFSetI (C:\Windows\PLFSetI.exe) -> FOUND
    [DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer (80.251.201.177 80.251.201.178) -> FOUND
    [DNS] HKLM\[...]\ControlSet002\Services\Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer (80.251.201.177 80.251.201.178) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRecentDocs (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyMusic (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowPrinters (0) -> FOUND
    [HJ SMENU] HKCU\[...]\Advanced : Start_ShowRun (0) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
    [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

    ¤¤¤ Particular Files / Folders: ¤¤¤

    ¤¤¤ Driver : [LOADED] ¤¤¤

    ¤¤¤ HOSTS File: ¤¤¤
    --> C:\Windows\system32\drivers\etc\hosts

    127.0.0.1 localhost
    ::1 localhost


    ¤¤¤ MBR Check: ¤¤¤

    +++++ PhysicalDrive0: Hitachi HTS545025B9A300 +++++
    --- User ---
    [MBR] 69f0e29f0fa680e3f4c1eff4b871c2fb
    [BSP] 0c08f6f11995d37a674b242a676a9a8c : Windows 7/8 MBR Code
    Partition table:
    0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10240 Mo
    1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 20973568 | Size: 228233 Mo
    User = LL1 ... OK!
    User = LL2 ... OK!

    Finished : << RKreport[1]_S_12012012_02d0007.txt >>
    RKreport[1]_S_12012012_02d0007.txt
  2. 2012-12-01, 02:35 #12
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Joshen ,

    I want you to update MBAM and run a scan.
    • Open MBAM and click on the Update tab, then Check for Updates.
    • When completed, go to back to the Scanner tab and select Perform full scan. Click Scan.
    • Leave the default options as it is and click on Start Scan.
    • If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process.
    • When done, you will be prompted. Click OK, then click on Show Results.
    • Check (tick) all items except items in the C:\System Volume Information folder and click on Remove Selected.
    • After it has removed the items, a log in Notepad will open. Please post this log in your next reply. You can also find the log in the Logs tab. The bottom most log is the latest.


    If asked to restart the computer, please do so. Failure to reboot will prevent MBAM from removing all the malware. If you receive an (Error Loading) error on reboot, please reboot a second time . It is normal for this error to occur once and does not need to be reported unless it returns on future reboots.

    --------------------

    Please post back:
    1. MBAM report
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  3. 2012-12-01, 09:36 #13
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    Scanning in progress.
    For future usage, is MBAM a good and useful tool that should be used on a regular basics? There are a lot of these programs out there. Is the free version good enough or would you recommend to by the full one?
    Will post the results as soon as its done!
  4. 2012-12-01, 11:04 #14
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    Result as requested

    Malwarebytes Anti-Malware (Testversion) 1.65.1.1000
    www.malwarebytes.org

    Databasversion: v2012.12.01.04

    Windows 7 Service Pack 1 x86 NTFS
    Internet Explorer 8.0.7601.17514
    TOJ :: MAGGIE2 [administratör]

    Skydd: Inaktiverad

    2012-12-01 09:20:06
    mbam-log-2012-12-01 (09-20-06).txt

    Skanningstyp: Fullständig skanning (C:\|)
    Aktiverade skanningsalternativ: Minne | Start | Register | Filsystem | Heuristik/Extra | Heuristik/Shuriken | PUP | PUM
    Inaktiverade skanningsalternativ: P2P
    Antal skannade objekt: 319797
    Förfluten tid: 1 timme(ar), 21 minut(er), 27 sekund(er)

    Upptäckta minnesprocesser: 0
    (Inga skadliga poster hittades)

    Upptäckta minnesmoduler: 0
    (Inga skadliga poster hittades)

