We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
We're aware that some users are experiencing technical issues which the team are working to resolve. See the Community Noticeboard for more info. Thank you for your patience.
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
Java Exploit/ btyverify trojan
Options
Dunwunderin
Posts: 163 Forumite
in Techie Stuff
Hi,
a few weeks ago I picked up the above malware and possibly other infections.
I have found in two runs 16 infected files of he above but how do I know that my PC is now clear of all infection.
The symptoms of browser change/hijack, start page change, unexplained activity on my computer, email sending appear to have now gone. Spam attacks on friends in my address book have decreased but still appear to happen on a small scale.
As I want to get backsecurely to online banking, how do I make sure that all serious malware has now been removed?
a few weeks ago I picked up the above malware and possibly other infections.
I have found in two runs 16 infected files of he above but how do I know that my PC is now clear of all infection.
The symptoms of browser change/hijack, start page change, unexplained activity on my computer, email sending appear to have now gone. Spam attacks on friends in my address book have decreased but still appear to happen on a small scale.
As I want to get backsecurely to online banking, how do I make sure that all serious malware has now been removed?
0
Comments
-
That particular 'exploit' is practically ancient in computing terms; it was made to target the Microsoft Java VM provided with old versions of certain MS applications.
If it was found in the (non-MS) Java cache, follow these instructions and update Java.0 -
We can run some scans if you'd like. This should only take 2-3 minutes and will give us a starting point.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)0 -
-
I find it easier to read the normal way to be honest...0
-
-
No, It's just what I'm used to I suppose. It doesn't really matter either way.0
-
Hi,-TangleFoot- wrote: »That particular 'exploit' is practically ancient in computing terms; it was made to target the Microsoft Java VM provided with old versions of certain MS applications.
If it was found in the (non-MS) Java cache, follow these instructions and update Java.
Can't follow because I am using W7 Home edition 64 bit and layout appears different . Please advise!
I am now using latest java but I did delete an older Java version some days ago.
What about files left in the Restore system?0 -
We can run some scans if you'd like. This should only take 2-3 minutes and will give us a starting point.
Download DDS from the link below and save it to your desktop:
Link
After you've downloaded it and saved it to your desktop:- Double click DDS to run it.
- When it's finished, DDS will open two logs:
- DDS.txt
- Attach.txt
Copy & paste the contents of just DDS.txt for now and post it here (you may need to split the log over separate posts)
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Peter at 8:52:45 on 2012-06-30
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.3317.1128 [GMT 1:00]
.
AV: Norton Internet Security *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton Internet Security *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Program Files\Preton\PretonSaver\PretonClient.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Mouse\Amoumain.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Windows\vVX1000.exe
C:\Program Files (x86)\Greenshot\Greenshot.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
C:\Program Files\Preton\PretonSaver\PretonClientService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files (x86)\Secunia\PSI\PSIA.exe
C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccSvcHst.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://www.talktalk.co.uk/
uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.talktalk.co.uk/
uDefault_Search_URL = hxxp://www.google.com/ie
uWindow Title = Windows Internet Explorer provided by TalkTalk
mStart Page = hxxp://search.myheritage.com
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: MHURLSearchHook Class: {1c4ab6a5-595f-4e86-b15f-f93cce2bbd48} - C:\Program Files (x86)\Family Toolbar\tbhelper.dll
mWinlogon: Userinit=userinit.exe
BHO: MHTBPos00 Class: {0c37b053-fd68-456a-82e1-d788ee342e6f} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ExplorerBHO Class: {449d0d6e-2412-4e61-b68f-1cb625cd9e52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: Norton Identity Protection: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO: Norton Vulnerability Protection: {6d53ec84-6aae-4787-aeee-f4628f01010c} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9fdde16b-836f-4806-ab1f-1455cbeff289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB: Classic Explorer Bar: {553891b7-a0d5-4526-be18-d3ce461d6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB: Family Toolbar: {fd2fd708-1f6f-4b68-b141-c5778f0c19bb} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
TB: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
uRun: [Greenshot] C:\Program Files (x86)\Greenshot\Greenshot.exe
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Bluetooth.lnk - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\Secunia PSI Tray.lnk - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoResolveTrack = 1 (0x1)
mPolicies-explorer: NoFileAssociate = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
