Jump to content

Redirects and hanging PC


CaysE

Recommended Posts

Hello; I have a WinXP laptop with IE8 that is getting random redirects and will hang IE about 50% of the time. I ran MBAM that found an infection and cleaned it. Rebooted and ran MBAM again and found no infections, but IE continues to hang.

Downloaded and ran ComboFix, that found infections. Rebooted and IE still hangs. Ran ComboFix again and again found infections, rebooted and still hangs!

Downloaded and ran HJT but it gave me an error shortly after starting the scan. HJT didn't close and gave me a log file, though.

Downloaded and ran GMER with no issues.

Five posts below contain the log files (I accidentally overwrote the first ComboFix log with the second one). I also noticed an instance of svchost using a lot of memory and 25% CPU in task manager.

Link to post
Share on other sites

First MBAM scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5131

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/16/2010 10:13:05 PM

mbam-log-2010-11-16 (22-13-05).txt

Scan type: Quick scan

Objects scanned: 173463

Time elapsed: 11 minute(s), 44 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 3

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\WINDOWS\Temp\37.tmp (Rootkit.TDSS) -> Quarantined and deleted successfully.

C:\WINDOWS\Temp\39.tmp (Rootkit.TDSS) -> Delete on reboot.

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\CIVHDTH6\dm3[1].exe (Rootkit.TDSS) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Second MBAM scan:

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 5131

Windows 5.1.2600 Service Pack 3

Internet Explorer 8.0.6001.18702

11/16/2010 10:53:06 PM

mbam-log-2010-11-16 (22-53-06).txt

Scan type: Quick scan

Objects scanned: 174498

Time elapsed: 12 minute(s), 0 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Link to post
Share on other sites

SECOND ComboFix log... I accidentally overwrote the first log:

ComboFix 10-11-16.05 - 227-409062RC 11/17/2010 6:54.2.4 - x86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1974.1572 [GMT -6:00]

Running from: c:\documents and settings\227-409062RC\Desktop\ComboFix.exe

.

((((((((((((((((((((((((( Files Created from 2010-10-17 to 2010-11-17 )))))))))))))))))))))))))))))))

.

2010-11-17 03:59 . 2010-04-29 21:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-17 03:59 . 2010-11-17 03:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-17 03:59 . 2010-04-29 21:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-17 03:51 . 2010-11-17 03:51 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2010-11-17 03:47 . 2010-11-17 03:47 -------- d-sh--w- c:\documents and settings\227-409062RC\IECompatCache

2010-11-17 03:47 . 2010-11-17 03:47 -------- d-sh--w- c:\documents and settings\227-409062RC\PrivacIE

2010-11-17 03:42 . 2010-11-17 03:42 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache

2010-11-17 03:41 . 2010-11-17 03:41 -------- d-sh--w- c:\documents and settings\227-409062RC\IETldCache

2010-11-17 03:36 . 2010-11-17 03:36 -------- dc-h--w- c:\windows\ie8

2010-11-16 19:26 . 2010-11-17 00:55 -------- d-----w- c:\documents and settings\227-409062RC\Application Data\FileZilla

2010-11-16 19:26 . 2010-11-16 19:26 -------- d-----w- c:\program files\FileZilla FTP Client

2010-11-03 12:53 . 2010-11-03 12:53 -------- d-----w- C:\debugsymbols

2010-11-03 12:21 . 2010-11-03 12:32 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)

2010-11-03 12:20 . 2010-11-03 12:20 -------- d-----w- c:\program files\Microsoft SDKs

2010-11-02 21:01 . 2010-11-02 21:01 -------- d-----w- c:\documents and settings\227-409062RC\Application Data\Smart PDF Converter

2010-11-02 02:55 . 2010-11-04 14:34 -------- d-----w- c:\documents and settings\227-409062RC\Local Settings\Application Data\CutePDF Writer

2010-11-02 02:54 . 2010-11-02 02:54 -------- d-----w- c:\program files\GPLGS

2010-11-02 02:51 . 2009-11-05 13:39 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-11-02 02:51 . 2010-11-02 02:51 -------- d-----w- c:\program files\Acro Software

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-10-19 20:51 . 2010-08-08 21:08 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-18 17:23 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53 . 2008-04-14 12:00 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53 . 2008-04-14 12:00 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53 . 2008-04-14 12:00 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-08 16:17 . 2010-09-08 16:17 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 16:17 . 2010-09-08 16:17 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:51 . 2008-04-14 12:00 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:38 . 2008-04-14 12:00 1861888 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02 . 2008-04-14 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57 . 2008-04-14 12:00 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 13:39 . 2008-04-14 12:00 357248 ----a-w- c:\windows\system32\drivers\srv.sys

2010-08-26 12:52 . 2009-08-13 15:09 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12 . 2008-04-14 12:00 617472 ----a-w- c:\windows\system32\comctl32.dll

.

((((((((((((((((((((((((((((( SnapShot@2010-11-17_05.55.03 )))))))))))))))))))))))))))))))))))))))))

.

+ 2010-11-17 12:52 . 2010-11-17 12:52 16384 c:\windows\Temp\Perflib_Perfdata_66c.dat

+ 2008-04-14 12:00 . 2010-11-17 12:56 80130 c:\windows\system32\perfc009.dat

- 2008-04-14 12:00 . 2010-11-17 05:46 80130 c:\windows\system32\perfc009.dat

+ 2008-04-14 12:00 . 2010-11-17 12:56 466410 c:\windows\system32\perfh009.dat

- 2008-04-14 12:00 . 2010-11-17 05:46 466410 c:\windows\system32\perfh009.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ICFCheck"="wscript.exe" [2008-05-08 155648]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]

"Communicator"="c:\program files\Microsoft Office Communicator\communicator.exe" [2008-10-10 5726032]

"Enterprise Vault Offline Vault Size"="c:\program files\Enterprise Vault\EVreg\EVCREG13.exe" [2008-06-30 123519]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2002-08-28 208953]

"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2001-08-23 44032]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2002-08-28 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2002-08-28 455168]

"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2009-07-07 737280]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-03-29 278528]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2008-05-23 128296]

"DellControlPoint"="c:\program files\Dell\Dell ControlPoint\Dell.ControlPoint.exe" [2009-11-02 657920]

"xltSystemTray"="c:\program files\Axalto\Access Client\v5\xltSysTray.Exe" [2005-02-19 118784]

"xltCertPropUI"="c:\windows\system32\xltCertPropUI.exe" [2005-02-26 94208]

"C2C MaX Compression initial registry keys"="c:\program files\MaXCompression\RegMaxComp54.exe" [2008-05-28 125433]

"AeXAgentLogon"="c:\program files\Altiris\Altiris Agent\AeXAgentActivate.exe" [2006-09-14 139264]

"AgentUiRunKey"="c:\program files\Iron Mountain\Connected BackupPC\Agent.exe" [2010-05-22 239104]

"SignIn"="c:\program files\Microsoft Online Services\Sign In\SignIn.exe" [2010-03-10 1734512]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-09-08 421888]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]

c:\documents and settings\All Users\Start Menu\Programs\Startup\

Dell ControlPoint System Manager.lnk - c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe [2009-12-10 1338144]

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\xltCamNotify]

2005-02-19 03:31 73728 ----a-w- c:\windows\system32\xltCamNotify.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Microsoft Office Communicator\\communicator.exe"=

"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=

"c:\\Program Files\\Iron Mountain\\Connected BackupPC\\Agent.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

"c:\\Program Files\\FileZilla FTP Client\\filezilla.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"1041:TCP"= 1041:TCP:Akamai NetSession Interface

"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [8/5/2008 3:04 PM 217600]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [8/5/2008 3:04 PM 214528]

R0 megasas;megasas;c:\windows\system32\drivers\megasas.sys [8/5/2008 3:04 PM 17664]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [8/7/2010 10:43 AM 17072]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [8/7/2010 12:21 PM 17968]

R2 AgentService;AgentService;c:\program files\Iron Mountain\Connected BackupPC\AgentService.exe [5/21/2010 8:55 PM 7587232]

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [4/14/2008 6:00 AM 14336]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\Dell\Dell ControlPoint\DCPButtonSvc.exe [11/20/2009 4:42 PM 278304]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [12/17/2009 9:45 AM 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [12/17/2009 9:45 AM 27040]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe [12/10/2009 12:09 PM 376608]

R2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [5/21/2010 8:55 PM 45384]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [4/21/2010 9:55 AM 47616]

R2 xltCCam;Axalto Smart Card CAM Service;c:\windows\system32\xltCCam.exe [2/18/2005 8:43 PM 86016]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [8/7/2010 10:43 AM 42672]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [4/21/2010 9:55 AM 113664]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [4/21/2010 9:55 AM 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [4/21/2010 9:53 AM 167080]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [4/21/2010 9:53 AM 132352]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [4/21/2010 9:53 AM 215040]

S2 InstallFilterService;FF Install Filter Service;c:\program files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe [8/7/2010 10:43 AM 60928]

S2 PwdChanger;BP COE Admin Password Changer;c:\windows\system32\Lgnserv.exe [1/29/2001 12:15 PM 348672]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [8/5/2008 7:48 AM 96256]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [8/7/2010 4:42 PM 20504]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [8/5/2008 7:48 AM 65664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

Akamai REG_MULTI_SZ Akamai

.

Contents of the 'Scheduled Tasks' folder

2010-11-12 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

.

.

------- Supplementary Scan -------

.

uStart Page = https://owa2.compucom.com/owa/

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

Trusted Zone: skillport.com

Trusted Zone: skillsoft.com

Trusted Zone: skillwsa.com

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2010-11-17 07:00

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(920)

c:\windows\system32\xltCamNotify.dll

c:\windows\system32\xltIop.dll

.

Completion time: 2010-11-17 07:03:43

ComboFix-quarantined-files.txt 2010-11-17 13:03

ComboFix2.txt 2010-11-17 05:58

Pre-Run: 223,695,163,392 bytes free

Post-Run: 223,674,155,008 bytes free

- - End Of File - - C973D375DB6D5F7A97096052761F8618

Link to post
Share on other sites

HijackThis log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 7:17:15 AM, on 11/17/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\dell\audio\r255264\wdm\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\xltCCam.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

F:\tools\HijackThis.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\taskmgr.exe

C:\WINDOWS\system32\dumprep.exe

C:\WINDOWS\system32\dwwin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://owa2.compucom.com/owa/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll

O4 - HKLM\..\Run: [iCFCheck] wscript.exe //Job:main C:\WINDOWS\ICF\ICF.WSF

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [Communicator] "C:\Program Files\Microsoft Office Communicator\communicator.exe" /fromrunkey

O4 - HKLM\..\Run: [Enterprise Vault Offline Vault Size] C:\Program Files\Enterprise Vault\EVreg\EVCREG13.exe /Q

O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [DellControlPoint] "C:\Program Files\Dell\Dell ControlPoint\Dell.ControlPoint.exe"

O4 - HKLM\..\Run: [xltSystemTray] C:\Program Files\Axalto\Access Client\v5\xltSysTray.Exe

O4 - HKLM\..\Run: [xltCertPropUI] C:\WINDOWS\system32\xltCertPropUI.exe

O4 - HKLM\..\Run: [C2C MaX Compression initial registry keys] C:\Program Files\MaXCompression\RegMaxComp54.exe /Q

O4 - HKLM\..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe /logon

O4 - HKLM\..\Run: [AgentUiRunKey] "C:\Program Files\Iron Mountain\Connected BackupPC\Agent.exe" -ni -sss -e http://localhost:16386/

O4 - HKLM\..\Run: [signIn] "C:\Program Files\Microsoft Online Services\Sign In\SignIn.exe" /autorun

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')

O4 - Global Startup: Dell ControlPoint System Manager.lnk = C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgr.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O15 - Trusted Zone: *.skillport.com

O15 - Trusted Zone: *.skillsoft.com

O15 - Trusted Zone: *.skillwsa.com

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1227191672672

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1227192455968

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: vsharechrome - {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - (no file)

O20 - Winlogon Notify: xltCamNotify - xltCamNotify.dll (file missing)

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Altiris Agent (AeXNSClient) - Altiris, Inc. - C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

O23 - Service: AgentService - Iron Mountain Incorporated - C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

O23 - Service: Dell ControlPoint Button Service (buttonsvc32) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

O23 - Service: Credential Vault Host Storage - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

O23 - Service: Dell ControlPoint System Manager (dcpsysmgrsvc) - Dell Inc. - C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe

O23 - Service: BP COE Admin Password Changer (PwdChanger) - Unknown owner - C:\WINDOWS\system32\Lgnserv.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - c:\drivers\dell\audio\r255264\wdm\stacsv.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Axalto Smart Card CAM Service (xltCCam) - Axalto Inc. - C:\WINDOWS\system32\xltCCam.exe

--

End of file - 8689 bytes

Link to post
Share on other sites

GMER log:

GMER 1.0.15.15530 - http://www.gmer.net

Rootkit scan 2010-11-17 08:03:28

Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\iaStor0 ST925041 rev.D005

Running: gmer.exe; Driver: C:\DOCUME~1\227-40~1\LOCALS~1\Temp\afldqpob.sys

---- System - GMER 1.0.15 ----

Code \??\C:\DOCUME~1\227-40~1\LOCALS~1\Temp\catchme.sys pIofCallDriver

---- Kernel code sections - GMER 1.0.15 ----

? C:\DOCUME~1\227-40~1\LOCALS~1\Temp\catchme.sys The system cannot find the file specified. !

? C:\WINDOWS\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\SearchIndexer.exe[648] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)

.text C:\WINDOWS\explorer.exe[796] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00D9000A

.text C:\WINDOWS\explorer.exe[796] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00DA000A

.text C:\WINDOWS\explorer.exe[796] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00D8000C

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 006F000A

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00B1000A

.text C:\WINDOWS\System32\svchost.exe[1292] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 006E000C

.text C:\WINDOWS\System32\svchost.exe[1292] USER32.dll!GetCursorPos 7E42974E 5 Bytes JMP 00FE000A

.text C:\WINDOWS\System32\svchost.exe[1292] ole32.dll!CoCreateInstance 774FF1AC 5 Bytes JMP 00FA000A

---- Devices - GMER 1.0.15 ----

Device \Driver\iaStor -> DriverStartIo \Device\Ide\iaStor0 88D23292

Device \Driver\iaStor -> DriverStartIo \Device\Ide\IAAStorageDevice-0 88D23292

AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \FileSystem\Cdfs \Cdfs DLAIFS_M.SYS (Drive Letter Access Component/Roxio)

Device \Device\Ide\IAAStorageDevice-1 -> \??\IDE#DiskST9250410AS_____________________________D005SDM1#4&2c160aa7&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- EOF - GMER 1.0.15 ----

Link to post
Share on other sites

Forgot to add the DDS log:

DDS (Ver_10-11-10.01) - NTFSx86

Run by 227-409062RC at 8:56:23.29 on Wed 11/17/2010

Internet Explorer: 8.0.6001.18702

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1974.1145 [GMT -6:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\drivers\dell\audio\r255264\wdm\stacsv.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe

C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe

svchost.exe

C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe

C:\Program Files\Iron Mountain\Connected BackupPC\AgentService.exe

C:\WINDOWS\System32\svchost.exe -k Akamai

C:\WINDOWS\system32\svchost.exe -k hpdevmgmt

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\System32\svchost.exe -k HPZ12

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\WINDOWS\system32\xltCCam.exe

C:\Program Files\Dell\Dell ControlPoint\DCPButtonSvc.exe

C:\Program Files\Dell\Dell ControlPoint\System Manager\DCPSysMgrSvc.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\wuauclt.exe

C:\WINDOWS\system32\SearchProtocolHost.exe

F:\tools\dds.com

============== Pseudo HJT Report ===============

uStart Page = https://owa2.compucom.com/owa/

BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [iCFCheck] wscript.exe //Job:main c:\windows\icf\ICF.WSF

mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"

mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey

mRun: [Enterprise Vault Offline Vault Size] c:\program files\enterprise vault\evreg\EVCREG13.exe /Q

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [iMEKRMIG6.1] c:\windows\ime\imkr6_1\IMEKRMIG.EXE

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [AESTFltr] %SystemRoot%\system32\AESTFltr.exe /NoDlg

mRun: [Apoint] c:\program files\delltpad\Apoint.exe

mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"

mRun: [DellControlPoint] "c:\program files\dell\dell controlpoint\Dell.ControlPoint.exe"

mRun: [xltSystemTray] c:\program files\axalto\access client\v5\xltSysTray.Exe

mRun: [xltCertPropUI] c:\windows\system32\xltCertPropUI.exe

mRun: [C2C MaX Compression initial registry keys] c:\program files\maxcompression\RegMaxComp54.exe /Q

mRun: [AeXAgentLogon] c:\program files\altiris\altiris agent\AeXAgentActivate.exe /logon

mRun: [AgentUiRunKey] "c:\program files\iron mountain\connected backuppc\Agent.exe" -ni -sss -e http://localhost:16386/

mRun: [signIn] "c:\program files\microsoft online services\sign in\SignIn.exe" /autorun

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\dellco~1.lnk - c:\program files\dell\dell controlpoint\system manager\DCPSysMgr.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL

Trusted Zone: skillport.com

Trusted Zone: skillsoft.com

Trusted Zone: skillwsa.com

DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227191672672

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227192455968

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Notify: igfxcui - igfxdev.dll

Notify: xltCamNotify - xltCamNotify.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

============= SERVICES / DRIVERS ===============

R0 a320raid;a320raid;c:\windows\system32\drivers\a320raid.sys [2008-8-5 217600]

R0 aarich;aarich;c:\windows\system32\drivers\aarich.sys [2008-8-5 214528]

R0 megasas;megasas;c:\windows\system32\drivers\megasas.sys [2008-8-5 17664]

R0 stdflt;Disk Filter Driver for Accelerometer;c:\windows\system32\drivers\stdfltn.sys [2010-8-7 17072]

R0 vmscsi;vmscsi;c:\windows\system32\drivers\vmscsi.sys [2010-8-7 17968]

R2 AgentService;AgentService;c:\program files\iron mountain\connected backuppc\AgentService.exe [2010-5-21 7587232]

R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]

R2 buttonsvc32;Dell ControlPoint Button Service;c:\program files\dell\dell controlpoint\DCPButtonSvc.exe [2009-11-20 278304]

R2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostControlService.exe [2009-12-17 812448]

R2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\broadcom corporation\broadcom ush host components\cv\bin\HostStorageService.exe [2009-12-17 27040]

R2 dcpsysmgrsvc;Dell ControlPoint System Manager;c:\program files\dell\dell controlpoint\system manager\DCPSysMgrSvc.exe [2009-12-10 376608]

R2 LV_Tracker;LV_Tracker;c:\windows\system32\drivers\LV_Tracker.sys [2010-5-21 45384]

R2 risdpcie;risdpcie;c:\windows\system32\drivers\risdpe86.sys [2010-4-21 47616]

R2 xltCCam;Axalto Smart Card CAM Service;c:\windows\system32\xltCCam.exe [2005-2-18 86016]

R3 Acceler;Accelerometer Service;c:\windows\system32\drivers\Accelern.sys [2010-8-7 42672]

R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [2010-4-21 113664]

R3 cvusbdrv;Dell ControlVault;c:\windows\system32\drivers\cvusbdrv.sys [2010-4-21 33832]

R3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\drivers\e1k5132.sys [2010-4-21 167080]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys [2010-4-21 132352]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2010-4-21 215040]

S2 InstallFilterService;FF Install Filter Service;c:\program files\stmicroelectronics\accelerometerp11\InstallFilterService.exe [2010-8-7 60928]

S2 PwdChanger;BP COE Admin Password Changer;c:\windows\system32\Lgnserv.exe [2001-1-29 348672]

S3 ctlsb16;Creative SB16/AWE32/AWE64 Driver (WDM);c:\windows\system32\drivers\ctlsb16.sys [2008-8-5 96256]

S3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hpfxfax.sys [2010-8-7 20504]

S3 s3legacy;s3legacy;c:\windows\system32\drivers\s3legacy.sys [2008-8-5 65664]

=============== Created Last 30 ================

2010-11-17 05:35:42 -------- d-sha-r- C:\cmdcons

2010-11-17 05:32:34 98816 ----a-w- c:\windows\sed.exe

2010-11-17 05:32:34 89088 ----a-w- c:\windows\MBR.exe

2010-11-17 05:32:34 256512 ----a-w- c:\windows\PEV.exe

2010-11-17 05:32:34 161792 ----a-w- c:\windows\SWREG.exe

2010-11-17 03:59:45 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-11-17 03:59:44 20952 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-11-17 03:59:44 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-11-17 03:47:39 -------- d-sh--w- c:\documents and settings\227-409062rc\IECompatCache

2010-11-17 03:47:24 -------- d-sh--w- c:\documents and settings\227-409062rc\PrivacIE

2010-11-17 03:41:57 -------- d-sh--w- c:\documents and settings\227-409062rc\IETldCache

2010-11-17 03:36:15 -------- dc-h--w- c:\windows\ie8

2010-11-03 12:53:45 -------- d-----w- C:\debugsymbols

2010-11-03 12:21:11 -------- d-----w- c:\program files\Debugging Tools for Windows (x86)

2010-11-02 21:01:54 -------- d-----w- c:\docume~1\227-40~1\applic~1\Smart PDF Converter

2010-11-02 02:55:44 -------- d-----w- c:\docume~1\227-40~1\locals~1\applic~1\CutePDF Writer

2010-11-02 02:54:22 -------- d-----w- c:\program files\GPLGS

2010-11-02 02:51:24 87552 ----a-w- c:\windows\system32\cpwmon2k.dll

2010-11-02 02:51:20 -------- d-----w- c:\program files\Acro Software

==================== Find3M ====================

2010-10-19 20:51:33 222080 ------w- c:\windows\system32\MpSigStub.exe

2010-09-18 17:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-09-08 16:17:46 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx

2010-09-08 16:17:46 69632 ----a-w- c:\windows\system32\QuickTime.qts

2010-09-01 11:51:14 285824 ----a-w- c:\windows\system32\atmfd.dll

2010-08-31 13:38:48 1861888 ----a-w- c:\windows\system32\win32k.sys

2010-08-27 08:02:29 119808 ----a-w- c:\windows\system32\t2embed.dll

2010-08-27 05:57:43 99840 ----a-w- c:\windows\system32\srvsvc.dll

2010-08-26 12:52:45 5120 ----a-w- c:\windows\system32\xpsp4res.dll

2010-08-23 16:12:04 617472 ----a-w- c:\windows\system32\comctl32.dll

============= FINISH: 8:57:20.20 ===============

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.