Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Started with Secure Protection, now? Who knows?


  • This topic is locked This topic is locked
2 replies to this topic

#1 g0dsweed

g0dsweed

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 03 September 2011 - 11:35 PM

Running Windows Vista Home Premium SP2 Dell Laptop. Problem started with severe Secure Protection infestation. Tried the following all with no success: MBAM, EST online, Emsisoft online, Stinger, Panda online and Super Anti Spyware. Anti roots all failed or found nothing, including Sophos, Rkill and TDSKiller.

Finally resorted to Linux kernel based Avira rescue CD. Found 18 infections, some were renamed others stated "archive scan abort". I can probably provide that log if wanted. System now will now boot into normal mode but immediately crashes--strange crash though, it just freezes, no BSOD, no warning, nothing.

So, Secure Protection seems to be gone but the PC is still inoperable. Safe mode with networking is fine, but still crashes when I try to run MBAM full scan and Super Anti-Spyware. Again, this is not BSOD crash just stops running. It will run fine (in safe mode) as long as I do not run AV or anti-spyware.

Having said all that, the DDS log I post will be from safe mode. GMER log is empty...

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2011-09-04 00:29:00
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 TOSHIBA_ rev.FG00
Running: zq4heu2u.exe; Driver: C:\Users\Melody\AppData\Local\Temp\axdiypog.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----

.
DDS (Ver_2011-06-23.01) - NTFSx86 NETWORK
Internet Explorer: 8.0.6001.19120
Run by Melody at 0:30:49 on 2011-09-04
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3070.1795 [GMT -4:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Users\Melody\Desktop\New Folder (2)\zq4heu2u.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s%s
mURLSearchHooks: Free Game Bar Toolbar: {6f094b04-2c69-4ff3-ac74-d9716e97e296} -
mURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - AskBar BHO
BHO: StartNow Toolbar Helper: {6e13d095-45c3-4271-9475-f3b48227dd9f} - c:\program files\startnow toolbar\Toolbar32.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: {6f094b04-2c69-4ff3-ac74-d9716e97e296} - Free Game Bar Toolbar
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn\YTSingleInstance.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn\yt.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} -
TB: Free Game Bar Toolbar: {6f094b04-2c69-4ff3-ac74-d9716e97e296} -
TB: StartNow Toolbar: {5911488e-9d1e-40ec-8cbb-06b231cc153f} - c:\program files\startnow toolbar\Toolbar32.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [Apoint] c:\program files\delltpad\Apoint.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [QuickSet] c:\program files\dell\quickset\QuickSet.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [Dell DataSafe Online] "c:\program files\dell datasafe online\DataSafeOnline.exe" /m
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [dellsupportcenter] "c:\program files\dell support center\bin\sprtcmd.exe" /P dellsupportcenter
mRun: [Malwarebytes' Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
mRun: [SysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRunOnce: [Launcher] c:\program files\dell datasafe local backup\components\scheduler\Launcher.exe
StartupFolder: c:\users\melody\appdata\roaming\micros~1\windows\startm~1\programs\startup\delldo~1.lnk - c:\program files\dell\delldock\DellDock.exe
StartupFolder: c:\users\melody\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: &Search
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {6F15128C-E66A-490C-B848-5000B5ABEEAC} - hxxps://h20436.www2.hp.com/ediags/dex/secure/HPDEXAXO.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} - hxxp://ax.emsisoft.com/emsisoft_webscan.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{B906934D-E257-4FDA-AAF1-D5888817677A} : DhcpNameServer = 192.168.2.1
TCP: Interfaces\{EEE3D101-2C3F-4DDD-85BD-2DE0C1DC3FD7} : DhcpNameServer = 192.168.2.1
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
Notify: GoToAssist - c:\program files\citrix\gotoassist\514\G2AWinLogon.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\melody\appdata\roaming\mozilla\firefox\profiles\b7ldisyf.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z192&install_date=20110902
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?pc=Z192&form=ZGAADF&install_date=20110902&q=
FF - plugin: c:\program files\google\update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\melody\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: StartNow Toolbar: {5911488E-9D1E-40ec-8CBB-06B231CC153F} - %profile%\extensions\{5911488E-9D1E-40ec-8CBB-06B231CC153F}
.
============= SERVICES / DRIVERS ===============
.
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
S0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [2011-9-2 28552]
S1 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-7-8 214664]
S1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 165648]
S1 MpKsl1bda4cb6;MpKsl1bda4cb6;c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKsl1bda4cb6.sys [2011-9-3 28752]
S1 MpKsl4d922012;MpKsl4d922012;c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKsl4d922012.sys [2011-9-3 28752]
S1 MpKslbc94a167;MpKslbc94a167;c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKslbc94a167.sys [2011-9-3 28752]
S1 MpKslbd1a3444;MpKslbd1a3444;c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKslbd1a3444.sys [2011-9-3 28752]
S1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
S1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\driverstore\filerepository\stwrt.inf_f6ef8056\AEstSrv.exe [2009-9-1 81920]
S2 ASKUpgrade;ASKUpgrade; [x]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 DockLoginService;Dock Login Service;c:\program files\dell\delldock\DockLogin.exe [2008-12-18 155648]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 gupdate1ca39488b3c16c0;Google Update Service (gupdate1ca39488b3c16c0);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S2 McShield;McAfee Real-time Scanner; [x]
S2 SftService;SoftThinks Agent Service;c:\program files\dell datasafe local backup\SftService.exe [2009-9-2 658656]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2010\TuneUpUtilitiesService32.exe [2010-2-2 1043784]
S2 Updater Service for StartNow Toolbar;Updater Service for StartNow Toolbar;c:\program files\startnow toolbar\ToolbarUpdaterService.exe [2011-7-27 267488]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx32coinst,serviceStartProc --> RUNDLL32.EXE ykx32coinst,serviceStartProc [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-9-19 133104]
S3 McSysmon;McAfee SystemGuards; [x]
S3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\68B2.tmp [2011-9-2 6144]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-9-2 79816]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-9-2 35272]
S3 mferkdk;McAfee Inc. mferkdk;c:\windows\system32\drivers\mferkdk.sys [2009-9-2 34248]
S3 mfesmfk;McAfee Inc. mfesmfk;c:\windows\system32\drivers\mfesmfk.sys [2009-9-2 40552]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\drivers\MpNWMon.sys [2011-4-18 43392]
S3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2011-4-27 65024]
S3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\antimalware\NisSrv.exe [2011-4-27 208944]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2010\TuneUpUtilitiesDriver32.sys [2009-10-14 10064]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\drivers\WSDPrint.sys [2008-1-20 16896]
.
=============== Created Last 30 ================
.
2011-09-03 23:08:31 -------- d-sh--w- C:\found.004
2011-09-03 22:50:00 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKsl4d922012.sys
2011-09-03 17:54:38 -------- d-----w- C:\7920f18969ee5d304635
2011-09-03 17:42:50 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKslbc94a167.sys
2011-09-03 06:15:04 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKslbd1a3444.sys
2011-09-03 05:55:23 28752 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\MpKsl1bda4cb6.sys
2011-09-03 01:02:40 28552 ----a-w- c:\windows\system32\drivers\pavboot.sys
2011-09-03 01:02:38 -------- d-----w- c:\program files\Panda Security
2011-09-02 22:37:59 -------- d-----w- c:\program files\StartNow Toolbar
2011-09-02 04:16:45 6144 ------w- c:\windows\system32\68B2.tmp
2011-09-02 04:16:33 6144 ------w- c:\windows\system32\3967.tmp
2011-09-02 04:16:26 -------- d-----w- c:\program files\Sophos
2011-09-02 04:11:15 -------- d-----w- c:\program files\Trend Micro
2011-09-01 15:47:55 -------- d-----w- c:\users\melody\appdata\roaming\SUPERAntiSpyware.com
2011-09-01 15:47:49 -------- d-----w- c:\programdata\!SASCORE
2011-09-01 15:47:47 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2011-09-01 15:47:47 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-08-31 22:08:46 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2011-08-31 14:21:56 -------- d-sh--w- C:\found.003
2011-08-31 09:26:21 439632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{7e4268e8-532f-4f16-9105-0d5a9d577b9b}\gapaengine.dll
2011-08-31 09:25:38 7152464 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{364cfe48-b24e-4272-9252-0dbcb6852d20}\mpengine.dll
2011-08-31 09:20:21 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-31 09:19:20 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2011-08-31 09:03:43 -------- d-----w- c:\program files\Windows Portable Devices
2011-08-31 08:58:57 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2011-08-31 08:58:56 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2011-08-31 08:58:56 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2011-08-31 08:58:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2011-08-31 08:58:00 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2011-08-31 08:58:00 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2011-08-31 08:58:00 252928 ----a-w- c:\windows\system32\dxdiag.exe
2011-08-31 08:58:00 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2011-08-31 08:58:00 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2011-08-31 08:56:01 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2011-08-31 08:56:01 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2011-08-31 08:56:01 234496 ----a-w- c:\windows\system32\oleacc.dll
2011-08-31 08:46:49 7152464 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{132a3c49-78aa-4a62-9b3d-d50f9fd7c1c0}\mpengine.dll
2011-08-31 08:31:34 2048 ----a-w- c:\windows\system32\tzres.dll
2011-08-31 08:31:23 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat
2011-08-31 08:31:14 3602832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2011-08-31 08:31:14 3550096 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-08-31 08:31:13 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-08-31 08:31:04 49152 ----a-w- c:\windows\system32\csrsrv.dll
2011-08-31 08:30:56 375808 ----a-w- c:\windows\system32\winsrv.dll
2011-08-31 08:30:53 2043392 ----a-w- c:\windows\system32\win32k.sys
2011-08-31 08:30:52 758784 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2011-08-31 08:30:51 913296 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-31 08:30:51 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2011-08-31 08:30:45 214016 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-08-31 08:27:20 231424 ----a-w- c:\windows\system32\msshsq.dll
2011-08-31 08:21:00 276992 ----a-w- c:\windows\system32\schannel.dll
2011-08-31 07:40:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-08-31 07:29:32 -------- d-----w- c:\windows\system32\eu-ES
2011-08-31 07:29:32 -------- d-----w- c:\windows\system32\ca-ES
2011-08-31 07:29:31 -------- d-----w- c:\windows\system32\vi-VN
2011-08-31 07:01:22 -------- d-----w- c:\windows\system32\EventProviders
2011-08-31 05:44:35 7680 ----a-w- c:\program files\internet explorer\iecompat.dll
2011-08-31 05:42:59 521216 ----a-w- c:\program files\internet explorer\jsdbgui.dll
2011-08-31 05:39:47 273408 ----a-w- c:\windows\system32\drivers\afd.sys
2011-08-31 05:39:44 75264 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-08-31 05:39:43 739328 ----a-w- c:\windows\system32\inetcomm.dll
2011-08-31 05:39:41 146432 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-08-31 05:39:41 102400 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-08-31 05:39:24 563712 ----a-w- c:\windows\system32\oleaut32.dll
2011-08-31 05:38:55 79872 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-08-31 05:38:55 106496 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-08-31 05:30:27 -------- d-----w- c:\windows\7E7D778E121D4BBDBA29FAA81B9FBD8C.TMP
2011-08-31 03:09:52 -------- d-----w- c:\program files\ESET
2011-08-31 03:04:13 -------- d-----w- c:\users\melody\appdata\roaming\AusLogics
2011-08-31 03:03:26 -------- d-----w- c:\program files\Auslogics
2011-08-30 23:42:31 -------- d-----w- c:\users\melody\appdata\roaming\Malwarebytes
2011-08-30 23:42:07 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-30 23:42:06 -------- d-----w- c:\programdata\Malwarebytes
2011-08-30 23:42:03 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-30 23:42:03 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
.
==================== Find3M ====================
.
2011-07-23 11:04:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-07-23 11:00:05 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-07-23 10:59:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-07-23 10:59:34 71680 ----a-w- c:\windows\system32\iesetup.dll
2011-07-23 10:59:34 109056 ----a-w- c:\windows\system32\iesysprep.dll
2011-07-23 10:03:47 385024 ----a-w- c:\windows\system32\html.iec
2011-07-23 09:27:04 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2011-07-23 09:25:38 1638912 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 0:31:18.17 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 g0dsweed

g0dsweed
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 06 September 2011 - 01:58 AM

Moderator can close this topic. Problem has been resolved.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,577 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:49 PM

Posted 06 September 2011 - 04:29 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users