    Upptäckta registernycklar: 27
    HKLM\SYSTEM\CurrentControlSet\Services\MyWebSearchService (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\CLSID\{147A976F-EEE1-4377-8EA7-4716E4CDD239} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\CLSID\{1E0DE227-5CE4-4ea3-AB0C-8B03E1AA76BC} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Typelib\{D518921A-4A03-425E-9873-B9A71756821E} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Typelib\{E47CAEE0-DEEA-464A-9326-3F2801535A4D} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Interface\{3E1656ED-F60E-4597-B6AA-B6A58E171495} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Typelib\{F42228FB-E84E-479E-B922-FBBD096E792C} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCR\Interface\{6E74766C-4D93-4CC0-96D1-47B8E07FF9CA} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256A51-B582-467e-B8D4-7786EDA79AE0} (Trojan.Vundo) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59C7FC09-1C83-4648-B3E6-003D2BBC7481} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68AF847F-6E91-45dd-9B68-D6A12C30E5D7} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170B96C-28D4-4626-8358-27E6CAEEF907} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D1A71FA0-FF48-48dd-9B6D-7A13A3E42127} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DDB1968E-EAD6-40fd-8DAE-FF14757F60C7} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F138D901-86F0-4383-99B6-9CDD406036DA} (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCU\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\FocusInteractive (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Fun Web Products (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\MyWebSearch (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Office\Outlook\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Office\Word\Addins\MyWebSearch.OutlookAddin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\MozillaPlugins\@mywebsearch.com/Plugin (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

    Upptäckta registervärden: 5
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
    HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{00A6FAF6-072E-44cf-8957-5838F569A31D} (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Windows Media\WMSDK\Sources|f3PopularScreensavers (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform|FunWebProducts (PUP.MyWebSearch) -> Data: -> Sattes i karantän och togs bort.
    HKLM\SOFTWARE\Mozilla\Firefox\Extensions|m3ffxtbr@mywebsearch.com (PUP.MyWebSearch) -> Data: C:\Program Files\MyWebSearch\bar\1.bin -> Sattes i karantän och togs bort.

    Upptäckta registerdataposter: 0
    (Inga skadliga poster hittades)

    Upptäckta mappar: 15
    C:\Program Files\FunWebProducts (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\FunWebProducts\ScreenSaver (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\FunWebProducts\ScreenSaver\Images (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
    C:\Program Files\MyWebSearch\bar (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
    C:\Program Files\MyWebSearch\bar\1.bin (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
    C:\Program Files\MyWebSearch\bar\1.bin\chrome (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Avatar (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Game (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\History (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Message (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Overlay (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Settings (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

    Upptäckta filer: 50
    C:\Program Files\MyWebSearch\bar\1.bin\MWSSVC.EXE (PUP.MyWebSearch) -> Ta bort vid nästa datorstart.
    C:\Program Files\MyWebSearch\bar\1.bin\F3CJPEG.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3DTACTL.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HISTSW.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3HTTPCT.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3IMSTUB.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3PSSAVR.SCR (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3REGHK.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3RESTUB.DLL (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\M3HIGHIN.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\M3HTML.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\M3IMPIPE.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\M3MSG.DLL (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\M3SKPLAY.EXE (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Program Files\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Sattes i karantän och togs bort.
    C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3SPACER.WMV (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\CHROME.MANIFEST (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3BKGERR.JPG (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\F3WALLPP.DAT (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\FWPBUDDY.PNG (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\INSTALL.RDF (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Avatar\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Game\CHECKERS.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Game\CHESS.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Game\REVERSI.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\CM.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\MFC.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\PSS.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\SMILEY.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\WB.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\icons\ZWINKY.ICO (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Message\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\DOG.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\FISH.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\KUNGFU.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\LIFEGARD.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\MAID.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\MAILBOX.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\OPERA.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\ROBOT.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\SEDUCT.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Notifier\SURFER.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Overlay\COMMON.F3S (PUP.MyWebSearch) -> Sattes i karantän och togs bort.
    C:\Program Files\MyWebSearch\bar\Settings\s_pid.dat (PUP.MyWebSearch) -> Sattes i karantän och togs bort.

    (klar)
  5. 2012-12-01, 14:39 #15
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Joshen ,

    I have the full version of MBAM. It offers real time protection and is a good security program to have. The free version does not have the real time protection. Alternatively, you can also consider Spybot 2.0. Well, I will provide some recommendations related to security programs when we are done.