mPolicies-system: EnableLinkedConnections = 1 (0x1)
mPolicies-system: NoDispSettingsPage = 0 (0x0)
IE: &Clean Traces
IE: &Download with &DAP
IE: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: Add to Google Photos Screensa&ver
IE: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: Customize Menu - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: Download &all with DAP
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Fill Forms - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: Lookup on Merriam Webster - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\Merriam Webster.HTM
IE: Lookup on Wikipedia - [URL]file://C:\Program[/URL] Files (x86)\ieSpell\wikipedia.HTM
IE: Save Forms - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Show RoboForm Toolbar - [URL]file://C:\Program[/URL] Files (x86)\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {64964764-1101-4bbd-8891-B56B1A53B9B3} - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} - hxxp://www.linkedin.com/cab/LinkedInContactFinderControl.cab
DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} - hxxp://www.myheritage.com/Genoogle/Components/ActiveX/SearchEngineQuery.dll
DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} - hxxp://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
DPF: {9191F686-7F0A-441D-8A98-2FE3AC1BD913} - hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - hxxp://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?40324.5297453704
DPF: {BEA7310D-06C4-4339-A784-DC3804819809} - hxxp://www.tescophoto.com/upload/activex/v3_0_0_7/PhotoCenter_ActiveX_Control.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} - hxxp://utilities.pcpitstop.com/Optimize3/pcpitstop2.dll
TCP: DhcpNameServer = 46.37.181.234 178.162.181.72
TCP: Interfaces\{36678B52-591B-448D-8803-BC5C5078AD6B} : DhcpNameServer = 46.37.181.234 178.162.181.72
TCP: Interfaces\{36678B52-591B-448D-8803-BC5C5078AD6B}\4516C6B64516C6B6532303 : DhcpNameServer = 192.168.1.1
TCP: Interfaces\{536328AE-04E0-4FE2-82DC-C83EC836E411} : DhcpNameServer = 95.168.162.12 95.168.162.22
Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files (x86)\Common Files\A&W\MidRadio.ocx
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs:
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: MHTBPos00 Class: {0C37B053-FD68-456a-82E1-D788EE342E6F} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
BHO-X64: MHTBPos00 - No File
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO-X64: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
BHO-X64: Norton Identity Protection - No File
BHO-X64: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\IPS\IPSBHO.DLL
BHO-X64: Norton Vulnerability Protection - No File
BHO-X64: RoboForm Toolbar Helper: {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
BHO-X64: RoboForm BHO - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO-X64: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
BHO-X64: URLRedirectionBHO - No File
BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: &RoboForm Toolbar: {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll
TB-X64: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
TB-X64: Family Toolbar: {FD2FD708-1F6F-4B68-B141-C5778F0C19BB} - C:\Program Files (x86)\Family Toolbar\tbcore3.dll
TB-X64: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - No File
TB-X64: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\coIEPlg.dll
TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
TB-X64: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No File
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No File
mRun-x64: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mRun-x64: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun-x64: [Everything] "C:\Program Files (x86)\Everything\Everything.exe" -startup
mRun-x64: [Family Tree Builder Update] C:\MyHeritage\Bin\FTBCheckUpdates.exe
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
IE-X64: {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLCHECK.HTM
IE-X64: {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - res://C:\Program Files (x86)\ieSpell\iespell.dll/SPELLOPTION.HTM
IE-X64: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
AppInit_DLLs-X64:
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~3\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================0 -
Thanks - Can you post the rest of the log after ======FIREFOX ======?0
-
FF - ProfilePath - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\ntclcf66.default\Thanks - Can you post the rest of the log after ======FIREFOX ======?
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.talktalk.co.uk/
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.53\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.71\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 600000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
.
============= SERVICES / DRIVERS ===============
.
R0 pavboot;pavboot;C:\Windows\system32\drivers\pavboot64.sys --> C:\Windows\system32\drivers\pavboot64.sys [?]
R0 SymDS;Symantec Data Store;C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMDS64.SYS [?]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\SYMEFA64.SYS [?]
R1 BHDrvx64;BHDrvx64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20120619.001_79\BHDrvx64.sys [2012-6-19 1161376]
R1 ccSet_NIS;Norton Internet Security Settings Manager;C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys --> C:\Windows\system32\drivers\NISx64\1307010.005\ccSetx64.sys [?]
