Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

rkit/hider.lki


  • This topic is locked This topic is locked
1 reply to this topic

#1 the_r_sole

the_r_sole

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:50 PM

Posted 21 February 2013 - 01:20 PM

so recently I decided to try out a new av (avira) and have now got the above in my system...

 

here is the dds log info

 

cheers for any help with this

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 9.0.8112.16464  BrowserJavaVersion: 10.9.2
Run by Bari at 18:09:38 on 2013-02-21
Microsoft Windows 7 Professional   6.1.7601.1.1252.44.1033.18.8189.7209 [GMT 0:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\regedit.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.uk/
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: HistoryTriggerBHO Class: {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll
BHO: PlusIEEventHelper Class: {551A852F-39A6-44A7-9C13-AFBEC9185A9D} - C:\Program Files (x86)\Nuance\PDF Viewer Plus\bin\PlusIEContextMenu.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
uRun: [Google Update] "C:\Users\Bari\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [MusicManager] "C:\Users\Bari\AppData\Local\Programs\Google\MusicManager\MusicManager.exe"
uRun: [Spotify Web Helper] "C:\Users\Bari\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [MbaCxbms] C:\Users\Bari\AppData\Local\euipnbdf\mbacxbms.exe
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe /autorun
mRun: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [BingDesktop] C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
StartupFolder: C:\Users\Bari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbacxbms.exe
StartupFolder: C:\Users\Bari\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SKYPEM~1.LNK - C:\Program Files (x86)\SkypeMate\SkypeMate.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\GOOGLE~1.LNK - C:\Program Files (x86)\Google\Google Calendar Sync\GoogleCalendarSync.exe
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert link target to existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
Trusted Zone: landmarkinfo.co.uk
Trusted Zone: landmarkinfo.co.uk
Trusted Zone: promap.co.uk
Trusted Zone: promap.co.uk
Trusted Zone: promapserver.co.uk
Trusted Zone: promapserver.co.uk
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1C11B948-582A-433F-A98D-A8C4D5CC64F2} - hxxp://kitchenplanner.ikea.com/gb/Core/Player/2020PlayerAX_Win32.cab
DPF: {644F656A-013E-4198-BE03-1D7A4F6AB550} - hxxps://www.promapserver.co.uk/controls/latest/promap.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{8A3F56E5-049D-4EBA-8BEF-8C999ADE4B58} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{A62953E2-8B63-4FC9-ACB7-EF88117A9070} : DHCPNameServer = 8.8.8.8
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Bari\AppData\Roaming\Mozilla\Firefox\Profiles\flmpqsag.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Veetle\Player\npvlc.dll
FF - plugin: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll
FF - plugin: C:\Program Files (x86)\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Bari\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Users\Bari\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.autoDisableScopes - 14
.
.
============= SERVICES / DRIVERS ===============
.
R3 lgbusenum;LG Bluetooth Bus Enumerator;C:\Windows\System32\drivers\lgbtbs64.sys [2009-9-29 14848]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2010-9-23 239616]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-9-23 38456]
S1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2013-2-21 27800]
S2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-2-21 86752]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-2-21 110816]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2013-2-21 99912]
S2 BingDesktopUpdate;Bing Desktop Update service;C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [2013-1-25 166408]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 ES lite Service;ES lite Service for program management.;C:\Program Files (x86)\Gigabyte\EasySaver\essvr.exe [2010-9-23 68136]
S2 PDFProFiltSrvPP;PDFProFiltSrvPP;C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [2010-3-8 144672]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-1-8 161536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824]
S2 TVService;TVService;C:\Program Files (x86)\Team MediaPortal\MediaPortal TV Server\TvService.exe [2011-2-24 196608]
S3 Adobe Version Cue CS4;Adobe Version Cue CS4;C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2008-8-15 288112]
S3 Andbus;LGE Android Platform Composite USB Device;C:\Windows\System32\drivers\lgandbus64.sys [2013-1-10 19456]
S3 AndDiag;LGE Android Platform USB Serial Port;C:\Windows\System32\drivers\lganddiag64.sys [2013-1-10 27648]
S3 AndGps;LGE Android Platform USB GPS NMEA Port;C:\Windows\System32\drivers\lgandgps64.sys [2013-1-10 27136]
S3 ANDModem;LGE Android Platform USB Modem;C:\Windows\System32\drivers\lgandmodem64.sys [2013-1-10 34304]
S3 androidusb;ADB Interface Driver;C:\Windows\System32\drivers\lgandadb.sys [2013-1-10 31744]
S3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-8-7 245760]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-9-23 1431888]
S3 ggflt;SEMC USB Flash Driver Filter;C:\Windows\System32\drivers\ggflt.sys [2012-10-16 14448]
S3 LgBttPort;LGE Bluetooth TransPort;C:\Windows\System32\drivers\lgbtpt64.sys [2009-9-29 16384]
S3 LGVMODEM;LGE Virtual Modem;C:\Windows\System32\drivers\lgvmdm64.sys [2009-9-29 17408]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-10-16 155320]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-2-15 52736]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-23 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS4\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-02-21 16:26:36 98764 --s---w- C:\Users\Bari\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mbacxbms.exe
2013-02-21 16:26:36 -------- d-----w- C:\Users\Bari\AppData\Local\euipnbdf
2013-02-21 16:00:38 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2013-02-21 15:56:03 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2013-02-21 15:56:01 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDE83871-E238-4387-8EF5-AD7875D3A4B7}\mpengine.dll
2013-02-21 09:27:17 -------- d-----w- C:\Users\Bari\AppData\Roaming\Avira
2013-02-21 09:23:40 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2013-02-21 09:23:40 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2013-02-21 09:23:40 -------- d-----w- C:\ProgramData\Avira
2013-02-21 09:23:40 -------- d-----w- C:\Program Files (x86)\Avira
2013-02-15 15:49:50 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-15 15:49:50 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 20:59:01 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-02-13 20:59:00 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-02-13 20:59:00 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-02-13 20:58:53 3153408 ----a-w- C:\Windows\System32\win32k.sys
2013-02-13 20:58:52 215040 ----a-w- C:\Windows\System32\winsrv.dll
2013-02-13 20:58:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-02-13 20:58:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-02-13 20:58:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-02-13 20:58:51 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-02-13 20:58:50 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-02-13 20:58:46 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2013-02-13 20:58:46 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-01-29 18:15:06 862664 ----a-w- C:\Windows\SysWow64\msvcr110.dll
2013-01-29 18:15:06 828872 ----a-w- C:\Windows\System32\msvcr110.dll
2013-01-29 18:15:06 661448 ----a-w- C:\Windows\System32\msvcp110.dll
2013-01-29 18:15:06 534480 ----a-w- C:\Windows\SysWow64\msvcp110.dll
2013-01-29 18:15:06 354264 ----a-w- C:\Windows\System32\vccorlib110.dll
2013-01-29 18:15:06 251864 ----a-w- C:\Windows\SysWow64\vccorlib110.dll
2013-01-29 18:15:04 50800 ----a-w- C:\Windows\System32\drivers\point64.sys
2013-01-28 09:43:14 96664 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2013-01-28 09:43:14 170232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2013-01-25 11:45:42 2551808 ----a-w- C:\ProgramData\Microsoft\BingDesktop\Updater\BingDesktop.msi
2013-01-24 10:32:08 2177648 ----a-w- C:\Windows\System32\coin93.dll
.
==================== Find3M  ====================
.
2013-02-21 17:44:21 25640 ----a-w- C:\Windows\gdrv.sys
2013-02-18 08:36:56 71024 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-18 08:36:56 691568 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 01:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe
2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll
2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll
2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-14 16:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll
2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs
2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs
2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs
2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs
2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs
2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs
2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs
2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs
2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs
2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
1998-04-27 00:00:00 570128 ----a-w- C:\Program Files (x86)\Common Files\DAO350.DLL
.
============= FINISH: 18:10:52.18 ===============
Attached File  attach.txt   21.33KB   0 downloads



BC AdBot (Login to Remove)

 


#2 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:09:50 PM

Posted 21 February 2013 - 03:32 PM

Duplicate of this topic - i've locked this one.


So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users