    --------------------

    Do an online scan with ESET Online Scanner.
    Please be patient as scanning will take quite some time. If you have problem running the scan, you might want to disable any real time protection that you have.
    • Click here to go to ESET Online Scanner page.
    • Click on Run ESET Online Scanner. A new window will open.
      For FireFox user, you will need to download and install esetsmartinstaller_enu.exe. Click on it and save the file to a convenient location. Double click on it to install and a new window will open.
    • After reading through the Terms of Use, check YES, I accept the Terms of Use and click Start to begin scan.
    • You will be prompted to install an ActiveX Control from ESET. Please install.
    • At the Computer scan settings section, uncheck (untick) Remove found threats. <-- Important, do not remove anything yet.
    • Then, check Scan archives.
    • Now, click on Advanced settings and make sure all these are checked:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology
    • Click on Scan to proceed.
    • When done, the scan result will be shown. Look for C:\Program Files\ESET\ESET Online Scanner\log.txt and open the file.
    • Post the contents in your reply.


    If the contents of log.txt do not reflect what is shown in the result window, click on List of found threats, then Export to text file..., save a file and post that instead.

    --------------------

    Please post back:
    1. ESET result
    2. how is the computer now?
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  6. 2012-12-01, 18:13 #16
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    Scan resulted in

    C:\Users\TOJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7850180f-46ea7c8b a variant of Java/Exploit.Agent.NDH trojan


    About the status, i will try it for 24h and come back with a verdict.
    The freezing can occur at any time.
    It worse when we use files on the net at home, but we will try that to tomorrow evening and get back to you.

    Thanks a lot for your help so far
  7. 2012-12-02, 08:07 #17
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Joshen ,

    I am glad to help out.

    This file is located in the Java cache:
    C:\Users\TOJ\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\7850180f-46ea7c8b

    You can clear it off by going to Start > Control Panel, then open Java. If the View by: settings is Category, you need to click on Programs first to access Java.

    On the Java Control Panel, click on Settings... under the Temporary Internet Files title, follow by Delete Files....

    --------------------

    While you are checking if the computer is OK, continue with the below steps.

    Please download ATF (Atribune Temp File) Cleaner© by Atribune from one of the links below and save it to your desktop.

    Link 1
    Link 2

    Run ATF Cleaner
    • Exit all browsers.
    • Double-click ATF Cleaner.exe to open it.
    • Click Run if prompted.
    • At the bottom of the list, check (tick) Select All.
    • Note: If you would like to keep your cookies, please uncheck this option as it will remove all cookies, including the useful ones you may want to keep.
    • Then click the Empty Selected button.
    • Firefox:
      • Click Firefox at the top and choose: Select All. Uncheck the cookies option if you want to keep them.
      • Click the Empty Selected button.
      • Note: If you would like to keep your saved passwords, please click No at the prompt.
    • Click Exit on the Main menu to close the program.


    --------------------

    Please post back:
    1. how is the computer now?
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  8. 2012-12-03, 05:37 #18
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    It seams to be a lot better, we had some freezing when looking at a movie over the local net but i increased the video buffer from 10 to 20 sec and not it seams to work fine.

    I think your help have done it
  9. 2012-12-03, 06:13 #19
    Jack&Jill
    Jack&Jill is offline
    Security Expert- Emeritus
    Join Date
    Aug 2008
    Location
    South East Asia
    Posts
    725

    Default

    Hello Joshen ,

    Good to hear that.

    Please run DDS again and post back fresh logs.
    Jack&Jill
    MRU Teacher of Malware Removal University.
    Member of ASAP and UNITE.

    Your donation helps in improving Spybot-S&D!
  10. 2012-12-03, 12:00 #20
    Joshen
    Joshen is offline
    Member
    Join Date
    Jan 2007
    Location
    Sweden
    Posts
    49

    Default

    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_37
    Run by TOJ at 11:57:38 on 2012-12-03
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.46.1053.18.3067.1884 [GMT 1:00]
    .
    AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
    SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
    C:\ProgramData\DatacardService\HWDeviceService.exe
    C:\Windows\system32\Dwm.exe
    C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
    C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
    C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
    C:\Windows\Explorer.EXE
    C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe
    C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
    C:\ProgramData\DatacardService\DCSHelper.exe
    C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
    C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
    C:\Program Files\Acer\Acer VCM\RS_Service.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent.exe
    C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
    C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
    C:\Windows\PLFSetI.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Program Files\Launch Manager\LManager.exe
    C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\System32\svchost.exe -k LocalServicePeerNet
    C:\Windows\System32\svchost.exe -k secsvcs
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.se/
    uSearch Bar = hxxp://www.google.com/ie
    uSearch Page = hxxp://www.google.com
    uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
    mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
    mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=041d&s=2&o=vp32&d=0909&m=extensa_5635zg
    uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre6\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Windows Live inloggningshjälpen: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.7529.1424\swg.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
    mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
    mRun: [cAudioFilterAgent] c:\program files\conexant\caudiofilteragent\cAudioFilterAgent.exe
    mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
    mRun: [PLFSetI] c:\windows\PLFSetI.exe
    mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
    mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun: [LManager] c:\program files\launch manager\LManager.exe
    mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [LogMeIn GUI] "c:\program files\logmein\x86\LogMeInSystray.exe"
    mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    StartupFolder: c:\users\toj\appdata\roaming\micros~1\windows\startm~1\programs\system\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe
    mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: E&xportera till Microsoft Excel - c:\progra~1\micros~3\office11\EXCEL.EXE/3000
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
    DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} - hxxps://components.viewpoint.com/MTSInstallers/MetaStream3.cab?url=http://vbb.timantti.com/regal20/configurator/default.aspx?locale=2
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
    DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
    TCP: NameServer = 192.168.0.1 195.67.199.24 195.67.199.25
    TCP: Interfaces\{C9F5C0CF-4CEF-47AE-AD56-D5ACF7FFBA27} : NameServer = 80.251.201.177 80.251.201.178
    TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1} : DHCPNameServer = 192.168.0.1 195.67.199.24 195.67.199.25
    TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323 : DHCPNameServer = 192.168.2.1
    TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\2456C6B696E6E243835323E2765756374737 : DHCPNameServer = 192.168.169.1
    TCP: Interfaces\{D5083B63-4034-4EC5-B6BF-BF19846491E1}\3556D636F6E6F57457563747 : DHCPNameServer = 193.15.96.31 193.15.96.40
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\
    FF - prefs.js: browser.startup.homepage - hxxp://www.google.se/firefox
    FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZVfox000&ptb=bOCtkLVEHd4J9hylyuvf_w&ind=2010121907&ptnrS=ZVfox000&si=&n=77d006b3&psa=&st=kwd&searchfor=
    FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre6\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\toj\appdata\locallow\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\{195a3098-0bd5-4e90-ae22-ba1c540afd1e}\plugins\npGarmin.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_110.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - plugin: c:\windows\system32\NPSWF32.dll
    FF - ExtSQL: 2012-10-27 09:46; en-GB@dictionaries.addons.mozilla.org; c:\users\toj\appdata\roaming\mozilla\firefox\profiles\omj2hlen.default\extensions\en-GB@dictionaries.addons.mozilla.org
    FF - ExtSQL: 2012-10-27 09:49; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: 2012-11-17 11:18; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
    .
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-10-27 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-10-27 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-10-27 21256]
    R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-27 58680]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-16 44808]
    R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-9-4 727584]
    R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\datacardservice\HWDeviceService.exe [2011-3-14 271712]
    R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2011-12-7 374152]
