Jump to content

citizenm

Members
  • Posts

    7
  • Joined

  • Last visited

Everything posted by citizenm

  1. I have been running everything on my system for the last few hours. All systems appear to be operating normally with no further problems. Thank you for your help.
  2. System Look Log SystemLook 04.09.10 by jpshortstuff Log created at 17:19 on 31/03/2011 by Chad Administrator - Elevation successful ========== filefind ========== Searching for "lkzhamtc.sys" No files found. Searching for "tgffzhdd.sys" No files found. -= EOF =- ESET Log ESETSmartInstaller@High as CAB hook log: OnlineScanner.ocx - registred OK # version=7 # iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339) # OnlineScanner.ocx=1.0.0.6425 # api_version=3.0.2 # EOSSerial=ebd510eb32063e4e9213a0701a25a1c3 # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2011-03-31 09:56:09 # local_time=2011-03-31 05:56:09 (-0500, Eastern Daylight Time) # country="United States" # lang=9 # osver=5.1.2600 NT Service Pack 3 # compatibility_mode=1024 16777215 100 0 32974644 32974644 0 0 # compatibility_mode=5891 16776869 42 87 0 12711572 0 0 # compatibility_mode=8192 67108863 100 0 0 0 0 0 # scanned=115045 # found=1 # cleaned=1 # scan_time=1859 C:\WINDOWS\system32\doskltmc.dll a variant of Win32/Kryptik.LYY trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Security Check Log Results of screen317's Security Check version 0.99.10 Windows XP Service Pack 3 Internet Explorer 8 `````````````````````````````` Antivirus/Firewall Check: Windows Firewall Enabled! ESET Online Scanner v3 Microsoft Security Essentials Antivirus up to date! (On Access scanning disabled!) ``````````````````````````````` Anti-malware/Other Utilities Check: Malwarebytes' Anti-Malware CCleaner Java 6 Update 20 Out of date Java installed! Adobe Flash Player 10.2.153.1 Adobe Reader 9.3.3 Out of date Adobe Reader installed! ```````````````````````````````` Process Check: objlist.exe by Laurent Windows Defender MSMpEng.exe Microsoft Security Essentials msseces.exe Microsoft Security Client Antimalware MsMpEng.exe ``````````End of Log```````````` I will reboot, run some programs, surf the internet a bit and report.
  3. I have uninstalled Avira. I cannot find either of the files listed in your post (even doing a complete C: Drive search) and therefore could not upload them to VirusTotal.
  4. One thing to note: despite disabling the Avira Anti-Virus software as instructed in the ComboFix guide, the software continued to detect ComboFix while it was running. At several times I had to select various ComboFix files as "trusted" files in the Avira pop-up windows.
  5. ComboFix 11-03-28.01 - Chad 03/28/2011 17:10:16.3.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.967 [GMT -4:00] Running from: c:\documents and settings\Chad\Desktop\ComboFix.exe AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\INSTALL.LOG . . ((((((((((((((((((((((((( Files Created from 2011-02-28 to 2011-03-28 ))))))))))))))))))))))))))))))) . . 2011-03-28 21:02 . 2011-03-28 21:02 41680 ----a-w- c:\windows\system32\drivers\lkzhamtc.sys 2011-03-28 20:58 . 2011-03-28 20:58 41680 ----a-w- c:\windows\system32\drivers\tgffzhdd.sys 2011-03-28 20:50 . 2011-03-28 20:50 41680 ----a-w- c:\windows\system32\drivers\sshptgzy.sys 2011-03-28 20:38 . 2011-03-28 20:38 41680 ----a-w- c:\windows\system32\drivers\ievzkoob.sys 2011-03-28 20:33 . 2011-03-28 20:33 41680 ----a-w- c:\windows\system32\drivers\hiqygwsr.sys 2011-03-28 16:58 . 2011-03-28 16:58 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6968F-B8D1-48A2-8513-E30D8BCD3DEC}\MpKsl9f849f91.sys 2011-03-28 16:58 . 2011-03-15 04:05 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6968F-B8D1-48A2-8513-E30D8BCD3DEC}\mpengine.dll 2011-03-28 05:44 . 2011-03-28 05:44 -------- d-----w- c:\documents and settings\Chad\Application Data\Avira 2011-03-28 04:06 . 2011-03-28 20:33 -------- d-----w- c:\windows\system32\NtmsData 2011-03-28 04:01 . 2011-03-28 16:49 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-28 04:01 . 2011-03-28 16:49 137656 ----a-w- c:\windows\system32\drivers\avipbb.sys 2011-03-28 04:01 . 2009-05-11 16:49 45416 ----a-w- c:\windows\system32\drivers\avgntdd.sys 2011-03-28 04:01 . 2009-05-11 16:49 22360 ----a-w- c:\windows\system32\drivers\avgntmgr.sys 2011-03-28 04:01 . 2011-03-28 04:02 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira 2011-03-28 04:01 . 2011-03-28 04:01 -------- d-----w- c:\program files\Avira 2011-03-27 20:13 . 2011-03-27 20:13 60416 ---ha-w- c:\windows\system32\doskltmc.dll 2011-03-27 20:12 . 