Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

cwhxt.sys (Rootkit.Agent) infection


  • This topic is locked This topic is locked
2 replies to this topic

#1 j1mb02

j1mb02

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 06 October 2010 - 02:40 PM

Firstly, thank you for such a helpful and user friendly site. I visited your site looking for a solution to Antimalwaredoctor, which I found and then successfully removed by following your advice.

However after succeeding with this Malwarebyte's then threw up the cwhxt.sys rootkit infection which it failed to delete on at least three occaisons. I tried using Spybot to flag up the problem and delete the file but it was at this point things started getting tricky as my version of windows XP service pack 3 corrupted requiring me to reinstall XP again - but only to service pack 1 - I haven't tried to update as I thought, from reading other posts, I would probably be better off cleaning the drive before I started trying to reinstate everything properly.

From there I've followed the prepartion guide fairly easily until GMER caused the machine to hang when running and once restarted and running again I was unable to save the log file using GMER or by copying and pasting into notepad. I did get round this by storing the text in a draft email and then creating the text file in notepad when the machine was running in safe mode with networking - however the networking would not allow me to connect to the internet. With GMER not running I was then able to connect and save as normal to get to here.

I think that covers all my actions to this point.

As requested please find below DDS file:


DDS (Ver_10-03-17.01) - NTFSx86
Run by James at 20:37:18.15 on 04/10/2010
Internet Explorer: 6.0.2800.1106 BrowserJavaVersion: 1.6.0_13
Microsoft Windows XP Home Edition 5.1.2600.1.1252.1.1033.18.2047.1209 [GMT 1:00]

AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: ActiveArmor Firewall *enabled* {EDC10449-64D1-46c7-A59A-EC20D662F26D}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\AVG\AVG9\avgchsvx.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Cobian Backup 10\cbVSCService.exe
C:\Program Files\Cobian Backup 10\cbService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\Explorer.EXE
"C:\WINDOWS\System32\svchost.exe"
C:\WINDOWS\vVX3000.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
C:\WINDOWS\System32\M-AudioTaskBarIcon.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Cobian Backup 10\cbInterface.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Messenger\MSMSGS.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Garmin\ANT Agent\ANT Agent.exe
C:\Program Files\U-ABIT\ABITEQ\abiteq.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\NETGEAR\WPN111\wpn111.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe
C:\Documents and Settings\James\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg9\avgssie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: {A057A204-BACC-4D26-9990-79A187E2698E} - No File
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [Skype] "c:\program files\skype\\phone\Skype.exe" /nosplash /minimized
uRun: [MSMSGS] "c:\program files\messenger\MSMSGS.EXE" /background
uRun: [kdx] c:\program files\kontiki\KHost.exe -all
uRun: [gStart] c:\garmin\gStart.exe
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [ANT Agent] c:\garmin\ant agent\ANT Agent.exe
uRun: [ABIT uGuruIII] c:\program files\u-abit\abiteq\abiteq.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRunOnce: [Shockwave Updater] c:\windows\system32\adobe\shockwave 11\SwHelper_1150596.exe -Update -1150596 -"Mozilla/5.0_(Windows;_U;_Windows_NT_5.1;_en-GB;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6_(.NET_CLR_3.5.30729)" -"http://www.boomerangtv.co.uk/shows/looney-tunes/games/bugs-vs-daffy"
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
mRun: [VX3000] c:\windows\vVX3000.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [nTrayFw] c:\program files\nvidia corporation\networkaccessmanager\bin\nTrayFw.exe
mRun: [M-Audio Taskbar Icon] c:\windows\system32\M-AudioTaskBarIcon.exe
mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe Version Cue CS2] c:\program files\adobe\adobe version cue cs2\controlpanel\VersionCueCS2Tray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Cobian Backup 10 Interface] "c:\program files\cobian backup 10\cbInterface.exe" -service
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\jamesw~1\startm~1\programs\startup\bbcipl~1.lnk - c:\program files\bbc iplayer desktop\BBC iPlayer Desktop.exe
StartupFolder: c:\docume~1\jamesw~1\startm~1\programs\startup\hmvukd~1.lnk - c:\program files\hmv uk download manager\HMV UK Download Manager.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\program files\microsoft office\office\OSA9.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\netgea~1.lnk - c:\program files\netgear\wpn111\wpn111.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: DirectAnimation Java Classes - file://c:\windows\java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227979668767
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227979710642
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} - hxxps://secure.logmein.com/activex/ractrl.cab?lmi=100
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\jamesw~1\applic~1\mozilla\firefox\profiles\3uncig14.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo! Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.co.uk/
FF - prefs.js: keyword.URL - hxxp://uk.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_uk&p=
FF - component: c:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: c:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: c:\program files\mozilla firefox\extensions\{ab2ce124-6272-4b12-94a9-7303c7397bd1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\james\application data\mozilla\firefox\profiles\3uncig14.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll
FF - plugin: c:\documents and settings\james\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npBBCPlugin.dll
FF - plugin: c:\program files\opera\program\plugins\nppdf32.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\
FF - HiddenExtension: XULRunner: {475AA3EE-41AE-4009-A254-0047516D0A0C} - c:\documents and settings\james\local settings\application data\{475AA3EE-41AE-4009-A254-0047516D0A0C}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\mozilla firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-30 216400]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-30 243024]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-16 308136]
R2 cbVSCService;Cobian Backup 10 Volume Shadow Copy service;c:\program files\cobian backup 10\cbVSCService.exe [2010-10-3 67584]
R2 CobianBackup10;Cobian Backup 10;c:\program files\cobian backup 10\cbService.exe [2010-10-3 1125376]
R3 ABIT-IO;ABIT-IO;c:\program files\u-abit\abiteq\ABIT-IO.sys [2008-11-29 4608]
S1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2008-11-30 29584]
S3 cpuz132;cpuz132;\??\c:\docume~1\jamesw~1\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\jamesw~1\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2009-4-4 17149]
S3 MADFU;MADFU;c:\windows\system32\drivers\MADFU.sys [2008-12-14 16512]
S3 MAUSBCV;Service for M-Audio Conectiv (WDM);c:\windows\system32\drivers\mausbcv.sys [2008-12-14 131712]
S3 RSC4_A02;U.S. Robotics Wireless USB Adapter Driver;c:\windows\system32\drivers\rsc4usb.sys --> c:\windows\system32\drivers\RSC4USB.sys [?]
S3 WPN111;Wireless USB 2.0 Adapter with RangeMax Service;c:\windows\system32\drivers\WPN111.sys [2009-11-5 362944]

=============== Created Last 30 ================

2010-10-04 19:33:30 0 ----a-w- c:\documents and settings\james\defogger_reenable
2010-10-03 21:02:24 10240 --sha-w- c:\windows\Thumbs.db
2010-10-03 21:00:27 58368 --sha-w- C:\Thumbs.db
2010-10-03 15:53:04 0 d-----w- c:\program files\Cobian Backup 10
2010-10-03 08:00:06 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools
2010-10-03 07:40:44 167704 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-10-03 07:26:55 0 d-----w- c:\program files\Spybot - Search & Destroy
2010-10-03 07:26:55 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2010-10-02 19:26:57 26112 -c--a-w- c:\windows\system32\dllcache\EXCH_seos.dll
2010-10-02 19:25:59 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-10-02 19:24:48 488 ---ha-r- c:\windows\system32\logonui.exe.manifest
2010-10-02 19:23:59 73728 -c--a-w- c:\windows\system32\dllcache\ils.dll
2010-10-02 19:22:59 66048 -c--a-w- c:\windows\system32\dllcache\wbemcons.dll
2010-10-02 19:20:27 50048 ----a-w- c:\windows\system32\drivers\DMusic.sys
2010-10-02 19:20:21 5888 ----a-w- c:\windows\system32\drivers\splitter.sys
2010-10-02 19:20:14 56576 ----a-w- c:\windows\system32\drivers\redbook.sys
2010-10-02 19:17:32 158720 ----a-r- c:\windows\system32\fdco_l1046.dll
2010-10-02 19:17:32 156672 ----a-r- c:\windows\system32\fdco_l1042.dll
2010-10-02 19:17:32 156672 ----a-r- c:\windows\system32\fdco_l1041.dll
2010-10-02 19:17:32 155136 ----a-r- c:\windows\system32\fdco_l2052.dll
2010-10-02 19:17:31 204288 ----a-r- c:\windows\system32\fdco1ins.dll
2010-10-02 19:17:31 159232 ----a-r- c:\windows\system32\fdco_l1036.dll
2010-10-02 19:17:31 159232 ----a-r- c:\windows\system32\fdco_l1034.dll
2010-10-02 19:17:31 159232 ----a-r- c:\windows\system32\fdco_l1031.dll
2010-10-02 19:17:31 158720 ----a-r- c:\windows\system32\fdco_l1040.dll
2010-10-02 19:17:31 155648 ----a-r- c:\windows\system32\fdco_l1028.dll
2010-10-02 19:17:30 34176 ----a-r- c:\windows\system32\drivers\NVENETFD.sys
2010-10-02 19:07:55 8574 -c--a-w- c:\windows\system32\dllcache\IASNT4.CAT
2010-10-02 17:03:08 0 d-----w- c:\windows\pss
2010-10-02 12:21:05 0 d-----w- c:\docume~1\jamesw~1\applic~1\Malwarebytes
2010-10-02 12:20:58 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-02 12:20:57 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 12:20:57 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-10-02 12:20:57 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-09-28 20:44:35 120 ----a-w- c:\windows\Cpajuwese.dat
2010-09-28 20:44:35 0 ----a-w- c:\windows\Asateyibewe.bin
2010-09-28 20:42:54 841216 ----a-w- c:\windows\system32\drivers\cwhxt.sys
2010-09-28 20:42:25 0 d-----w- c:\docume~1\jamesw~1\applic~1\F611436FE5A0287C87BDF770636E6E58
2010-09-19 21:07:53 0 d-----w- c:\docume~1\alluse~1\applic~1\LogMeIn

==================== Find3M ====================

2010-10-02 19:23:29 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-07-22 05:57:20 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2010-07-16 13:21:44 12536 ----a-w- c:\windows\system32\avgrsstx.dll

============= FINISH: 20:37:40.81 ===============

Thank you for your help.

Attached Files



BC AdBot (Login to Remove)

 


#2 j1mb02

j1mb02
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:22 PM

Posted 07 October 2010 - 04:47 PM

Not to worry about this now. My machine went really erratic and would not boot in normal mode so to get any use out of the machine I was being forced to reinstall XP just to log in. Seeing as I've backed up my data I've decided to go the whole hog and reformat the drive and reinstall everything.

#3 Budapest

Budapest

    Bleepin' Cynic


  • Moderator
  • 23,579 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:22 AM

Posted 07 October 2010 - 04:52 PM

As this issue appears to be resolved I am closing the topic. Please send me (or any other Moderator) a Personal Message (PM) if you would like the topic re-opened.
The power of accurate observation is commonly called cynicism by those who haven't got it.

—George Bernard Shaw




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users