R1 IDSVia64;IDSVia64;C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20120629.001\IDSviA64.sys [2012-6-30 509088]
R1 RapportCerberus_29574;RapportCerberus_29574;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\29574\RapportCerberus64_29574.sys [2011-8-7 386128]
R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-8-21 52496]
R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-8-21 61200]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R1 SymIRON;Symantec Iron Driver;C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS --> C:\Windows\system32\drivers\NISx64\1307010.005\Ironx64.SYS [?]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS --> C:\Windows\system32\Drivers\NISx64\1307010.005\SYMNETS.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2011-8-12 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 ezGOSvc;Easybits GO Services for Windows;C:\Windows\system32\svchost.exe -k netsvcs [2009-7-14 20992]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-6-25 654408]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Norton Internet Security\Engine\19.7.1.5\ccsvchst.exe [2012-6-21 138232]
R2 PretonClientService;PretonSaver;C:\Program Files\Preton\PretonSaver\PretonClientService.exe [2011-2-2 91136]
R2 RtNdPt60;Realtek NDIS Protocol Driver;C:\Windows\system32\DRIVERS\RtNdPt60.sys --> C:\Windows\system32\DRIVERS\RtNdPt60.sys [?]
R2 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-6-21 138912]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 PSI;PSI;C:\Windows\system32\DRIVERS\psi_mf.sys --> C:\Windows\system32\DRIVERS\psi_mf.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 RTL8187B;NETGEAR WG111v3 Wireless-G USB Adapter Vista Driver;C:\Windows\system32\DRIVERS\wg111v3.sys --> C:\Windows\system32\DRIVERS\wg111v3.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-6-22 250056]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-4-1 183560]
S3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?]
S3 BTWAMPFL;BTWAMPFL;C:\Windows\system32\DRIVERS\btwampfl.sys --> C:\Windows\system32\DRIVERS\btwampfl.sys [?]
S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\system32\DRIVERS\btwl2cap.sys --> C:\Windows\system32\DRIVERS\btwl2cap.sys [?]
S3 fssfltr;fssfltr;C:\Windows\system32\DRIVERS\fssfltr.sys --> C:\Windows\system32\DRIVERS\fssfltr.sys [?]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-8-28 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-6-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-6-22 113120]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
S3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);C:\Windows\system32\DRIVERS\RtVlan60.sys --> C:\Windows\system32\DRIVERS\RtVlan60.sys [?]
S3 SWDUMon;SWDUMon;C:\Windows\system32\DRIVERS\SWDUMon.sys --> C:\Windows\system32\DRIVERS\SWDUMon.sys [?]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2012-06-29 08:03:21
d
w- C:\Program Files (x86)\ESET
2012-06-29 07:53:01
d
w- C:\ProgramData\SUPERSetup
2012-06-28 21:56:03 33800 ----a-w- C:\Windows\System32\drivers\pavboot64.sys
2012-06-28 21:52:12 116016 ----a-w- C:\Windows\System32\drivers\53924816.sys
2012-06-28 21:40:04
d
w- C:\ProgramData\Kaspersky Lab
2012-06-26 21:16:52
d
w- C:\Windows\en
2012-06-26 21:09:50 48488 ----a-w- C:\Windows\System32\drivers\fssfltr.sys
2012-06-26 21:09:04 19736 ----a-w- C:\Windows\System32\tmpidcrl.dll
2012-06-26 21:09:04 19736 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-26 21:00:40 7450888 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\bb53741f1cd53de12\bingbarsetup.exe
2012-06-26 21:00:21 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b23a51361cd53de11\MeshBetaRemover.exe
2012-06-26 21:00:18 89944 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b00fb0961cd53de10\DSETUP.dll
2012-06-26 21:00:18 537432 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b00fb0961cd53de10\DXSETUP.exe
2012-06-26 21:00:18 1801048 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\b00fb0961cd53de10\dsetup32.dll
2012-06-25 17:35:30
d
w- C:\Program Files (x86)\SpywareBlaster
2012-06-23 16:29:42