2011-03-27 21:38 -------- d-----w- c:\documents and settings\All Users\Application Data\eKeKfJfIcIj28601 2011-03-02 23:48 . 2011-03-02 23:49 -------- d-----w- c:\program files\iTunes . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2011-03-27 06:40 . 2010-08-21 22:11 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2011-03-15 04:05 . 2010-07-31 16:35 6792528 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2011-02-09 13:53 . 2004-08-04 07:56 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53 . 2004-08-04 07:56 186880 ------w- c:\windows\system32\encdec.dll 2011-02-02 07:58 . 2005-11-09 22:40 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57 . 2005-11-09 22:40 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44 . 2001-08-23 12:00 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-13 09:41 . 2011-01-26 13:37 5890896 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Updates\mpengine.dll 2011-01-07 14:09 . 2001-08-23 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10 . 2001-08-23 12:00 1854976 ----a-w- c:\windows\system32\win32k.sys 2005-05-13 23:12 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 17:13 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-14 03:27 422400 --sha-r- c:\windows\x2.64.exe 2005-07-14 18:31 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 21:32 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-22 04:37 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2005-12-23 02:23 816640 --sha-r- c:\windows\system32\smab.dll 2005-02-28 19:16 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-25 06:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 718688] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 61440] "ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-23 335872] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-03-02 421160] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-11-29 113664] . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk backup=c:\windows\pss\Windows Search.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^Chad^Start Menu^Programs^Startup^Microsoft Find Fast.lnk] path=c:\documents and settings\Chad\Start Menu\Programs\Startup\Microsoft Find Fast.lnk backup=c:\windows\pss\Microsoft Find Fast.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^Chad^Start Menu^Programs^Startup^Office Startup.lnk] path=c:\documents and settings\Chad\Start Menu\Programs\Startup\Office Startup.lnk backup=c:\windows\pss\Office Startup.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate] 2010-06-03 00:50 1144104 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2010-11-29 22:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-02-18 15:43 248040 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Messenger\\msmsgs.exe"= "c:\\Program Files\\Mozilla Firefox\\firefox.exe"= "c:\\WINDOWS\\system32\\dplaysvr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\BitTorrent\\bittorrent.exe"= "d:\\VALVE\\STEAM\\STEAMAPPS\\AGENTFREEMAN\\COUNTER-STRIKE SOURCE\\HL2.EXE"= "d:\\STARCRAFT\\STARCRAFT.EXE"= "d:\\Valve\\SteamApps\\agentfreeman\\counter-strike\\hl.exe"= "d:\\Valve\\SteamApps\\agentfreeman\\condition zero\\hl.exe"= "d:\\Valve\\SteamApps\\agentfreeman\\half-life 2 deathmatch\\hl2.exe"= "c:\\Program Files\\uTorrent\\uTorrent.exe"= "d:\\Valve\\SteamApps\\agentfreeman\\counter-strike source\\hl2.exe"= "d:\\Quake II Downloaded\\Quake2\\Quake2\\quake2.exe"= "c:\\Program Files\\Bonjour\\mDNSResponder.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Program Files\\iTunes\\iTunes.exe"= . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "5985:TCP"= 5985:TCP:*:Disabled:Windows Remote Management . R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [7/30/2010 7:46 PM 116264] R1 MpKsl9f849f91;MpKsl9f849f91;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2DB6968F-B8D1-48A2-8513-E30D8BCD3DEC}\MpKsl9f849f91.sys [3/28/2011 12:58 PM 28752] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\Avira\AntiVir Desktop\avmailc.exe [3/28/2011 12:01 AM 339624] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [3/28/2011 12:01 AM 135336] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\Avira\AntiVir Desktop\avwebgrd.exe [3/28/2011 12:01 AM 421032] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [7/15/2010 8:45 PM 35088] S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?] S1 hiqygwsr;hiqygwsr;c:\windows\system32\drivers\hiqygwsr.sys [3/28/2011 4:33 PM 41680] S1 ievzkoob;ievzkoob;c:\windows\system32\drivers\ievzkoob.sys [3/28/2011 4:38 PM 41680] S1 lkzhamtc;lkzhamtc;c:\windows\system32\drivers\lkzhamtc.sys [3/28/2011 5:02 PM 41680] S1 sshptgzy;sshptgzy;c:\windows\system32\drivers\sshptgzy.sys [3/28/2011 4:50 PM 41680] S1 tgffzhdd;tgffzhdd;c:\windows\system32\drivers\tgffzhdd.sys [3/28/2011 4:58 PM 41680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3/18/2010 1:16 PM 130384] S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [9/28/2010 10:56 AM 23608] S3 Filsserv;Filsserv;c:\windows\system32\drivers\mspclock.sys [11/9/2005 11:36 AM 5376] S3 gtermddo;gtermddo;\??\c:\docume~1\Chad\LOCALS~1\Temp\gtermddo.sys --> c:\docume~1\Chad\LOCALS~1\Temp\gtermddo.sys [?] S3 Mrangnrdc-ms;Mrangnrdc-ms; [x] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [8/23/2001 8:00 AM 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [3/18/2010 1:16 PM 753504] S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/30/2010 11:38 PM 643072] . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL9F849F91 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] WINRM REG_MULTI_SZ WINRM . Contents of the 'Scheduled Tasks' folder . 2011-03-28 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 16:50] . 2011-03-28 c:\windows\Tasks\MP Scheduled Scan.job - c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 17:26] . . ------- Supplementary Scan ------- . uStart Page = file:///D:/Website-macrossmechamanual/m3.html uInternet Settings,ProxyOverride = *.local IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll FF - ProfilePath - c:\documents and settings\Chad\Application Data\Mozilla\Firefox\Profiles\2gb3rafp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.ca FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension . - - - - ORPHANS REMOVED - - - - . MSConfigStartUp-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe MSConfigStartUp-updateMgr - c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-03-28 17:15 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(484) c:\windows\system32\WININET.dll c:\windows\system32\Ati2evxx.dll . - - - - - - - > 'lsass.exe'(548) c:\program files\Avira\AntiVir Desktop\avsda.dll . Completion time: 2011-03-28 17:18:03 ComboFix-quarantined-files.txt 2011-03-28 21:18 . Pre-Run: 877,264,896 bytes free Post-Run: 1,899,376,640 bytes free . WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /NoExecute=OptIn . - - End Of File - - 63F4D8BE8CBD404C0D63FB1933CD0046 NEW DDS log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Chad at 17:24:08.40 on Mon 03/28/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.884 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\WINDOWS\System32\dllhost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\explorer.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Chad\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = file:///D:/Website-macrossmechamanual/m3.html uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280529014546 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280529708671 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\2gb3rafp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.ca FF - component: c:\documents and settings\chad\application data\mozilla\firefox\profiles\2gb3rafp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - component: c:\documents and settings\chad\application data\mozilla\firefox\profiles\2gb3rafp.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar-ff3.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\program files\mozilla firefox\plugins\npmozax.dll FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2010-7-30 116264] R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-3-25 165264] R1 MpKsl9f849f91;MpKsl9f849f91;c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{2db6968f-b8d1-48a2-8513-e30d8bcd3dec}\MpKsl9f849f91.sys [2011-3-28 28752] R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files\avira\antivir desktop\avmailc.exe [2011-3-28 339624] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2011-3-28 135336] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2011-3-28 269480] R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files\avira\antivir desktop\avwebgrd.exe [2011-3-28 421032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-3-28 61960] R2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-7-15 35088] S0 Lbd;Lbd;c:\windows\system32\drivers\lbd.sys --> c:\windows\system32\drivers\Lbd.sys [?] S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2011-3-28 11608] S1 hiqygwsr;hiqygwsr;c:\windows\system32\drivers\hiqygwsr.sys [2011-3-28 41680] S1 ievzkoob;ievzkoob;c:\windows\system32\drivers\ievzkoob.sys [2011-3-28 41680] S1 lkzhamtc;lkzhamtc;c:\windows\system32\drivers\lkzhamtc.sys [2011-3-28 41680] S1 sshptgzy;sshptgzy;c:\windows\system32\drivers\sshptgzy.sys [2011-3-28 41680] S1 tgffzhdd;tgffzhdd;c:\windows\system32\drivers\tgffzhdd.sys [2011-3-28 41680] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 DrmRAudio;DrmRAudio;c:\windows\system32\drivers\DrmRAudio.sys [2010-9-28 23608] S3 Filsserv;Filsserv;c:\windows\system32\drivers\mspclock.sys [2005-11-9 5376] S3 gtermddo;gtermddo;\??\c:\docume~1\chad\locals~1\temp\gtermddo.sys --> c:\docume~1\chad\locals~1\temp\gtermddo.sys [?] S3 Mrangnrdc-ms;Mrangnrdc-ms; [x] S3 WinRM;Windows Remote Management (WS-Management);c:\windows\system32\svchost.exe -k WINRM [2001-8-23 14336] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2011-03-28 21:09:12 -------- d-sha-r- C:\cmdcons 2011-03-28 21:06:56 98816 ----a-w- c:\windows\sed.exe 2011-03-28 21:06:56 89088 ----a-w- c:\windows\MBR.exe 2011-03-28 21:06:56 256512 ----a-w- c:\windows\PEV.exe 2011-03-28 21:06:56 161792 ----a-w- c:\windows\SWREG.exe 2011-03-28 21:02:31 41680 ----a-w- c:\windows\system32\drivers\lkzhamtc.sys 2011-03-28 20:58:16 41680 ----a-w- c:\windows\system32\drivers\tgffzhdd.sys 2011-03-28 20:50:34 41680 ----a-w- c:\windows\system32\drivers\sshptgzy.sys 2011-03-28 20:38:06 41680 ----a-w- c:\windows\system32\drivers\ievzkoob.sys 2011-03-28 20:33:46 41680 ----a-w- c:\windows\system32\drivers\hiqygwsr.sys 2011-03-28 16:58:36 28752 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2db6968f-b8d1-48a2-8513-e30d8bcd3dec}\MpKsl9f849f91.sys 2011-03-28 16:58:14 6792528 ----a-w- c:\docume~1\alluse~1\applic~1\microsoft\microsoft antimalware\definition updates\{2db6968f-b8d1-48a2-8513-e30d8bcd3dec}\mpengine.dll 2011-03-28 05:44:12 -------- d-----w- c:\docume~1\chad\applic~1\Avira 2011-03-28 04:06:57 -------- d-----w- c:\windows\system32\NtmsData 2011-03-28 04:01:38 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2011-03-28 04:01:36 -------- d-----w- c:\program files\Avira 2011-03-28 04:01:36 -------- d-----w- c:\docume~1\alluse~1\applic~1\Avira 2011-03-27 20:13:11 60416 ---ha-w- c:\windows\system32\doskltmc.dll 2011-03-27 20:12:55 -------- d-----w- c:\docume~1\alluse~1\applic~1\eKeKfJfIcIj28601 2011-03-02 23:48:07 -------- d-----w- c:\program files\iTunes . ==================== Find3M ==================== . 2011-03-27 06:40:08 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll 2011-02-09 13:53:52 270848 ------w- c:\windows\system32\sbe.dll 2011-02-09 13:53:52 186880 ------w- c:\windows\system32\encdec.dll 2011-02-02 07:58:35 2067456 ----a-w- c:\windows\system32\mstscax.dll 2011-01-27 11:57:06 677888 ----a-w- c:\windows\system32\mstsc.exe 2011-01-21 14:44:37 439296 ----a-w- c:\windows\system32\shimgvw.dll 2011-01-07 14:09:02 290048 ----a-w- c:\windows\system32\atmfd.dll 2010-12-31 13:10:33 1854976 ----a-w- c:\windows\system32\win32k.sys 2005-05-13 23:12:00 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 17:13:58 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-14 03:27:00 422400 --sha-r- c:\windows\x2.64.exe 2005-07-14 18:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 21:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-22 04:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-25 06:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2005-12-23 02:23:08 816640 --sha-r- c:\windows\system32\smab.dll 2005-02-28 19:16:22 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-25 06:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ============= FINISH: 17:24:36.53 =============== NEW Attach file added to this post Attach.zip
  6. The initial problem is all too familiar: I'm browsing the internet and suddenly my browser (FireFox) freezes for a significant amount of time, the browser changes ever so slightly from full screen to a windowed view and then a program installs itself in my system tray, professing to be spyware/malware removal software. At that point, I know I'm screwed. Symptoms include: My system runs notably slower, getting worse as time goes on When performing ANY Google search, there is a 5-6 second delay where there was none before Anti-Virus software or Microsoft Security Essentials continually detects threats even when my computer is turned on but I'm not actually doing anything nor surfing the net (Avira is detecting TR/Crypt.XPACK.GEN.) At random times the hard drive makes brief access noises and also a notable bleep emitting from the system case speaker, behaviour that is not typical of regular operation prior to infection I'll run ComboFix and reply with the results.
  7. I have two important notes that you may want to know about before I post my logs: I'm not sure if this is important, but DDS took more than 30 minutes to run. GMER did NOT run at all. The randomly named file saved to my desktop but would not load and therefore, I do not have an ARK log to post here Latest Malwarebytes Log Malwarebytes' Anti-Malware 1.50.1.1100 www.malwarebytes.org Database version: 6187 Windows 5.1.2600 Service Pack 3 Internet Explorer 8.0.6001.18702 3/28/2011 1:21:12 PM mbam-log-2011-03-28 (13-21-12).txt Scan type: Quick scan Objects scanned: 149316 Time elapsed: 6 minute(s), 31 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) DDS Log . DDS (Ver_11-03-05.01) - NTFSx86 Run by Chad at 2:06:44.18 on Mon 03/28/2011 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_20 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.947 [GMT -4:00] . AV: AntiVir Desktop *Disabled/Updated* {C19476D9-52BC-4E93-8AF3-CCF59F7AE8FE} AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095} AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF} . ============== Running Processes =============== . C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\Ati2evxx.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\System32\svchost.exe -k imgsvc C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\WINDOWS\system32\devldr32.exe C:\Program Files\Microsoft Security Client\msseces.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Avira\AntiVir Desktop\avmailc.exe C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Program Files\iPod\bin\iPodService.exe C:\Documents and Settings\Chad\Desktop\dds.scr . ============== Pseudo HJT Report =============== . uStart Page = file:///D:/Website-macrossmechamanual/m3.html uInternet Settings,ProxyOverride = *.local BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll mRun: [XboxStat] "c:\program files\microsoft xbox 360 accessories\XboxStat.exe" silentrun mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun mRun: [ATIPTA] "c:\program files\ati technologies\ati control panel\atiptaxx.exe" mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000 IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office11\REFIEBAR.DLL LSP: c:\program files\avira\antivir desktop\avsda.dll DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1280529014546 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1280529708671 DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab Notify: AtiExtEvent - Ati2evxx.dll AppInit_DLLs: c:\windows\system32\avgrsstx.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll . ================= FIREFOX =================== . FF - ProfilePath - c:\docume~1\chad\applic~1\mozilla\firefox\profiles\2gb3rafp.default\ FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q= FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - www.google.ca FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - c:\program files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} FF - Ext: Google Toolbar for Firefox: {3112ca9c-de6d-4884-a869-9855de68056c} - %profile%\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b} FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension . ============= SERVICES / DRIVERS =============== . . =============== Created Last 30 ================ . . ==================== Find3M ==================== . 2005-05-13 23:12:00 217073 --sha-r- c:\windows\meta4.exe 2005-10-24 17:13:58 66560 --sha-r- c:\windows\MOTA113.exe 2005-10-14 03:27:00 422400 --sha-r- c:\windows\x2.64.exe 2005-07-14 18:31:20 27648 --sha-r- c:\windows\system32\AVSredirect.dll 2005-06-26 21:32:28 616448 --sha-r- c:\windows\system32\cygwin1.dll 2005-06-22 04:37:42 45568 --sha-r- c:\windows\system32\cygz.dll 2004-01-25 06:00:00 70656 --sha-r- c:\windows\system32\i420vfw.dll 2005-12-23 02:23:08 816640 --sha-r- c:\windows\system32\smab.dll 2005-02-28 19:16:22 240128 --sha-r- c:\windows\system32\x.264.exe 2004-01-25 06:00:00 70656 --sha-r- c:\windows\system32\yv12vfw.dll . ============= FINISH: 2:30:47.56 =============== Attach.zip
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.