Tech Support Forum banner
Status
Not open for further replies.
1 - 1 of 1 Posts

·
Registered
Joined
·
1 Posts
I had a problem with spyware/trojan, mainly jsut installing porn links on my desktop, popping up every 30 seconds to insist i installed their 'malware protector'. After repeated applications of McAfee I managed to remove most of it from my system, i think.

But, in every single folder containing documents/photos/music/videos, has appeared a file called CredDB.CEF, and everything in these files is now corrupted and unreadable.

Is there ANY way of me ever seeing my stuff again?

I had a problem with spyware/trojan, mainly jsut installing porn links on my desktop, popping up every 30 seconds to insist i installed their 'malware protector'. After repeated applications of McAfee I managed to remove most of it from my system, i think.

But, in every single folder containing documents/photos/music/videos, has appeared a file called CredDB.CEF, and everything in these files is now corrupted and unreadable.

Is there ANY way of me ever seeing my stuff again?
Apologies, just read the first steps thing. Here is my DDS log


DDS (Ver_09-12-01.01) - NTFSx86
Run by EHamilton at 11:08:03.70 on Mon 12/07/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1063 [GMT 1:00]

AV: VirusScan Enterprise + AntiSpyware Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\EMSService.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\CmgShieldSvc.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\BigFix Enterprise\BES Client\BESClient.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\WINDOWS\etlisrv.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Program Files\McAfee\VirusScan Enterprise\engineserver.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe
C:\WINDOWS\system32\mfevtps.exe
C:\oracle\ora10\bin\omtsreco.exe
c:\PROGRA~1\Novadigm\radexecd.exe
c:\PROGRA~1\Novadigm\radsched.exe
c:\PROGRA~1\Novadigm\Radstgms.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Timbuktu Pro\tb2launch.exe
C:\Program Files\Timbuktu Pro\TimbuktuRemoteConsole.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\Timbuktu Pro\minitb2.exe
C:\PROGRA~1\Novadigm\radtray.exe
C:\WINDOWS\System32\CMGShieldUI.exe
C:\WINDOWS\system32\EmsServiceHelper.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\McAfee\Common Framework\udaterui.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Schlumberger\i-Handbook\i-Handbook.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\McAfee\VirusScan Enterprise\mcconsol.exe
C:\Program Files\McAfee\VirusScan Enterprise\scncfg32.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
svchost.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\EHamilton\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://hub.slb.com
uDefault_Page_URL = hxxp://hub.slb.com
mDefault_Page_URL = hxxp://www.hub.slb.com/
mStart Page = hxxp://www.hub.slb.com/
uInternet Settings,ProxyOverride = <local>
mWinlogon: Userinit=userinit.exe,
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0\bin\ssv.dll
BHO: ViewerHelper Class: {78104a01-8e71-4f30-9a36-3793799615b4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\mcafee\virusscan enterprise\scriptsn.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [i-Handbook] c:\program files\schlumberger\i-handbook\i-Handbook.exe /i
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /installquiet
mRun: [NVHotkey] rundll32.exe nvHotkey.dll,Start
mRun: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [Password Reminder] remind.vbs
mRun: [SunJavaUpdateSched] "c:\program files\java\jre1.6.0\bin\jusched.exe"
mRun: [TLogonPath] "c:\program files\timbuktu pro\minitb2.exe"
mRun: [GetInfo] c:\program files\mcafee\common framework\GetInfo.exe
mRun: [RUNRADTRAY] c:\progra~1\novadigm\radtray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [CmgShieldUI] c:\windows\system32\CMGShieldUI.exe
mRun: [EmsService] EmsServiceHelper.exe
mRun: [FTL Connected Agent] c:\program files\ftl\FTLAgent.Net.exe /d:10
mRun: [FTL Email Agent] c:\program files\ftl\FTLAgent.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [McAfeeUpdaterUI] "c:\program files\mcafee\common framework\udaterui.exe" /StartedFromRunKey
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [Communicator] "c:\program files\microsoft office communicator\communicator.exe" /fromrunkey
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [EFS] c:\windows\system32\wscript.exe c:\progra~1\novadigm\SLB_EFS.VBS
mRun: [4oD] "c:\program files\kontiki\KHost.exe" -all
mRun: [ShStatEXE] "c:\program files\mcafee\virusscan enterprise\SHSTAT.EXE" /STANDALONE
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "f:\itunes\iTunesHelper.exe"
dRunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.vbs"
dRunOnce: [TSClientAXDisabler] cmd.exe /C "%systemroot%\Installer\TSClientMsiTrans\tscdsbl.bat"
uExplorerRun: [Explorer] xiao.vbs
StartupFolder: c:\docume~1\ehamil~1\startm~1\programs\startup\yahoo!~1.lnk - c:\program files\yahoo!\widgets\YahooWidgets.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\toshiba\bluetooth toshiba stack\TosBtMng.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\1.0.150\SSScheduler.exe
uPolicies-explorer: ForceStartMenuLogOff = 1 (0x1)
uPolicies-system: DisableTaskMgr = 1 (0x1)
uPolicies-system: DisableChangePassword = 1 (0x1)
uPolicies-system: HideLogonScripts = 0 (0x0)
mPolicies-system: SynchronousMachineGroupPolicy = 0 (0x0)
mPolicies-system: SynchronousUserGroupPolicy = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {685ec120-f786-4498-a8f0-794d47916161} - {C733FB84-6DB3-4363-8AA7-678F9B5E828E} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - {78104A01-8E71-4F30-9A36-3793799615B4} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Trusted Zone: abbeyinternational.com
Trusted Zone: atosorigin-asp.com
Trusted Zone: atosorigin-asp.com\*.slb
Trusted Zone: books24x7.com
Trusted Zone: citibank.com
Trusted Zone: etrade.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: microsoft.com
Trusted Zone: ml.com
Trusted Zone: mydexa.com
Trusted Zone: skillport.com
Trusted Zone: slb.com\*.aodc
Trusted Zone: slb.com\crm.oilfield
Trusted Zone: standardchartered.com\webbank
Trusted Zone: virtualbranches.com
Trusted Zone: westerngeco.com
Trusted Zone: geoquest.com
Trusted Zone: intouchsupport.com
Trusted Zone: mydexa.com
Trusted Zone: slb.com
Trusted Zone: standardchartered.com\webbank
Trusted Zone: virtualbranches.com
Trusted Zone: westerngeco.com
DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/FacebookPhotoUploader5.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000}
DPF: {28CB79B1-9311-4F75-BCDE-83660E829CBD} - hxxp://crm-ofs.aodc.slb.com/sales_enu/19227/applets/SiebelAx_HI_Client.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1178561480471
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1181591086296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} - hxxp://crm-ofs.aodc.slb.com/sales_enu/19227/applets/SiebelAx_Desktop_Integration.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {D821DC4A-0814-435E-9820-661C543A4679} - hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx
DPF: {E5F5D008-DD2C-4D32-977D-1A0ADF03058B} - hxxps://gateway.slb.com/dana-cached/setup/JuniperSetupSP1.cab
Filter: application/msword - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/octet-stream - {F969FE8E-1937-45AD-AF42-8A4D11CBDC2A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-excel - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/vnd.ms-powerpoint - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Filter: application/x-microsoft-rpmsg-message - {DFF82902-0B96-3B98-6F62-D655E146A23A} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: rmh - {23C585BB-48FF-4865-8934-185F0A7EB84C} - c:\program files\microsoft\rights management add-on\RMAFilt.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: CMGShieldNP - CmgShieldNP.dll
Notify: slbScCertProp - c:\windows\system32\ScCertProp.dll
Notify: Timbuktu Pro - c:\program files\timbuktu pro\Hook32.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Eudora's Shell Extension: {edb0e980-90bd-11d4-8599-0008c7d3b6f8} - c:\program files\qualcomm\eudora\EuShlExt.dll
mASetup: {EEBF9CA6-567B-41cd-B5F6-EF2C7FEF37B5} - rundll32.exe advpack.dll,LaunchINFSectionEx c:\windows\inf\wmactedp.inf,PerUserStub,,4
IFEO: 360tray.exe - SDF

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\ehamil~1\applic~1\mozilla\firefox\profiles\zvu4wd7s.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:eek:fficial
FF - component: c:\program files\mozilla firefox\components\Scriptff.dll
FF - plugin: c:\documents and settings\ehamilton\local settings\application data\myvrnpapi\npmyvr.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava11.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava12.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava13.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava14.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjava32.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npjpi160.dll
FF - plugin: c:\program files\java\jre1.6.0\bin\npoji610.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npyaxmpb.dll
FF - plugin: f:\music\netscape6\nppl3260.dll
FF - plugin: f:\music\netscape6\nprjplug.dll
FF - plugin: f:\music\netscape6\nprpjplug.dll

============= SERVICES / DRIVERS ===============

R0 CmgShieldCEF;CmgShieldCEF;c:\windows\system32\drivers\CMGShCEF.sys [2008-2-22 336440]
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2009-11-19 342640]
R1 Tb2Device;TB2 Remote Control Driver;NetopiaRC\Tb2Device.sys --> NetopiaRC\Tb2Device.sys [?]
R1 Tb2MirrorSys;TB2 Remote Control Mirror Driver;NetopiaRC\Tb2MirrorSys.sys --> NetopiaRC\Tb2MirrorSys.sys [?]
R2 CMGShield;CMGShield;c:\windows\system32\CmgShieldSvc.exe [2008-2-22 1828144]
R2 EMS;EMS;c:\windows\system32\EmsService.exe [2008-2-22 660784]
R2 ETFSDNT;Entrust File System Hook;c:\windows\system32\Etfsdrv.sys [2007-5-7 52432]
R2 McAfeeEngineService;McAfee Engine Service;c:\program files\mcafee\virusscan enterprise\engineserver.exe [2009-4-29 21256]
R2 McAfeeFramework;McAfee Framework Service;c:\program files\mcafee\common framework\FrameworkService.exe [2008-11-10 103744]
R2 McTaskManager;McAfee Task Manager;c:\program files\mcafee\virusscan enterprise\vstskmgr.exe [2009-4-29 62800]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2009-11-19 70216]
R2 radexecd;HP OVCM Notify Daemon;c:\progra~1\novadigm\radexecd.exe [2007-2-20 270510]
R2 radsched;HP OVCM Scheduler Daemon;c:\progra~1\novadigm\radsched.exe [2009-6-5 172210]
R2 Radstgms;HP OVCM MSI Redirector;c:\progra~1\novadigm\Radstgms.exe [2009-2-17 315570]
R2 vddidecr;Digital Delivery Decrypting Device;c:\windows\system32\drivers\vddidecr.sys [2007-5-7 109312]
R3 Egatebus;Egatebus;c:\windows\system32\drivers\egatebus.sys [2005-3-1 11264]
R3 Egaterdr;Egaterdr;c:\windows\system32\drivers\egaterdr.sys [2005-3-1 10752]
S1 mferkdk;VSCore mferkdk;\??\c:\program files\mcafee\virusscan enterprise\mferkdk.sys --> c:\program files\mcafee\virusscan enterprise\mferkdk.sys [?]
S2 McShield;McAfee McShield;c:\program files\mcafee\virusscan enterprise\mcshield.exe [2009-5-19 144888]
S2 R72_NT4;R72_NT4;c:\windows\system32\drivers\r72_nt4.sys --> c:\windows\system32\drivers\R72_NT4.sys [?]
S2 R72V2NT4;R72V2NT4; [x]
S2 Schlumberger License Server;Schlumberger License Server;c:\program files\schlumberger\schlumberger licensing\flex114\lmgrd.exe [2007-10-11 1372160]
S2 Ultra Studio Coordinator;Ultra Studio Coordinator;c:\program files\schlumberger\ultra studio\UltraStudioCoordinator.exe [2009-9-28 49152]
S3 CmgShieldNP;CmgShieldNP;c:\windows\system32\CmgShieldNP.dll [2008-2-22 161072]
S3 ETDSVC;Entrust/TrueDelete(TM);c:\windows\system32\etdsvc.exe [2005-1-10 10240]
S3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2009-11-19 91640]
S3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2009-11-19 43288]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2009-11-19 65224]
S3 Ultra Communications Server;Ultra Communications Server;c:\program files\schlumberger\ultra studio\UltraCommsServer.exe [2009-9-28 53248]
S3 Ultra Data Services Server;Ultra Data Services Server;c:\program files\schlumberger\ultra studio\UltraDataServicesServer.exe [2009-9-28 53248]
S3 Ultra Task Automation Server;Ultra Task Automation Server;c:\program files\schlumberger\ultra studio\UltraTaskAutomationServer.exe [2009-9-28 73728]
S3 Ultra Virtual DTS Server;Ultra Virtual DTS Server;c:\program files\schlumberger\ultra studio\UltraVirtualDtsServer.exe [2009-9-28 65536]

=============== Created Last 30 ================

2009-12-07 10:08:02 0 d-----w- c:\temp\23.tmp
2009-12-07 10:07:33 284153 ----a-r- c:\temp\gmer.zip
2009-12-07 07:58:43 16384 ----atw- c:\temp\Perflib_Perfdata_1278.dat
2009-12-07 06:48:41 0 d-----w- c:\temp\WPDNSE
2009-12-06 15:19:09 0 d-----w- c:\temp\plugtmp-470
2009-12-06 14:21:13 367216 ----a-w- c:\documents and settings\ehamilton\FileName.exe
2009-12-06 12:53:57 0 d-----w- c:\program files\iPod
2009-12-06 12:53:53 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-12-06 10:55:57 194 ----a-w- c:\windows\system32\srcr.dat
2009-12-06 10:23:12 65536 ----a-w- c:\temp\a6mbqdvk.dll
2009-12-06 07:58:42 0 d-----w- c:\temp\plugtmp-469
2009-12-06 07:11:22 0 d-----w- c:\temp\PCTInstaller
2009-12-06 07:09:47 0 d-----w- c:\temp\is-0K2GF.tmp
2009-12-05 15:47:06 11904 ----a-w- c:\temp\test.reg
2009-12-05 15:42:45 8212 ----a-w- c:\windows\mfebcdata
2009-12-05 15:39:37 0 d-----w- c:\program files\AntiMalware
2009-12-03 11:22:44 0 d-----w- c:\temp\plugtmp-468
2009-12-03 09:49:38 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-12-03 09:43:58 0 ----a-w- c:\windows\Spectrum.ini
2009-11-27 16:46:55 0 d-----w- c:\temp\plugtmp-467
2009-11-27 08:40:46 0 d-----w- c:\temp\wz4149
2009-11-27 08:27:29 0 d-----w- c:\temp\wz164c
2009-11-26 14:56:04 0 d-----w- c:\documents and settings\all users\EasyView
2009-11-26 14:56:04 0 d-----w- c:\docume~1\alluse~1\applic~1\Intab
2009-11-26 14:47:03 0 d-----w- c:\program files\Gemini Data Loggers
2009-11-26 14:46:30 0 d-----w- c:\program files\EasyView5
2009-11-26 13:42:01 64 ----a-w- c:\windows\easyterm.INI
2009-11-25 19:48:37 0 d-----w- c:\temp\wz5706
2009-11-24 19:29:52 0 d-----w- c:\temp\plugtmp-466
2009-11-24 07:24:17 0 d-----w- c:\temp\plugtmp-465
2009-11-23 15:07:30 0 d-----w- c:\temp\WER2ff7.dir00
2009-11-22 15:35:18 0 d-----w- c:\temp\plugtmp-464
2009-11-20 03:59:53 12928 -c--a-w- c:\windows\system32\dllcache\dot4prt.sys
2009-11-20 03:59:53 12928 ----a-w- c:\windows\system32\drivers\Dot4Prt.sys
2009-11-20 03:56:30 7 ----a-w- c:\windows\system32\DF_RMS
2009-11-20 03:56:22 206976 -c--a-w- c:\windows\system32\dllcache\dot4.sys
2009-11-20 03:56:22 206976 ----a-w- c:\windows\system32\drivers\Dot4.sys
2009-11-20 03:56:21 23808 -c--a-w- c:\windows\system32\dllcache\dot4usb.sys
2009-11-20 03:56:21 23808 ----a-w- c:\windows\system32\drivers\Dot4usb.sys
2009-11-19 17:49:55 65224 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2009-11-19 17:49:54 91640 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2009-11-19 17:49:54 75704 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2009-11-19 17:49:54 70216 ----a-w- c:\windows\system32\mfevtps.exe
2009-11-19 17:49:54 63728 ----a-w- c:\windows\system32\drivers\mfetdik.sys
2009-11-19 17:49:54 43288 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2009-11-19 17:49:54 342640 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2009-11-19 17:49:32 0 d-----w- c:\program files\common files\McAfee
2009-11-19 16:36:40 3255 ----a-w- c:\windows\system32\wbem\Outlook_01ca693678a9e5d2.mof
2009-11-19 16:36:40 16384 ----atw- c:\temp\Perflib_Perfdata_1020.dat
2009-11-15 22:43:27 0 d-----w- c:\docume~1\ehamil~1\applic~1\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2009-11-15 22:43:24 0 d-----w- c:\program files\BBC iPlayer Desktop
2009-11-12 15:14:52 0 d-----w- c:\temp\plugtmp-463
2009-11-11 15:37:41 0 d-----w- c:\temp\plugtmp-462
2009-11-09 08:42:15 0 d-----w- c:\temp\plugtmp-461
2009-11-09 07:16:22 0 ----a-w- c:\temp\9_zsfk3u.dll
2009-11-07 10:13:47 0 d-----w- c:\temp\plugtmp-460

==================== Find3M ====================

2009-10-15 04:23:03 19958 ----a-w- c:\windows\system32\SdeRequiredCheck.vbs
2009-08-25 18:07:53 18015723 ----a-w- c:\program files\vlc-1.0.1-win32.exe
2009-08-17 17:11:35 4393269 ----a-w- c:\program files\CheatEngine55.exe
2009-08-12 15:35:56 1962544 ----a-w- c:\program files\install_flash_player_ax.exe
2009-08-12 15:34:47 1925024 ----a-w- c:\program files\install_flash_player.exe
2009-08-06 12:00:26 914832 ----a-w- c:\program files\Finn3dSetupNpApi.exe
2008-10-21 09:48:29 16710688 ----a-w- c:\program files\IE8-WindowsXP-x86-ENU.exe
2008-10-21 07:57:47 28868320 ----a-w- c:\program files\FileFormatConverters.exe
2007-06-11 22:05:20 32768 --sha-w- c:\windows\system32\config\systemprofile\application data\microsoft\internet explorer\userdata\index.dat
2009-02-13 10:39:39 32768 --sha-w- c:\windows\system32\config\systemprofile\local settings\application data\microsoft\feeds cache\index.dat
2009-07-20 06:22:03 16384 --sha-w- c:\windows\temp\cookies\index.dat
2009-07-20 06:22:03 32768 --sha-w- c:\windows\temp\history\history.ie5\index.dat
2009-07-20 06:22:03 32768 --sha-w- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:09:19.14 ===============

I am having problems running GMER, it is refusing to start. I will contiune trying to run it.
 

Attachments

1 - 1 of 1 Posts
Status
Not open for further replies.
Top