    R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2011-9-16 12856]
    R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-12-17 47640]
    R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-11-30 399432]
    R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-11-30 676936]
    R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
    R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-17 11032]
    R2 RS_Service;Raw Socket Service;c:\program files\acer\acer vcm\RS_Service.exe [2009-5-16 237568]
    R3 huawei_enumerator;huawei_enumerator;c:\windows\system32\drivers\ew_jubusenum.sys [2012-5-5 73216]
    R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C62x86.sys [2009-11-13 58368]
    R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-11-30 22856]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\mobile partner\updatedog\ouc.exe [2012-5-5 246112]
    S2 ugiipqd;Unigraphics Plot Server (ugiipqd);c:\ugs180\plot\ugiipqd.exe --> c:\ugs180\plot\ugiipqd.exe [?]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
    S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\drivers\ew_hwusbdev.sys [2012-5-5 102784]
    S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\drivers\ew_usbenumfilter.sys [2012-5-5 11136]
    S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\drivers\ewusbwwan.sys [2012-5-5 349184]
    S3 GoogleDesktopManager-051210-111108;Google Desktop-hanteraren 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2009-5-16 30192]
    S3 hwdatacard;Huawei DataCard USB Modem and USB Serial;c:\windows\system32\drivers\ewusbmdm.sys [2012-5-5 194816]
    S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
    S3 Revoflt;Revoflt;c:\windows\system32\drivers\revoflt.sys [2012-11-18 27192]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-7-4 52224]
    S3 WatAdminSvc;Aktiveringsteknologier för Windows-tjänst;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-21 1343400]
    S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-14 20480]
    .
    =============== Created Last 30 ================
    .
    2012-12-02 19:22:23 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d839f5fb-8111-4e34-9277-14440beff14d}\offreg.dll
    2012-12-01 15:15:10 -------- d-----w- c:\program files\ESET
    2012-11-30 23:12:13 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{d839f5fb-8111-4e34-9277-14440beff14d}\mpengine.dll
    2012-11-30 22:58:34 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-11-30 22:58:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2012-11-29 04:36:47 -------- d-----w- C:\MGADiagToolOutput
    2012-11-19 16:11:31 -------- d-----w- c:\programdata\Spybot - Search & Destroy
    2012-11-19 16:11:31 -------- d-----w- c:\program files\Spybot - Search & Destroy
    2012-11-18 17:15:34 -------- d-----w- c:\users\toj\appdata\local\VS Revo Group
    2012-11-18 17:15:27 27192 ----a-w- c:\windows\system32\drivers\revoflt.sys
    2012-11-18 17:15:25 -------- d-----w- c:\program files\VS Revo Group
    2012-11-18 17:00:43 -------- d-----w- c:\users\toj\appdata\roaming\Malwarebytes
    2012-11-18 17:00:33 -------- d-----w- c:\programdata\Malwarebytes
    2012-11-17 10:18:49 477168 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-11-16 05:00:22 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
    2012-11-16 05:00:21 9728 ----a-w- c:\windows\system32\Wdfres.dll
    2012-11-16 05:00:21 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
    2012-11-16 04:59:18 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2012-11-16 04:59:18 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2012-11-16 04:59:13 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
    2012-11-16 04:59:13 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2012-11-16 04:59:06 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2012-11-16 04:59:05 613888 ----a-w- c:\windows\system32\WUDFx.dll
    2012-11-16 04:59:05 196608 ----a-w- c:\windows\system32\WUDFHost.exe
    2012-11-15 17:24:36 156672 ----a-w- c:\windows\system32\ncsi.dll
    2012-11-15 17:24:36 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-11-15 17:24:35 52224 ----a-w- c:\windows\system32\nlaapi.dll
    2012-11-15 17:24:35 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
    2012-11-15 17:24:35 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
    2012-11-15 17:24:35 242176 ----a-w- c:\windows\system32\nlasvc.dll
    2012-11-15 17:24:35 18944 ----a-w- c:\windows\system32\netevent.dll
    2012-11-15 17:24:35 175104 ----a-w- c:\windows\system32\netcorehc.dll
    2012-11-15 17:24:25 78336 ----a-w- c:\windows\system32\synceng.dll
    2012-11-15 17:24:06 2345984 ----a-w- c:\windows\system32\win32k.sys
    2012-11-15 17:23:58 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
    2012-11-15 17:23:58 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
    .
    ==================== Find3M ====================
    .
    2012-11-21 19:40:36 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-21 19:40:36 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-11-17 10:18:34 473072 ----a-w- c:\windows\system32\deployJava1.dll
    2012-10-30 22:51:58 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2012-10-30 22:51:57 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2012-10-30 22:51:07 41224 ----a-w- c:\windows\avastSS.scr
    2012-10-16 07:39:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
    2012-10-15 16:59:28 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    .
    ============= FINISH: 11:58:24,91 ===============
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules