ironmask

Members
  • Content Count

    3
  • Joined

  • Last visited

Community Reputation

0 Neutral

About ironmask

  • Rank
    Newbie
  1. I realized i accidentally tried to compress the entire Programdata file and not the C:\ProgramData\Lavasoft\AntiMalware file. I have attached the file as you requested. I also noticed that i had 5 G of space on my C drive yesterday but now i only have 1.19 GB of space. Could the trojan be adding new files in my C drive without me knowing? AntiMalware.zip
  2. First i right clicked on folder name and selected "Send to - Compressed folder", but computer said it cannot create the compressed file in C drive but would i like to send to desktop. So i tried to create the compressed file on the desktop but it said it cannot compress the file because there were characters in the file in use that can't be used in a compressed file. It said i should rename the file or directory. Should i just rename the file then?
  3. Hi, I found Heur.HTML.MalFrame (v) Trojan on my computer after running Ad-Aware and have it under Quarantine but it seems to come back every few days or so. I have found the "trace" when i double clicked on the trojan file in Quarantine and this is what it said: C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101155958.172_ 6 C:\Program Files (x86)\Ad-Aware Antivirus\Definitions\BOOT\SBS_VE_REMD_20140101160047.281_ 8 Here is the DDS log of it. I would appreciate it if you could help me with this problem. DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428 BrowserJavaVersion: 10.51.2 Run by Stephen at 12:29:18 on 2014-02-10 Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.4095.1770 [GMT -5:00] . AV: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9} AV: Lavasoft Ad-Aware *Enabled/Updated* {445B48C3-0FA4-6B16-8F07-6506F305D800} SP: Lavasoft Ad-Aware *Enabled/Updated* {FF3AA927-299E-6498-B5B7-5E74888292BD} SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: AVG AntiVirus Free Edition 2014 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664} FW: Lavasoft Ad-Aware *Disabled* {7C60C9E6-45CB-6A4E-A458-CC330DD69F7B} . ============== Running Processes =============== . C:\PROGRA~2\AVG\AVG2014\avgrsa.exe C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\atieclxx.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\taskhost.exe C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Windows\system32\HPSIsvc.exe C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Service.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Online Games Manager\ogmservice.exe C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Capture.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\AVG\AVG2014\avgui.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\BlueStacks\HD-Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe C:\Program Files (x86)\AVG\AVG2014\avgemca.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe C:\Program Files (x86)\BlueStacks\HD-Network.exe C:\Program Files (x86)\BlueStacks\HD-BlockDevice.exe C:\Program Files (x86)\BlueStacks\HD-SharedFolder.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\CORE-STATIC\CCC.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\PROGRA~2\AD-AWA~1\AdAware.exe C:\Windows\system32\wuauclt.exe C:\Users\Stephen\AppData\Local\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned> uURLSearchHooks: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll mURLSearchHooks: {8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94} - <orphaned> mWinlogon: Userinit = C:\Windows\SysWOW64\userinit.exe, BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned> BHO: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: Ad-Aware Security Add-on: {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun uRun: [Google Update] "C:\Users\Stephen\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" dRun: [Exetender] "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - D:\MICROS~1\Office12\EXCEL.EXE/3000 IE: ??????? - <no file> IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} - TCP: NameServer = 192.168.0.1 TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\357484D294734373D40293937333 : DHCPNameServer = 192.168.43.1 TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\4505D2C494E4B4F5445344238303 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{40EEAB49-059D-4316-8AF0-2DDEE6EBC009}\54D6562716C64644F6C6078696E6D27657563747 : DHCPNameServer = 192.168.33.1 Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> IFEO: taskmgr.exe - "" x64-BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file> x64-BHO: {6C8DB2EC-499B-4897-A784-0E3186C97E9D} - <orphaned> x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-IFEO: taskmgr.exe - "" . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Stephen\AppData\Roaming\Mozilla\Firefox\Profiles\3d8boyh5.default\ FF - prefs.js: browser.search.selectedEngine - VisualBee V.1 Customized Web Search FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Users\Stephen\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Users\Stephen\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll . ---- FIREFOX POLICIES ---- FF - user.js: network.http.max-persistent-connections-per-server - 4 FF - user.js: nglayout.initialpaint.delay - 600 FF - user.js: content.notify.interval - 600000 FF - user.js: content.max.tokenizing.time - 1800000 FF - user.js: content.switch.threshold - 600000 . ============= SERVICES / DRIVERS =============== . R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-10-24 194872] R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-10-31 294712] R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-10-1 123704] R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-9-10 31544] R1 Avgdiska;AVG Disk Driver;C:\Windows\System32\drivers\avgdiska.sys [2013-11-5 150808] R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-11-4 240920] R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-10-31 212280] R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-8-1 251192] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2011-9-6 270912] R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2011-8-8 57976] R2 Ad-Aware Service;Ad-Aware Service;C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe [2012-9-20 1236368] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-11-9 204288] R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-11-9 361984] R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424] R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [2013-11-11 3478544] R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [2013-9-24 348008] R2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2013-8-7 393032] R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2013-8-7 70984] R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2013-8-7 384840] R2 cpuz135;cpuz135;C:\Windows\System32\drivers\cpuz135_x64.sys [2011-8-13 21992] R2 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2009-6-24 136704] R2 HPSIService;HP SI Service;C:\Windows\System32\HPSIsvc.exe [2011-5-10 126520] R2 M4-Service;M4-Service;C:\Users\Stephen\AppData\Roaming\Mikogo 4\M4-Service.exe [2011-8-4 1003888] R2 ogmservice;Online Games Manager;C:\Program Files (x86)\Online Games Manager\ogmservice.exe [2013-8-8 559552] R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "C:/Program Files (x86)/PostgreSQL/8.4/data" -w --> C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 [?] R2 SBAMSvc;Ad-Aware;C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe [2011-12-19 3289032] R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872] R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-10-9 3275136] R2 X5XSEx_Pr143;X5XSEx_Pr143;C:\Program Files (x86)\Free Ride Games\X5XSEx_Pr143.sys [2013-6-10 56136] R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-8-8 46136] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2011-10-17 93712] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 QQPMSRV;QQ Phone Manager Service;C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe --> C:\Program Files (x86)\Tencent\QQPhoneManager\QQPMSRV.exe [?] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-10 111616] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2011-8-12 20992] S3 sbhips;sbhips;C:\Windows\System32\drivers\sbhips.sys [2012-9-1 60536] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-8-12 59392] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-8-9 1255736] . =============== Created Last 30 ================ . 2014-02-09 18:53:25 -------- d-----w- C:\Users\Stephen\AppData\Local\AcePatrol2 2014-02-09 05:50:08 -------- d-----w- C:\Users\Stephen\AppData\Local\AcePatrol 2014-02-09 05:50:05 466456 ----a-w- C:\Windows\System32\wrap_oal.dll 2014-02-09 05:50:05 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll 2014-02-09 05:50:05 122904 ----a-w- C:\Windows\System32\OpenAL32.dll 2014-02-09 05:50:05 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll 2014-02-09 05:50:05 -------- d-----w- C:\Program Files (x86)\OpenAL 2014-02-06 18:09:32 -------- d-----w- C:\Windows\C0E8FE43C35B451DB35FD4BD056D70E7.TMP 2014-01-28 19:38:29 -------- d-----w- C:\Users\Stephen\PARTYPOKERPokerDir 2014-01-18 19:32:18 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2014-01-16 05:54:02 -------- d-----w- C:\Users\Stephen\AppData\Roaming\Bitcoin 2014-01-15 16:47:19 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys 2014-01-15 16:47:19 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys 2014-01-15 16:47:18 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys 2014-01-15 16:47:17 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys 2014-01-15 16:47:17 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys 2014-01-15 16:47:17 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys 2014-01-15 16:47:16 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys 2014-01-15 16:47:13 3156480 ----a-w- C:\Windows\System32\win32k.sys 2014-01-15 16:47:11 376768 ----a-w- C:\Windows\System32\drivers\netio.sys 2014-01-13 02:19:03 -------- d-----w- C:\Users\Stephen\AppData\Local\WarThunder 2014-01-13 02:19:03 -------- d-----w- C:\ProgramData\WarThunder . ==================== Find3M ==================== . 2014-02-05 03:04:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2014-02-05 03:04:29 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-12-25 05:56:10 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-12-25 05:56:10 290776 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-12-25 05:38:43 281288 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2013-12-25 05:34:31 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe 2013-12-08 08:04:59 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll 2013-12-08 08:04:59 48128 ----a-w- C:\Windows\System32\imgutil.dll 2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb 2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll 2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll 2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll 2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe 2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll 2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll 2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll 2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll 2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll . ============= FINISH: 12:30:52.10 ===============