d
w- C:\Program Files (x86)\Oracle
2012-06-22 17:45:48
d
w- C:\Users\Peter\AppData\Local\Macromedia
2012-06-22 17:42:15 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-06-22 16:39:49 772504 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-06-22 11:41:50
d
w- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-22 11:41:35 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-22 11:41:35 624608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\gkmedias.dll
2012-06-22 11:41:35 43488 ----a-w- C:\Program Files (x86)\Mozilla Firefox\mozglue.dll
2012-06-22 11:41:35 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-22 11:41:35 157608 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-06-22 11:41:35 113120 ----a-w- C:\Program Files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-06-22 11:26:48 544008 ----a-w- C:\Windows\System32\npdeployJava1.dll
2012-06-21 20:34:40 737912 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtsp64.sys
2012-06-21 20:34:40 451192 ----a-r- C:\Windows\System32\drivers\NISx64\1307010.005\symds64.sys
2012-06-21 20:34:40 405624 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symnets.sys
2012-06-21 20:34:40 37496 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\srtspx64.sys
2012-06-21 20:34:40 190072 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\ironx64.sys
2012-06-21 20:34:40 167048 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\ccsetx64.sys
2012-06-21 20:34:40 1092728 ----a-w- C:\Windows\System32\drivers\NISx64\1307010.005\symefa64.sys
2012-06-21 20:34:30
d
w- C:\Windows\System32\drivers\NISx64\1307010.005
2012-06-21 20:30:26
d
w- C:\Users\Peter\AppData\Local\ElevatedDiagnostics
2012-06-21 20:27:40 175736 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS
2012-06-21 20:27:40
d
w- C:\Program Files\Common Files\Symantec Shared
2012-06-21 20:24:18 8570192
w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6484F757-C535-4775-B93E-849ED6F8BD10}\mpengine.dll
2012-06-21 19:12:19
d
w- C:\Windows\PCHEALTH
2012-06-21 19:08:16 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-06-21 19:08:16 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-06-21 19:08:16 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-06-21 19:08:15 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-06-21 19:08:14 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-06-21 19:08:14 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-06-21 19:08:14 220672 ----a-w- C:\Windows\System32\wintrust.dll
2012-06-21 18:53:59 887296 ----a-w- C:\Program Files\Internet Explorer\iedvtool.dll
2012-06-21 18:52:50 1544704 ----a-w- C:\Windows\System32\DWrite.dll
2012-06-21 18:52:50 1077248 ----a-w- C:\Windows\SysWow64\DWrite.dll
2012-06-21 18:52:47 75120 ----a-w- C:\Windows\System32\drivers\partmgr.sys
2012-06-21 18:52:11 442880 ----a-w- C:\Windows\SysWow64\ntshrui.dll
2012-06-21 18:51:43 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-06-21 18:51:43 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-06-21 18:51:41 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-06-21 18:51:39 3146752 ----a-w- C:\Windows\System32\win32k.sys
2012-06-21 18:49:58 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-06-21 18:49:56 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-06-21 18:49:56 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-06-21 18:49:53 1918320 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-06-21 18:49:38 1462272 ----a-w- C:\Windows\System32\crypt32.dll
2012-06-21 18:49:38 1158656 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-06-21 18:49:37 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-06-21 18:49:37 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-06-21 18:49:37 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-06-21 18:49:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-06-21 18:48:07 210944 ----a-w- C:\Windows\System32\drivers\rdpwd.sys
2012-06-21 18:48:06 209920 ----a-w- C:\Windows\System32\profsvc.dll
2012-06-21 18:48:04 3216384 ----a-w- C:\Windows\System32\msi.dll
2012-06-21 18:48:03 2342400 ----a-w- C:\Windows\SysWow64\msi.dll
2012-06-21 18:47:52 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2012-06-21 18:47:52 149504 ----a-w- C:\Windows\System32\rdpcorekmts.dll
2012-06-21 18:47:51 77312 ----a-w- C:\Windows\System32\rdpwsx.dll
2012-06-21 18:47:50 634880 ----a-w- C:\Windows\System32\msvcrt.dll
2012-06-21 18:47:49 690688 ----a-w- C:\Windows\SysWow64\msvcrt.dll
2012-06-21 18:46:49 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-06-21 18:46:49 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-06-21 18:46:48 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-06-21 18:46:02 936960 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2012-06-21 18:46:02 1367552 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll
2012-06-21 18:37:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-21 18:36:42 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-21 18:36:32 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-21 18:36:32 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-21 16:46:45
d
w- C:\Users\Peter\AppData\Local\{D5BE3152-0641-401B-9CDE-9DD77C93AFE2}
2012-06-21 16:46:32
d
w- C:\Users\Peter\AppData\Local\{B0EEB544-2AA7-48F6-91CA-5E3EB4DF2600}
2012-06-20 19:03:09
d
w- C:\Users\Peter\AppData\Local\{0A2530EF-9924-4A4C-8616-92548CC7944F}
2012-06-20 19:03:05
d
w- C:\Users\Peter\AppData\Local\{388D2B96-5759-43C3-992A-8EDE4AB0D23A}
2012-06-20 07:00:47
d
w- C:\Users\Peter\AppData\Local\{239F9792-9E63-437E-A70A-0EF51F44799A}
2012-06-20 07:00:33
d
w- C:\Users\Peter\AppData\Local\{35DF7976-1FD7-4A50-B87E-E29C446F81B4}
2012-06-19 11:44:02
d
w- C:\Program Files (x86)\Panda Security
2012-06-19 11:34:53
d
w- C:\Users\Peter\AppData\Local\{145F4055-8E65-4C08-A8F8-DE47991261CD}
2012-06-19 11:34:39
d
w- C:\Users\Peter\AppData\Local\{33AF7B25-CAFD-4DD1-AD8B-5F2FB5A774C3}
2012-06-19 10:04:01
d
w- C:\Program Files (x86)\Ask.com
2012-06-18 14:46:37
d
w- C:\Users\Peter\AppData\Local\{033B5FA6-18BE-48A6-8469-BFECDCA03111}
2012-06-18 14:17:15
d
w- C:\ProgramData\blekko toolbars
2012-06-18 14:16:23
d
w- C:\Users\Peter\AppData\Local\blekkotb_031
2012-06-18 14:16:05
d
w- C:\ProgramData\Tarma Installer
2012-06-18 14:05:11
d
w- C:\Users\Peter\AppData\Local\{B2659539-49BF-46D3-8FC8-65782BFE708A}
2012-06-17 19:35:12
d
w- C:\Users\Peter\AppData\Roaming\RoboForm
2012-06-17 16:33:29
d
w- C:\Users\Peter\AppData\Local\{773EF50E-C74A-4B76-B7CA-8A7A48C53502}
2012-06-16 08:43:36
d
w- C:\Users\Peter\AppData\Local\{AE698F92-5432-4E25-AA6B-C8BCFA485162}
2012-06-16 08:43:36
d
w- C:\Users\Peter\AppData\Local\{9EED10A1-630E-4788-B277-756B34C2AC3F}
2012-06-15 09:06:53
d
w- C:\Users\Peter\AppData\Local\{B15E33DF-D4F4-445A-A86C-D1C1B370736A}
2012-06-14 19:26:39
d
w- C:\Users\Peter\AppData\Local\{4CBA1111-12D6-486A-B6FD-1B4FD62BDF1A}
2012-06-14 19:26:23
d
w- C:\Users\Peter\AppData\Local\{38D2CFE1-4F5D-4349-81AB-231C17760CED}
2012-06-14 14:47:12
d
w- C:\Program Files\SUPERAntiSpyware
2012-06-14 07:11:19
d
w- C:\Users\Peter\AppData\Local\{4DC6A058-EF19-465F-BACC-1D2400487B09}
2012-06-14 07:11:05
d
w- C:\Users\Peter\AppData\Local\{502170EB-3152-44B2-89D7-956B95F772C5}
2012-06-13 11:45:33
d
w- C:\Users\Peter\AppData\Local\{29EA9B58-57C6-4252-BED0-64C1D12A91F9}
2012-06-13 11:45:16
d
w- C:\Users\Peter\AppData\Local\{90513E44-5C05-4F8B-BC61-77D39430BA29}
2012-06-13 11:45:02
d
w- C:\Users\Peter\AppData\Roaming\Windows Live Writer
2012-06-13 11:45:02
d
w- C:\Users\Peter\AppData\Local\Windows Live Writer
2012-06-13 11:34:21
d
w- C:\Users\Peter\AppData\Local\{AE299B6F-2E75-461C-82A5-4665E456FEAB}
2012-06-12 20:11:48
d
w- C:\Windows\SysWow64\wbem\Logs
2012-06-12 15:04:25
d
w- C:\ProgramData\HitmanPro
2012-06-12 15:04:25
d
w- C:\Program Files\HitmanPro
2012-06-09 10:43:49
d
w- C:\Windows\System32\%LocalAppData%
.
==================== Fin0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.8K Banking & Borrowing
- 253K Reduce Debt & Boost Income
- 453.5K Spending & Discounts
- 243.8K Work, Benefits & Business
- 598.6K Mortgages, Homes & Bills
- 176.8K Life & Family
- 257.1K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards