Jump to content
IObit Forum
Top Free Driver Updater Tools Best 25 PC Optimization Software Best 22 Antimalware Best 22 Uninstaller Software IObit Coupons & Discount Offers PC Optimizer Mac Boost Advice IObit Coupons A Good Utility Program From IObit IObit Promo Codes IObit Coupon Codes IObit Coupons and Deals FAQs Driver Booster Pro Review

I have close to 20 trojans, and several others aswell

cmjf0013

Recommended Posts

cmjf0013 Newbie

cmjf0013

Posted
Posted

I have IObit malwarefighter and I KNOW I have a HUGE problem with viruses, BUT its not catching anything, I have run, several scans, and its all the same thing, I have not got money to pay for anything at all to get I have run scans on avg, avast, malwarebytes anti malware, advanced system care 5, and a list of others, but again, nothing, in advanced system care 5, it shows its scanning Trojan.Win32/agent and I cant even even list the rest, theres close to 20 trojans alone, and thats just the trojans, theres adware, worms, and god knows what else, its bad enough that yes, I can use my pc, but I have 504 mbs total ram, and right now, I am running with only 111mbs left right now, and idling, I can get it to go to about 300 left, IF I let it sit for a bit, oh, it just dropped down to 67 left, it shouldnt be running like this, and I also can't open up malwarebytes or malware fighter half the time, w please help, I am trying to get this to run smoother in games, I down load them, but this computer is bad enough, I'm using an 8G flash drive as extra ram........ please help, thanks

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

 

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

 

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

 

Link 1

Link 2

 

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

 

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

**********************************************************

Let's run a few more scans to see what turns up.

 

Please download aswMBR.exe ( 511KB ) to your desktop.

 

Double click the aswMBR.exe to run it

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_Scan.jpg

 

Click the "Scan" button to start scan

 

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png

 

On completion of the scan click save log, save it to your desktop and post in your next reply

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

Results of screen317's Security Check version 0.99.24

Windows XP Service Pack 3 x86

Internet Explorer 7 Out of date!

``````````````````````````````

Antivirus/Firewall Check:

Windows Security Center service is not running! This report may not be accurate!

AVG 2012

Norton AntiVirus 2006

Norton Internet Security 2006 (Symantec Corporation)

Norton Internet Security

```````````````````````````````

Anti-malware/Other Utilities Check:

Java 6 Update 30

Adobe Flash Player 11.2.202.235

Mozilla Firefox (x86 en-US..)

````````````````````````````````

Process Check:

objlist.exe by Laurent

``````````End of Log````````````

 

thats from the Checkup.txt notepad information, the next part is from the scan.

 

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-27 21:25:07

-----------------------------

21:25:07.687 OS Version: Windows 5.1.2600 Service Pack 3

21:25:07.687 Number of processors: 1 586 0xE08

21:25:07.828 ComputerName: YOUR-09DEDAFE33 UserName: Rachel

21:25:16.937 Initialize success

21:27:35.703 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

21:27:35.703 Disk 0 Vendor: FUJITSU_ 892C Size: 57241MB BusType: 3

21:27:35.765 Disk 0 MBR read successfully

21:27:35.765 Disk 0 MBR scan

21:27:35.765 Disk 0 unknown MBR code

21:27:35.812 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49026 MB offset 63

21:27:35.843 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8212 MB offset 100406313

21:27:35.906 Disk 0 scanning sectors +117226305

21:27:36.093 Disk 0 scanning C:\WINDOWS\system32\drivers

21:27:46.812 Service scanning

21:28:13.296 Modules scanning

21:28:18.984 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**

21:28:21.250 Module: C:\WINDOWS\system32\ntdll.dll **SUSPICIOUS**

21:28:21.265 Disk 0 trace - called modules:

21:28:21.312 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys iaStor.sys

21:28:21.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82391030]

21:28:21.343 3 CLASSPNP.SYS[f84d5fd7] -> nt!IofCallDriver -> \Device\0000008e[0x823469e8]

21:28:21.359 5 ACPI.sys[f834c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82318030]

21:28:21.375 Scan finished successfully

21:29:35.562 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachel\My Documents\MBR.dat"

21:29:35.578 The log file has been saved successfully to "C:\Documents and Settings\Rachel\My Documents\aswMBR.txt"

 

 

For some reason, its not showing what I thought it would show, non on my virus scanners are catching anything, not athing, advanced system care 5 scans them, but does not catch them, I'll check this in a few to see what you replied with, thank you btw, I appreciate you taking your time to help me.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

The Security Check shows that you're running two AV's on your program which can cause a lot of problems. Either AVG 2012

or Norton AntiVirus 2006 should be de-activate/removed.

 

Update Your Java (JRE)

 

Old versions of Java have vulnerabilities that malware can use to infect your system.

 

First Verify your Java Version

 

If there are any other version(s) installed then update now.

 

Get the new version (if needed)

 

If your version is out of date install the newest version of the Sun Java Runtime Environment.

 

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

 

Be sure to close ALL open web browsers before starting the installation.

 

Remove any old versions

 

1. Download JavaRa and unzip the file to your Desktop.

2. Open JavaRA.exe and choose Remove Older Versions

3. Once complete exit JavaRA.

 

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.

********************************************************

We need to fix the Master Boot Record using aswMBR now.

 

  • Double click aswMBR.exe to run it like before
  • Once the scan finishes click FixMBR to remove the infection as illustrated below

 

http://i424.photobucket.com/albums/pp322/digistar/aswMBR_FixMBR.jpg

 

  • Once the scan finishes click Save log to save the log to your Desktop
     
    http://i424.photobucket.com/albums/pp322/digistar/aswMBR_SaveLog.png
     
  • Copy and paste the contents of aswMBR.txt back here for review

.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

I did what you had told me to do, I can't get rid of norton, avg is the primary anti virus I use, its the only active program I use, as for norton, I have tried for a couple of years to delete it, its unactive, but it will not let me delete it, when I tried the first time is when this all happened to begin with, I have no idea what to do for that

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted
Please try this Norton Removal Tool.

 

Norton/Symantec Removal Tool - Norton Removal Tool

 

 

I got it to work, I scanned norton first with malwarebytes avg and I wanna say malware fighter, and every one of them told me norton was a virus, its off now, but is that even POSSIBLE? its an anti virus, but when I tried to delete it years ago, I got slammed by all these viruses, and what do I do with the viruses on here? is there anything I can do to get the bad ones off? or is it better to just save up and buy a new pc? I am planning on getting a nice gaming pc, but should I just deal with this one like it is? or is it possible to fix this one? it runs ok, but it can't play alot of stuff I know it SHOULD be able too.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted
I got slammed by all these viruses, and what do I do with the viruses on here? is there anything I can do to get the bad ones off? or is it better to just save up and buy a new pc?

We can fix in a short while if you follow the instructions I gave you. Please do the instructions I gave you in reply # 4 to fix the MBR.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software

Run date: 2012-05-29 22:35:39

-----------------------------

22:35:39.750 OS Version: Windows 5.1.2600 Service Pack 3

22:35:39.750 Number of processors: 1 586 0xE08

22:35:40.109 ComputerName: YOUR-09DEDAFE33 UserName: Rachel

22:35:54.062 Initialize success

22:36:24.046 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0

22:36:24.046 Disk 0 Vendor: FUJITSU_ 892C Size: 57241MB BusType: 3

22:36:24.109 Disk 0 MBR read successfully

22:36:24.109 Disk 0 MBR scan

22:36:24.125 Disk 0 Windows XP default MBR code

22:36:24.125 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 49026 MB offset 63

22:36:24.203 Disk 0 Partition 2 00 0C FAT32 LBA RECOVERY 8212 MB offset 100406313

22:36:24.250 Disk 0 scanning sectors +117226305

22:36:24.484 Disk 0 scanning C:\WINDOWS\system32\drivers

22:36:38.437 Service scanning

22:38:54.906 Modules scanning

22:39:07.656 Module: C:\WINDOWS\System32\drivers\dxgthk.sys **SUSPICIOUS**

22:39:10.375 Disk 0 trace - called modules:

22:39:10.437 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys iaStor.sys

22:39:10.437 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x82f3f9c0]

22:39:10.437 3 CLASSPNP.SYS[f8695fd7] -> nt!IofCallDriver -> \Device\00000089[0x82f203a8]

22:39:10.437 5 ACPI.sys[f850c620] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x82f2d030]

22:39:10.437 Scan finished successfully

22:42:33.906 Verifying

22:42:43.937 Disk 0 Windows 501 MBR fixed successfully

22:45:03.984 Verifying

22:45:14.046 Disk 0 Windows 501 MBR fixed successfully

22:46:12.734 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Rachel\My Documents\MBR.dat"

22:46:12.812 The log file has been saved successfully to "C:\Documents and Settings\Rachel\My Documents\aswMBR.txt 2.txt"

 

 

I clicked "fix MBR" twice, but it stopped where it did, I think it finished by I could be wrong, if I am and need to redo the process again, let me know lol

Link to comment
Share on other sites
Melvin_Deal Newbie

Melvin_Deal

Posted
Posted

Hi cmjf0013... Welcome here!

 

You need to slow down and follow Superdave's instructions exactly. It doesn't matter what you did or experienced before, if you will follow the instructions!

 

Please...? And then wait patiently for the next set of instructions...

 

Dave is not a scanner... He is a human who is very skilled and well trained at cleaning computers of all kinds of malware and is active on several forums! He gives his time and expertise here freely when he can! This is a generous gift... !:-D

 

Sincerely,

-Mel

Live long and prosper!

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted
You need to slow down and follow Superdave's instructions exactly. It doesn't matter what you did or experienced before, if you will follow the instructions!

 

Please...? And then wait patiently for the next set of instructions...

 

Dave is not a scanner... He is a human who is very skilled and well trained at cleaning computers of all kinds of malware and is active on several forums! He gives his time and expertise here freely when he can! This is a generous gift... !:-D

 

Sincerely,

-Mel

Live long and prosper!

 

I'm sorry sir, I'm just getting stressed, my pc crashed after I posted that, I am afraid I may be doing more harm then good, I will slow down and wait for him to tell me the next steps, I am sorry though, I aint trying to be a pest, and thanks again

Link to comment
Share on other sites
Melvin_Deal Newbie

Melvin_Deal

Posted
Posted
I'm sorry sir, I'm just getting stressed, my pc crashed after I posted that, I am afraid I may be doing more harm then good, I will slow down and wait for him to tell me the next steps, I am sorry though, I aint trying to be a pest, and thanks again

 

You are not being a pest! It is very important that you do not take any steps (download anything or run anything) beyond Dave's instructions! If your machine is that close to the edge you must comply!

 

If the reasons for the crash aren't malware related then that will become apparent in the end!

 

You cannot fix this malware issue and continue using your machine like you are accustomed (used) to. You must focus solely on fixing it. Until it is fixed... don't try to use it.

 

Sincerely,

-Mel

Live long and prosper!

 

 

P.s. Thanks Dave... I am gone now!

 

Sincerely,

-Mel

Live Long and Prosper!

 

Edit: [ Hi cmjf0013 just saw your post in the gamebooster section... glad you took Woz's advice!]

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Download Combofix from any of the links below, and save it to your DESKTOP.

 

Link 1

Link 2

Link 3

 

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

  • Close any open windows and double click ComboFix.exe to run it.
     
    You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

 

Click I Agree to start the program.

 

ComboFix will then extract the necessary files and you will see this:

 

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

 

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

 

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

 

If you did not have it installed, you will see the prompt below. Choose YES.

 

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

 

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

 

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

 

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

 

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

 

Click on Yes, to continue scanning for malware.

 

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

 

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

 

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

The Report part 1

 

ComboFix 12-05-30.04 - Rachel 05/30/2012 15:16:06.1.1 - x86

Running from: c:\documents and settings\Rachel\My Documents\Downloads\ComboFix.exe

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\documents and settings\All Users\Application Data\TEMP

c:\documents and settings\All Users\Application Data\TEMP\AVG\avgfinst.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\avi7.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\crt_x64.msi

c:\documents and settings\All Users\Application Data\TEMP\AVG\files.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\incavi.avm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_cz.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_da.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_fr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ge.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_hu.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_id.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_in.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_it.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_jp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ko.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ms.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_nl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pb.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pl.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_pt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_ru.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sc.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sk.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_sp.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_tr.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_us.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zh.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\license_zt.htm

c:\documents and settings\All Users\Application Data\TEMP\AVG\microavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\miniavi.avg

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.dat

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.exe

c:\documents and settings\All Users\Application Data\TEMP\AVG\setup.ini

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupcz.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupda.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupfr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupge.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuphu.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupid.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupin.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupit.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupjp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupko.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupms.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupnl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppb.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppl.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuppt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupru.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsc.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsk.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupsp.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setuptr.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupus.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzh.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\setupzt.lns

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredis1.cab

c:\documents and settings\All Users\Application Data\TEMP\AVG\vcredist.msi

c:\documents and settings\Rachel\WINDOWS

C:\install.exe

c:\program files\Fast Browser Search

c:\program files\Fast Browser Search\IE\affid.dat

c:\program files\Fast Browser Search\IE\basis.xml

c:\program files\Fast Browser Search\IE\ClearRecycleBin.exe

c:\program files\Fast Browser Search\IE\error.html

c:\program files\Fast Browser Search\IE\FBSPlugin.dll

c:\program files\Fast Browser Search\IE\FBStoolbar.crc

c:\program files\Fast Browser Search\IE\FBStoolbar.inf

c:\program files\Fast Browser Search\IE\icons.bmp

c:\program files\Fast Browser Search\IE\info.txt

c:\program files\Fast Browser Search\IE\local.xml

c:\program files\Fast Browser Search\IE\MTWBtoolbar.html

c:\program files\Fast Browser Search\IE\options.html

c:\program files\Fast Browser Search\IE\searchbutton1.gif

c:\program files\Fast Browser Search\IE\searchbutton2.gif

c:\program files\Fast Browser Search\IE\tbhelper.dll

c:\program files\Fast Browser Search\IE\tbs_include_script_003175.js

c:\program files\Fast Browser Search\IE\tbs_include_script_005064.js

c:\program files\Fast Browser Search\IE\tbs_include_script_012817.js

c:\program files\Fast Browser Search\IE\Toolbar Help.htm

c:\program files\Fast Browser Search\IE\uninstall.exe

c:\program files\Fast Browser Search\IE\Unreg.dll

c:\program files\Fast Browser Search\IE\version.txt

c:\program files\Incredibar.com

c:\program files\Incredibar.com\incredibar\1.5.11.14\bh\inCRedibar.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarApp.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarEng.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarsrv.exe

c:\program files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll

c:\program files\Incredibar.com\incredibar\1.5.11.14\uninstall.exe

c:\windows\system32\_000006_.tmp.dll

c:\windows\system32\_000007_.tmp.dll

D:\autorun.inf

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

The Report part 2

 

((((((((((((((((((((((((( Files Created from 2012-04-28 to 2012-05-30 )))))))))))))))))))))))))))))))

.

.

2012-05-30 18:21 . 2012-05-30 19:43 -------- d-----w- c:\program files\Half-Life 2

2012-05-28 21:59 . 2012-05-28 21:59 73728 ----a-w- c:\windows\system32\javacpl.cpl

2012-05-28 21:59 . 2012-05-28 21:59 476960 ----a-w- c:\windows\system32\npdeployJava1.dll

2012-05-27 21:38 . 2012-05-27 22:28 -------- d-----w- c:\program files\Maxis

2012-05-26 23:43 . 2012-05-26 23:44 -------- d-----w- c:\program files\ffdshow

2012-05-23 05:55 . 2012-05-23 05:55 -------- dc----w- c:\documents and settings\Administrator

2012-05-23 05:51 . 2012-05-23 05:51 -------- dc----w- c:\documents and settings\Rachel\Local Settings\Application Data\Comodo

2012-05-23 05:46 . 2012-05-24 21:29 -------- dc----w- c:\documents and settings\All Users\Application Data\CPA_VA

2012-05-23 05:29 . 2012-05-23 05:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Comodo

2012-05-23 05:27 . 2012-05-24 21:29 -------- d-----w- c:\program files\Comodo

2012-05-23 04:09 . 2012-05-23 04:09 32072 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

2012-05-23 02:28 . 2012-05-23 02:28 -------- d-----w- c:\program files\directx

2012-05-22 17:29 . 2012-05-22 17:29 -------- dc----w- c:\documents and settings\All Users\Application Data\Babylon

2012-05-22 17:29 . 2012-05-22 23:58 -------- d-----w- c:\program files\YourFileDownloader

2012-05-22 17:29 . 2012-05-22 17:29 -------- dc----w- c:\documents and settings\Rachel\Application Data\YourFileDownloader

2012-05-22 17:01 . 2012-05-22 17:01 -------- d-----w- c:\program files\Steam

2012-05-22 06:38 . 2012-05-22 06:38 -------- d-----w- c:\program files\GameSpy Arcade

2012-05-22 06:23 . 2012-05-26 06:07 -------- d-----w- c:\program files\Codemasters

2012-05-21 20:58 . 2012-05-21 20:58 -------- d-----w- c:\program files\YourNameHere

2012-05-21 19:55 . 2012-05-21 19:55 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-05-21 19:55 . 2012-04-04 20:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-20 22:05 . 2012-05-20 22:05 -------- d-----w- c:\windows\solcache

2012-05-20 22:02 . 1998-10-31 04:21 231936 ----a-w- c:\windows\system32\SNWValid.dll

2012-05-20 22:02 . 1998-10-31 04:21 1022976 ----a-w- c:\windows\system32\SierraNW.dll

2012-05-20 03:54 . 2012-05-21 07:47 -------- d-----w- c:\program files\1ClickDownload

2012-05-20 01:05 . 2012-05-20 15:49 -------- dc----w- c:\documents and settings\Rachel\Application Data\Media Finder

2012-05-20 00:30 . 2012-05-20 00:34 -------- dc----w- c:\documents and settings\Rachel\Application Data\25Assist

2012-05-19 07:19 . 2012-05-19 07:43 -------- dc----w- c:\documents and settings\Rachel\Application Data\AVG

2012-05-19 04:15 . 2012-05-19 04:15 -------- dc----w- c:\documents and settings\Rachel\Local Settings\Application Data\AVG Secure Search

2012-05-19 04:14 . 2012-05-19 04:14 -------- dc----w- c:\documents and settings\Rachel\Application Data\AVG Secure Search

2012-05-19 04:14 . 2012-05-19 04:15 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG Secure Search

2012-05-19 04:14 . 2012-05-19 04:14 -------- d-----w- c:\program files\Common Files\AVG Secure Search

2012-05-19 04:14 . 2012-05-20 23:38 -------- d-----w- c:\program files\AVG Secure Search

2012-05-19 04:08 . 2012-05-19 04:08 -------- dc----w- C:\$AVG

2012-05-19 04:08 . 2012-05-19 04:26 -------- dc----w- c:\documents and settings\All Users\Application Data\AVG2012

2012-05-19 04:03 . 2012-05-21 18:50 -------- d-----w- c:\program files\AVG

2012-05-18 16:20 . 2012-05-18 16:20 -------- d-----w- c:\program files\Ubi Soft

2012-05-18 16:20 . 2002-12-23 16:54 26096 ----a-r- c:\windows\system32\xmlinst.exe

2012-05-18 16:20 . 2002-09-29 00:09 69632 ----a-r- c:\windows\system32\xmltok.dll

2012-05-18 16:20 . 2002-09-29 00:09 36864 ----a-r- c:\windows\system32\xmlparse.dll

2012-05-18 16:20 . 2002-09-29 00:09 89360 ----a-r- c:\windows\system32\VB5DB.DLL

2012-05-18 16:20 . 2002-09-29 00:09 24576 ----a-r- c:\windows\system32\msxml3a.dll

2012-05-18 16:20 . 2002-09-29 00:09 35840 ----a-r- c:\windows\system32\comdlg32.oca

2012-05-18 16:20 . 2002-09-29 00:09 29184 ----a-r- c:\windows\system32\MSINET.oca

2012-05-18 16:09 . 2003-02-27 21:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll

2012-05-18 16:09 . 2002-12-05 19:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll

2012-05-18 16:09 . 2002-12-02 20:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe

2012-05-18 16:09 . 2002-12-02 18:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll

2012-05-18 16:09 . 2002-12-02 18:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll

2012-05-18 16:09 . 2012-05-18 16:09 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll

2012-05-18 16:09 . 2012-05-18 16:09 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll

2012-05-17 21:09 . 2012-05-20 19:21 -------- d-----w- c:\program files\Groove Games

2012-05-17 17:23 . 2012-05-17 17:23 -------- dc----w- c:\documents and settings\Rachel\Local Settings\Application Data\Gearbox Software

2012-05-17 17:05 . 2012-05-20 18:54 -------- d-----w- c:\program files\EA Games

2012-05-17 06:37 . 2012-05-17 06:39 -------- d-----w- c:\program files\VideoConverter

2012-05-17 04:11 . 2012-05-17 04:11 -------- dc----w- c:\documents and settings\All Users\Application Data\HP

2012-05-17 01:05 . 2012-05-24 21:37 -------- dc----w- c:\documents and settings\Rachel\Application Data\GlarySoft

2012-05-17 01:05 . 2012-05-17 01:06 -------- d-----w- c:\program files\Glary Utilities

2012-05-17 00:58 . 2012-05-19 04:54 -------- dc----w- c:\documents and settings\All Users\Application Data\AVAST Software

2012-05-17 00:58 . 2012-05-17 00:58 -------- d-----w- c:\program files\AVAST Software

2012-05-16 06:23 . 2012-05-16 06:23 -------- d-----w- c:\program files\Mz Ultimate Tools

2012-05-16 04:27 . 2012-05-08 23:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-05-16 04:25 . 2010-11-26 23:02 14776 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-05-16 01:38 . 2012-05-16 01:38 -------- d-----w- c:\program files\Reference Assemblies

2012-05-15 00:16 . 2009-12-06 00:42 85504 ----a-w- c:\windows\system32\ff_vfw.dll

2012-05-14 19:29 . 2012-05-14 19:29 -------- d-----w- c:\program files\Electronic Arts

2012-05-14 19:29 . 1998-05-01 18:39 299008 ----a-w- c:\windows\uninst.exe

2012-05-14 07:53 . 2012-05-14 07:54 -------- d-----w- c:\windows\system32\NtmsData

2012-05-14 07:08 . 2012-05-14 07:08 -------- dc----w- c:\documents and settings\All Users\Application Data\AOL Toolbar

2012-05-14 07:07 . 2012-05-14 07:07 -------- d-----w- c:\program files\Common Files\Software Update Utility

2012-05-14 07:05 . 2012-05-14 07:05 -------- d-----w- c:\program files\Common Files\EZB Systems

2012-05-14 07:05 . 2012-05-14 07:05 -------- d-----w- c:\program files\UltraISO

2012-05-14 01:49 . 2009-02-24 23:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2012-05-14 00:54 . 2000-11-10 22:58 41005 ----a-w- c:\windows\system32\Systray.ocx

2012-05-13 05:49 . 2012-05-13 06:13 -------- dc----w- c:\documents and settings\All Users\Application Data\NFS Underground

2012-05-13 05:48 . 2012-05-13 05:48 -------- d-----w- c:\program files\Common Files\DirectX

2012-05-13 04:31 . 2012-05-13 05:00 -------- dc----w- c:\documents and settings\All Users\Application Data\ADDICT-THING

2012-05-12 20:14 . 2012-05-12 20:14 -------- dc----w- c:\documents and settings\Rachel\Application Data\Malwarebytes

2012-05-12 20:13 . 2012-05-12 23:06 -------- dc----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2012-05-12 08:15 . 2008-02-15 17:45 172032 ----a-w- c:\windows\system32\igfxres.dll

2012-05-12 08:09 . 2008-02-15 18:12 57344 ----a-w- c:\windows\system32\igxprd32.dll

2012-05-12 08:09 . 2008-02-15 18:12 1670144 ----a-w- c:\windows\system32\igxpdv32.dll

2012-05-12 08:09 . 2008-02-15 18:12 5854752 ----a-w- c:\windows\system32\drivers\igxpmp32.sys

2012-05-12 08:09 . 2008-02-15 18:21 147456 ----a-w- c:\windows\system32\igfxCoIn_v4926.dll

2012-05-12 08:09 . 2008-02-15 18:12 2643968 ----a-w- c:\windows\system32\igxpdx32.dll

2012-05-12 08:09 . 2008-02-15 18:12 151040 ----a-w- c:\windows\system32\igxpgd32.dll

2012-05-12 08:09 . 2008-02-15 17:49 176128 ----a-w- c:\windows\system32\igfxrsky.lrc

2012-05-12 08:09 . 2008-02-15 17:49 172032 ----a-w- c:\windows\system32\igfxrslv.lrc

2012-05-12 08:09 . 2012-05-12 08:09 -------- d-----w- c:\windows\system32\Lang

2012-05-12 08:09 . 2008-03-07 17:56 920088 ----a-w- c:\windows\system32\igxpun.exe

2012-05-12 08:09 . 2006-11-10 13:25 319456 ----a-w- c:\windows\system32\difxapi.dll

2012-05-12 08:08 . 2012-05-12 08:08 -------- d-----w- C:\Intel

2012-05-11 22:16 . 2012-05-11 22:16 -------- dc----w- c:\documents and settings\Rachel\Application Data\Need for Speed World

2012-05-11 21:22 . 2012-05-11 21:22 -------- dc----w- c:\documents and settings\Rachel\Local Settings\Application Data\Electronic_Arts_Inc

2012-05-11 21:17 . 2012-05-11 21:17 -------- dc----w- c:\documents and settings\All Users\Application Data\Electronic Arts

2012-05-06 11:21 . 2012-05-07 14:29 444952 ----a-w- c:\windows\system32\wrap_oal.dll

2012-05-06 11:21 . 2012-05-07 14:29 109080 ----a-w- c:\windows\system32\OpenAL32.dll

2012-05-06 10:13 . 2008-07-10 16:01 467984 ----a-w- c:\windows\system32\d3dx10_39.dll

2012-05-06 10:12 . 2005-05-26 20:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll

2012-05-06 10:05 . 2012-05-06 10:05 -------- d-----w- c:\windows\Logs

2012-05-05 21:08 . 2012-05-28 22:21 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll

2012-05-05 20:48 . 2012-05-05 20:48 -------- d-----w- c:\windows\Cache

2012-05-03 04:50 . 2012-05-03 04:50 -------- dc----w- c:\documents and settings\Rachel\Application Data\DriverCure

2012-05-03 04:50 . 2012-05-03 04:50 -------- dc----w- c:\documents and settings\Rachel\Application Data\ParetoLogic

2012-05-03 04:49 . 2012-05-03 04:49 -------- d-----w- c:\program files\Common Files\ParetoLogic

2012-05-03 04:49 . 2012-05-03 04:49 -------- dc----w- c:\documents and settings\All Users\Application Data\ParetoLogic

2012-05-03 02:23 . 2012-05-03 02:23 -------- dc----w- c:\documents and settings\Rachel\Local Settings\Application Data\PC_Drivers_Headquarters

2012-05-03 02:22 . 2012-05-03 02:22 -------- dc----w- c:\documents and settings\All Users\Application Data\Driver Utilities

2012-04-30 21:49 . 2012-04-30 21:49 -------- dc----w- c:\documents and settings\All Users\Application Data\PC Optimizer Pro

2012-04-30 21:44 . 2012-04-30 21:44 -------- d-----w- c:\program files\7-Zip

2012-04-30 21:44 . 2012-04-30 21:44 -------- dc----w- c:\documents and settings\Rachel\Application Data\Funmoods

.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

report part 3

 

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-28 21:59 . 2010-12-11 21:39 472864 ----a-w- c:\windows\system32\deployJava1.dll

2012-05-04 19:23 . 2012-04-27 18:56 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-05-04 19:23 . 2011-05-18 22:43 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-04-19 09:50 . 2012-04-19 09:50 24896 ----a-w- c:\windows\system32\drivers\avgidshx.sys

2012-04-11 13:12 . 2004-08-04 21:00 1862272 ----a-w- c:\windows\system32\win32k.sys

2012-04-11 13:10 . 2004-08-04 21:00 2192640 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-04-11 12:35 . 2004-08-04 21:00 2069120 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-03-19 10:17 . 2012-03-19 10:17 301248 ----a-w- c:\windows\system32\drivers\avgtdix.sys

2012-05-17 04:28 . 2012-05-17 04:28 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

.

------- Sigcheck -------

Note: Unsigned files aren't necessarily malware.

.

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\atapi.sys

[-] 2008-04-13 . 9F3A2F5AA6875C72BF062C712CFA2674 . 96512 . . [5.1.2600.5512] . . c:\windows\system32\drivers\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\system32\ReinstallBackups\0010\DriverFiles\i386\atapi.sys

[-] 2004-08-04 . CDFE4411A69C224BD1D11B2DA92DAC51 . 95360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\atapi.sys

.

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\asyncmac.sys

[-] 2008-04-13 . B153AFFAC761E7F5FCFA822B9C4E97BC . 14336 . . [5.1.2600.5512] . . c:\windows\system32\drivers\asyncmac.sys

[-] 2004-08-04 . 02000ABF34AF4C218C35D257024807D6 . 14336 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\asyncmac.sys

.

[-] 2004-08-04 . DA1F27D85E0D1525F6621372E7B685E9 . 4224 . . [5.1.2600.0] . . c:\windows\system32\drivers\beep.sys

.

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kbdclass.sys

[-] 2008-04-13 . 463C1EC80CD17420A542B7F36A36F128 . 24576 . . [5.1.2600.5512] . . c:\windows\system32\drivers\kbdclass.sys

[-] 2004-08-04 . EBDEE8A2EE5393890A1ACEE971C4C246 . 24576 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kbdclass.sys

.

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ndis.sys

[-] 2008-04-13 . 1DF7F42665C94B825322FAE71721130D . 182656 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ndis.sys

[-] 2006-01-10 . AA898F84D2B59129FB92E143A2C73434 . 182528 . . [5.1.2600.2824] . . c:\windows\$NtServicePackUninstall$\ndis.sys

.

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ntfs.sys

[-] 2008-04-13 . 78A08DD6A8D65E697C18E1DB01C5CDCA . 574976 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ntfs.sys

[-] 2004-08-04 . B78BE402C3F63DD55521F73876951CDD . 574592 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ntfs.sys

.

[-] 2004-08-04 . 73C1E1F395918BC2C6DD67AF7591A3AD . 2944 . . [5.1.2600.0] . . c:\windows\system32\drivers\null.sys

.

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys

[-] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\dllcache\tcpip.sys

[-] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\system32\drivers\tcpip.sys

[-] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys

[-] 2006-01-14 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys

[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtServicePackUninstall$\tcpip.sys

[-] 2005-05-26 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys

.

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\browser.dll

[-] 2008-04-14 . A06CE3399D16DB864F55FAEB1F1927A9 . 77824 . . [5.1.2600.5512] . . c:\windows\system32\browser.dll

[-] 2004-08-04 . E3CFCCDDA4EDD1D0DC9168B2E18F27B8 . 77312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\browser.dll

.

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lsass.exe

[-] 2008-04-14 . BF2466B3E18E970D8A976FB95FC1CA85 . 13312 . . [5.1.2600.5512] . . c:\windows\system32\lsass.exe

[-] 2004-08-04 . 84885F9B82F4D55C6146EBF6065D75D2 . 13312 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lsass.exe

.

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\netman.dll

[-] 2008-04-14 . 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE . 198144 . . [5.1.2600.5512] . . c:\windows\system32\netman.dll

[-] 2004-08-04 . DAB9E6C7105D2EF49876FE92C524F565 . 198144 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\netman.dll

.

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\ServicePackFiles\i386\comres.dll

[-] 2008-04-14 00:11 . 1280A158C722FA95A80FB7AEBE78FA7D . 792064 . . [2001.12.4414.700] . . c:\windows\system32\comres.dll

[-] 2004-08-04 21:00 . 6728270CB7DBB776ED086F5AC4C82310 . 792064 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\comres.dll

.

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\ServicePackFiles\i386\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\qmgr.dll

[-] 2008-04-14 . 574738F61FCA2935F5265DC4E5691314 . 409088 . . [6.7.2600.5512] . . c:\windows\system32\bits\qmgr.dll

[-] 2004-08-04 . 2C69EC7E5A311334D10DD95F338FCCEA . 382464 . . [6.6.2600.2180] . . c:\windows\$NtServicePackUninstall$\qmgr.dll

.

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\rpcss.dll

[-] 2009-02-09 . 6B27A5C03DFB94B4245739065431322C . 401408 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\rpcss.dll

[-] 2009-02-09 . 9222562D44021B988B9F9F62207FB6F2 . 401408 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\rpcss.dll

[-] 2008-04-14 . 2589FE6015A316C0F5D5112B4DA7B509 . 399360 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\rpcss.dll

[-] 2005-04-29 . DA383FB39A6F1C445F3AFC94B3EB1248 . 396288 . . [5.1.2600.2665] . . c:\windows\$hf_mig$\KB894391\SP2QFE\rpcss.dll

[-] 2005-04-29 . C8061F289E000703E7672916B7FE1571 . 395776 . . [5.1.2600.2665] . . c:\windows\$NtServicePackUninstall$\rpcss.dll

[-] 2005-01-14 . 94456045BEB4545B5EBE1DCC85951AFA . 395776 . . [5.1.2600.2595] . . c:\windows\$hf_mig$\KB873333\SP2QFE\rpcss.dll

.

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\services.exe

[-] 2009-02-06 . 65DF52F5B8B6E9BBD183505225C37315 . 110592 . . [5.1.2600.5755] . . c:\windows\system32\dllcache\services.exe

[-] 2009-02-06 . 020CEAAEDC8EB655B6506B8C70D53BB6 . 110592 . . [5.1.2600.5755] . . c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe

[-] 2008-04-14 . 0E776ED5F7CC9F94299E70461B7B8185 . 108544 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\services.exe

[-] 2004-08-04 . C6CE6EEC82F187615D1002BB3BB50ED4 . 108032 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\services.exe

.

[-] 2010-08-17 . 258DD5D4283FD9F9A7166BE9AE45CE73 . 58880 . . [5.1.2600.6024] . . c:\windows\$hf_mig$\KB2347290\SP3QFE\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\spoolsv.exe

[-] 2010-08-17 . 60784F891563FB1B767F70117FC2428F . 58880 . . [5.1.2600.6024] . . c:\windows\system32\dllcache\spoolsv.exe

[-] 2008-04-14 . D8E14A61ACC1D4A6CD0D38AEBAC7FA3B . 57856 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\spoolsv.exe

[-] 2005-06-11 . AD3D9D191AEA7B5445FE1D82FFBB4788 . 57856 . . [5.1.2600.2696] . . c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe

[-] 2005-06-11 . DA81EC57ACD4CDC3D4C51CF3D409AF9F . 57856 . . [5.1.2600.2696] . . c:\windows\$NtServicePackUninstall$\spoolsv.exe

.

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe

[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe

[-] 2004-08-04 . 01C3346C241652F43AED8E2149881BFE . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

.

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ipsec.sys

[-] 2008-04-13 . 23C74D75E36E7158768DD63D92789A91 . 75264 . . [5.1.2600.5512] . . c:\windows\system32\drivers\ipsec.sys

[-] 2004-08-04 . 64537AA5C003A6AFEEE1DF819062D0D1 . 74752 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ipsec.sys

.

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\comctl32.dll

[-] 2010-08-23 . 93AFB83FBC1F9443CAC722FCA63D73BF . 617472 . . [5.82] . . c:\windows\system32\dllcache\comctl32.dll

[-] 2010-08-23 . 736B12B725AEB2B07F0241A9F680CB10 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll

[-] 2008-04-14 . BD38D1EBE24A46BD3EDA059560AFBA12 . 1054208 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

[-] 2008-04-14 . 06F247492BC786CE5C24A23E178C711A . 617472 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll

[-] 2004-08-04 . A77DFB85FAEE49D66C74DA6024EBC69B . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[-] 2004-08-04 . AEF3D788DBF40C7C4D204EA45EB0C505 . 921088 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.0.0_x-ww_1382d70a\comctl32.dll

[-] 2004-08-04 . 5AF68A5E44734A082442668E9C787743 . 1050624 . . [6.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

.

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\cryptsvc.dll

[-] 2008-04-14 . 3D4E199942E29207970E04315D02AD3B . 62464 . . [5.1.2600.5512] . . c:\windows\system32\cryptsvc.dll

[-] 2004-08-04 . 10654F9DDCEA9C46CFB77554231BE73B . 60416 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\cryptsvc.dll

.

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\es.dll

[-] 2008-07-07 20:26 . D4991D98F2DB73C60D042F1AEF79EFAE . 253952 . . [2001.12.4414.706] . . c:\windows\system32\dllcache\es.dll

[-] 2008-07-07 20:23 . F17F6226BDC0CD5F0BEF0DAF84D29BEC . 253952 . . [2001.12.4414.706] . . c:\windows\$hf_mig$\KB950974\SP3QFE\es.dll

[-] 2008-04-14 00:11 . 19A799805B24990867B00C120D300C3A . 246272 . . [2001.12.4414.701] . . c:\windows\ServicePackFiles\i386\es.dll

[-] 2004-08-04 21:00 . ACD36A2DD7D1E9D8A060AA651DC07E63 . 243200 . . [2001.12.4414.258] . . c:\windows\$NtServicePackUninstall$\es.dll

.

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\imm32.dll

[-] 2008-04-14 . 0DA85218E92526972A821587E6A8BF8F . 110080 . . [5.1.2600.5512] . . c:\windows\system32\imm32.dll

[-] 2004-08-04 . 87CA7CE6469577F059297B9D6556D66D . 110080 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\imm32.dll

.

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\kernel32.dll

[-] 2009-03-21 . B921FB870C9AC0D509B2CCABBBBE95F3 . 989696 . . [5.1.2600.5781] . . c:\windows\system32\dllcache\kernel32.dll

[-] 2009-03-21 . DA11D9D6ECBDF0F93436A4B7C13F7BEC . 991744 . . [5.1.2600.5781] . . c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll

[-] 2008-04-14 . C24B983D211C34DA8FCC1AC38477971D . 989696 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\kernel32.dll

[-] 2004-08-04 . 888190E31455FAD793312F8D087146EB . 983552 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\kernel32.dll

.

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\linkinfo.dll

[-] 2008-04-14 . 2DC5A8019E2387987905F77C664E4BE2 . 19968 . . [5.1.2600.5512] . . c:\windows\system32\linkinfo.dll

[-] 2004-08-04 . C2BBD044C741EA4292016C36F718D2E4 . 18944 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\linkinfo.dll

.

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\lpk.dll

[-] 2008-04-14 . 012DF358CEBAA23ACB26D82077820817 . 22016 . . [5.1.2600.5512] . . c:\windows\system32\lpk.dll

[-] 2004-08-04 . 74D66B3DE265E8789153414E75175F26 . 22016 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\lpk.dll

.

[-] 2012-03-01 . DCA84E94D0114502A51AAD4CF8A89EAA . 3616768 . . [7.00.6000.17109] . . c:\windows\system32\mshtml.dll

[-] 2012-03-01 . DCA84E94D0114502A51AAD4CF8A89EAA . 3616768 . . [7.00.6000.17109] . . c:\windows\system32\dllcache\mshtml.dll

[-] 2012-03-01 . 235C7C94F2422748D3AC2E0C91EA7CDE . 3619328 . . [7.00.6000.21311] . . c:\windows\$hf_mig$\KB2675157-IE7\SP3QFE\mshtml.dll

[-] 2011-11-04 . 70C74E4D6EA0BEAABE3FD4857863BA31 . 3616256 . . [7.00.6000.17107] . . c:\windows\ie7updates\KB2675157-IE7\mshtml.dll

[-] 2011-11-04 . CC858D8DA261A8ACFBE1A69E90E85DF7 . 3618304 . . [7.00.6000.21309] . . c:\windows\$hf_mig$\KB2618444-IE7\SP3QFE\mshtml.dll

[-] 2011-09-05 . 56A67300C652CDF66E575B707F8B9397 . 3615744 . . [7.00.6000.17104] . . c:\windows\ie7updates\KB2618444-IE7\mshtml.dll

[-] 2011-08-18 . 06B74A61A6D689DB2F8D2DA56194EDCF . 3617792 . . [7.00.6000.21306] . . c:\windows\$hf_mig$\KB2586448-IE7\SP3QFE\mshtml.dll

[-] 2011-04-25 . 4C57EAF103103F4BCD084A9A353573B0 . 3608576 . . [7.00.6000.17098] . . c:\windows\ie7updates\KB2586448-IE7\mshtml.dll

[-] 2011-04-25 . 7E9C4CD54CC21D3F0F7AC8A562FF7101 . 3610624 . . [7.00.6000.21300] . . c:\windows\$hf_mig$\KB2530548-IE7\SP3QFE\mshtml.dll

[-] 2011-02-17 . C9158D1A97BC96CA728F721237DEE9AA . 3607040 . . [7.00.6000.17097] . . c:\windows\ie7updates\KB2530548-IE7\mshtml.dll

[-] 2011-02-17 . F1CBB65EFAFAFA19B06D902DE9E02DEA . 3609600 . . [7.00.6000.21299] . . c:\windows\$hf_mig$\KB2497640-IE7\SP3QFE\mshtml.dll

[-] 2010-12-20 . 48017FB21F1F1DD7E7281B80E162FA43 . 3609088 . . [7.00.6000.21297] . . c:\windows\$hf_mig$\KB2482017-IE7\SP3QFE\mshtml.dll

[-] 2010-12-20 . 6FBDFAB3DF839EB93248519681F3C2C9 . 3606528 . . [7.00.6000.17095] . . c:\windows\ie7updates\KB2497640-IE7\mshtml.dll

[-] 2010-11-06 . 2F2DA920F5B9582D40B9761D2AB45696 . 3604480 . . [7.00.6000.17093] . . c:\windows\ie7updates\KB2482017-IE7\mshtml.dll

[-] 2010-11-06 . 1B62916D85DFC66158B1FD0CAC16BA05 . 3607040 . . [7.00.6000.21295] . . c:\windows\$hf_mig$\KB2416400-IE7\SP3QFE\mshtml.dll

[-] 2010-09-09 . 2D4ADA592FA9CBBC6D25A4A6293CD719 . 3601920 . . [7.00.6000.17092] . . c:\windows\ie7updates\KB2416400-IE7\mshtml.dll

[-] 2010-09-09 . 151A139487B733CD1B967ED2B14C290E . 3605504 . . [7.00.6000.21294] . . c:\windows\$hf_mig$\KB2360131-IE7\SP3QFE\mshtml.dll

[-] 2010-06-24 . 0FB7E2774BD643C181D673426AF3F62A . 3603968 . . [7.00.6000.21283] . . c:\windows\$hf_mig$\KB2183461-IE7\SP3QFE\mshtml.dll

[-] 2010-06-24 . E716E9EBCFFFFE45264CE6A1FC135B4B . 3600896 . . [7.00.6000.17080] . . c:\windows\ie7updates\KB2360131-IE7\mshtml.dll

[-] 2010-05-04 . F247F7AC6713066D4C71721BDC73FC2E . 3600384 . . [7.00.6000.17063] . . c:\windows\ie7updates\KB2183461-IE7\mshtml.dll

[-] 2010-05-04 . C466BDCDFAE6F6EFD618F34BA90B1923 . 3603456 . . [7.00.6000.21264] . . c:\windows\$hf_mig$\KB982381-IE7\SP3QFE\mshtml.dll

[-] 2010-03-11 . 94359CD5BB6AC1CC08088F4A4091FF1E . 3599872 . . [7.00.6000.17023] . . c:\windows\ie7updates\KB982381-IE7\mshtml.dll

[-] 2010-03-11 . 9289EBB759293A1381AB0C326A115AEC . 3602944 . . [7.00.6000.21228] . . c:\windows\$hf_mig$\KB980182-IE7\SP3QFE\mshtml.dll

[-] 2010-01-05 . 3B8259EF10C0F1425395981E40ED0EAA . 3599360 . . [7.00.6000.16981] . . c:\windows\ie7updates\KB980182-IE7\mshtml.dll

[-] 2010-01-05 . 1673677DBD70142DB1294F1B6FC3323E . 3602944 . . [7.00.6000.21183] . . c:\windows\$hf_mig$\KB978207-IE7\SP3QFE\mshtml.dll

[-] 2009-10-29 . 89A9658515A18E673034369E043FAB01 . 3598336 . . [7.00.6000.16945] . . c:\windows\ie7updates\KB978207-IE7\mshtml.dll

[-] 2009-10-29 . 8B48737260C273C9B0DACA84EA1CCDBD . 3602432 . . [7.00.6000.21148] . . c:\windows\$hf_mig$\KB976325-IE7\SP3QFE\mshtml.dll

[-] 2009-10-21 . 36145D2D908FB8A24772F04842366918 . 3598336 . . [7.00.6000.16939] . . c:\windows\ie7updates\KB976325-IE7\mshtml.dll

[-] 2009-10-21 . E6453EE08B283419171889786D057A75 . 3602432 . . [7.00.6000.21142] . . c:\windows\$hf_mig$\KB976749-IE7\SP3QFE\mshtml.dll

[-] 2009-08-29 . E52A845DCE011D56B12B8F3F4606F956 . 3598336 . . [7.00.6000.16915] . . c:\windows\ie7updates\KB976749-IE7\mshtml.dll

[-] 2009-08-29 . EDAD55105DDD067AE3906011F297267C . 3600384 . . [7.00.6000.21115] . . c:\windows\$hf_mig$\KB974455-IE7\SP3QFE\mshtml.dll

[-] 2009-07-19 . 758C8BEDAB7CE5F9070C85E2E57CBD80 . 3597824 . . [7.00.6000.16890] . . c:\windows\ie7updates\KB974455-IE7\mshtml.dll

[-] 2009-07-19 . F6098CC1B1C3858D53F20F3CB5774F3B . 3600384 . . [7.00.6000.21089] . . c:\windows\$hf_mig$\KB972260-IE7\SP3QFE\mshtml.dll

[-] 2009-04-29 . 2B4315EC9E3124408A2A5074C4B97700 . 3596288 . . [7.00.6000.16850] . . c:\windows\ie7updates\KB972260-IE7\mshtml.dll

[-] 2009-04-29 . C6FD770D518FB024245A0EE217D72BC1 . 3598336 . . [7.00.6000.21045] . . c:\windows\$hf_mig$\KB969897-IE7\SP3QFE\mshtml.dll

[-] 2009-02-21 . 1BB754AB47B327DE8DBF2FA18C36357C . 3596800 . . [7.00.6000.21015] . . c:\windows\$hf_mig$\KB963027-IE7\SP3QFE\mshtml.dll

[-] 2009-02-20 . C7C3E41CC2F6EB4A629FE2184136C098 . 3595264 . . [7.00.6000.16825] . . c:\windows\ie7updates\KB969897-IE7\mshtml.dll

[-] 2009-01-17 . 3B413267DA8AE71C20E5EF3E54F74728 . 3594752 . . [7.00.6000.16809] . . c:\windows\ie7updates\KB963027-IE7\mshtml.dll

[-] 2009-01-16 . CC9D001B7370B292C35B366CA05B12B4 . 3596288 . . [7.00.6000.20996] . . c:\windows\$hf_mig$\KB961260-IE7\SP2QFE\mshtml.dll

[-] 2008-12-13 . 121EC39A64D64205A88C2C45B034B455 . 3593216 . . [7.00.6000.16788] . . c:\windows\ie7updates\KB961260-IE7\mshtml.dll

[-] 2008-12-13 . C79FAD61CD4A26ED5AA8C16D991C6FBD . 3594752 . . [7.00.6000.20973] . . c:\windows\$hf_mig$\KB960714-IE7\SP2QFE\mshtml.dll

[-] 2008-12-12 . C8169B4320AC0CB8D1ED20454322E839 . 3060224 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2GDR\mshtml.dll

[-] 2008-12-12 . 6D1D493622EA050DBAABD0C4C1DFADB5 . 3067392 . . [6.00.2900.3492] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP2QFE\mshtml.dll

[-] 2008-12-12 . B6DAA74E2ED36C71B502945589A683AE . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3QFE\mshtml.dll

[-] 2008-12-12 . C828AA1C5469E72251F3D367005E589F . 3067904 . . [6.00.2900.5726] . . c:\windows\SoftwareDistribution\Download\aba0667128e9978b51c8d9853b0f4799\SP3GDR\mshtml.dll

[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\ie7updates\KB960714-IE7\mshtml.dll

[-] 2008-10-17 . EACAEDEF6FA2A969DE5B36190D45396F . 3593216 . . [7.00.6000.16762] . . c:\windows\SoftwareDistribution\Download\c74979a750f473b6d9d8ef0bba9b356c\SP2GDR\mshtml.dll

[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\$hf_mig$\KB958215-IE7\SP2QFE\mshtml.dll

[-] 2008-10-16 . B74F31A4BD83797D7A083F922169287D . 3595264 . . [7.00.6000.20935] . . c:\windows\SoftwareDistribution\Download\c74979a750f473b6d9d8ef0bba9b356c\SP2QFE\mshtml.dll

[-] 2008-10-16 . CC5A2205D37AE67CE23AB7FD3E1FDACA . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3QFE\mshtml.dll

[-] 2008-10-16 . 9C2C058E341E6B627789EF88D3B98445 . 3059712 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2GDR\mshtml.dll

[-] 2008-10-16 . C99D8B48FC245D98E1A2BAB6594458C9 . 3067392 . . [6.00.2900.3462] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP2QFE\mshtml.dll

[-] 2008-10-16 . B846C2DE341CF32B42AD297437233742 . 3067904 . . [6.00.2900.5694] . . c:\windows\SoftwareDistribution\Download\7bc58354ca50aa200544caaef7677c8a\SP3GDR\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\ie7updates\KB958215-IE7\mshtml.dll

[-] 2008-08-27 . 1AD035E04A7068EC2820B055A3131ED8 . 3593216 . . [7.00.6000.16735] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2GDR\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\$hf_mig$\KB956390-IE7\SP2QFE\mshtml.dll

[-] 2008-08-26 . 25CC085720EE3617FD1F8AB9E2F7CAB2 . 3594752 . . [7.00.6000.20900] . . c:\windows\SoftwareDistribution\Download\5d9d48823dca01f9929a959c29f5edc4\SP2QFE\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ie7\mshtml.dll

[-] 2008-04-14 . A706E122B398FE1AB85CB9B75D044223 . 3066880 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\mshtml.dll

[-] 2007-08-14 . C6EC2493346ED8888A549F59210A8ED3 . 3578368 . . [7.00.5730.13] . . c:\windows\ie7updates\KB956390-IE7\mshtml.dll

[-] 2006-02-01 . 51C91AC189321A320FC4BC90B56255A3 . 3073024 . . [6.00.2900.2838] . . c:\windows\$hf_mig$\KB912945\SP2QFE\mshtml.dll

[-] 2006-02-01 . 568A97E2B959FDD99557AD953702FC8C . 3070464 . . [6.00.2900.2838] . . c:\windows\$NtServicePackUninstall$\mshtml.dll

[-] 2005-07-20 . A14A7A206AE22DE4FE563E44CFC7DDF5 . 3016192 . . [6.00.2900.2722] . . c:\windows\$hf_mig$\KB896727\SP2QFE\mshtml.dll

.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

report

 

Completion time: 2012-05-30 15:36:55

ComboFix-quarantined-files.txt 2012-05-30 20:36

.

Pre-Run: 6,503,190,528 bytes free

Post-Run: 6,513,258,496 bytes free

.

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

UnsupportedDebug="do not select this" /debug

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

.

- - End Of File - - C63D35249DFE2A54C0BBF51335B47ABD

 

I got to looking at it, is THIS the only thing you needed? I have SEVERAL pages full of information in my report.

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

Thank you.

 

SysProt Antirootkit

 

Download

SysProt Antirootkit from the link below (you will find it at the bottom

of the page under attachments, or you can get it from one of the

mirrors).

 

http://sites.google.com/site/sysprotantirootkit/

 

Unzip it into a folder on your desktop.

  • Double click Sysprot.exe to start the program.
  • Click on the Log tab.
  • In the Write to log box select the following items.
    • Process << Selected
    • Kernel Modules << Selected
    • SSDT << Selected
    • Kernel Hooks << Selected
    • IRP Hooks << NOT Selected
    • Ports << NOT Selected
    • Hidden Files << Selected

    [*]At the bottom of the page

    • Hidden Objects Only << Selected

    [*]Click on the Create Log button on the bottom right.

    [*]After a few seconds a new window should appear.

    [*]Select Scan Root Drive. Click on the Start button.

    [*]When it is complete a new window will appear to indicate that the scan is finished.

    [*]The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

SysProtLog report

 

SysProt AntiRootkit v1.0.1.0

by swatkat

 

******************************************************************************************

******************************************************************************************

 

No Hidden Processes found

 

******************************************************************************************

******************************************************************************************

Kernel Modules:

Module Name: \SystemRoot\System32\Drivers\dump_iaStor.sys

Service Name: ---

Module Base: A2802000

Module End: A28D8000

Hidden: Yes

 

******************************************************************************************

******************************************************************************************

SSDT:

Function Name: ZwNotifyChangeKey

Address: A2727004

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

Function Name: ZwNotifyChangeMultipleKeys

Address: A27270D4

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

Function Name: ZwOpenProcess

Address: A2726D76

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

Function Name: ZwTerminateProcess

Address: A2726E1E

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

Function Name: ZwTerminateThread

Address: A2726EBA

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

Function Name: ZwWriteVirtualMemory

Address: A2726F56

Driver Base: A2726000

Driver End: A2729000

Driver Name: \SystemRoot\system32\DRIVERS\avgidsshimx.sys

 

******************************************************************************************

******************************************************************************************

No Kernel Hooks found

 

******************************************************************************************

******************************************************************************************

Hidden files/folders:

Object: C:\Qoobox\BackEnv\AppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cache.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Cookies.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Desktop.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Favorites.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\History.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Music.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\NetHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Personal.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Pictures.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Programs.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Recent.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SendTo.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SetPath.bat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\StartUp.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\SysPath.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\Templates.folder.dat

Status: Access denied

 

Object: C:\Qoobox\BackEnv\VikPev00

Status: Access denied

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted

crashed pc

 

Don't worry about working with me on this computer, Its my hard drive, its clicking and crashing, Im gona roam around the forums and see if I can learn anything, Im gona be getting a job soon, then a gaming pc, Im sorry, I didn't know this would happen, Im posting from my cell. Thanks though

Link to comment
Share on other sites
Superdave Newbie

Superdave

Posted
Posted

How's your computer working now? Any other issues?

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted
How's your computer working now? Any other issues?

 

ESET Online Scan

 

Scan your computer with the ESET FREE Online Virus Scan

 

* Click the ESET Online Scanner button.

 

* For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

* Click on the esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop

* Double click on the esetsmartinstaller_enu.exe icon on your desktop.

* Place a check mark next to YES, I accept the Terms of Use.

 

* Click the Start button.

* Accept any security warnings from your browser.

* Leave the check mark next to Remove found threats and place a check next to Scan archives.

* Click the Start button.

* ESET will then download updates, install, and begin scanning your computer. Please be patient as this can take some time.

* When the scan completes, click List of found threats.

* Next click Export to text file and save the file to your desktop using a name such as ESETScan. Include the contents of this report in your next reply.

* Click the Back button then click Finish.

 

In your next reply please include the ESET Online Scan Log

 

 

The hard drive went out on it, Im gona have to get a new computer I cant even turn it on with out the hard drive screaming at me, Im going to keep her off till I get my new pc,.. then tramsfer my files to it

 

Els

Link to comment
Share on other sites
cmjf0013 Newbie

cmjf0013

Posted
  • Author
Posted
You really only need a new harddrive if you have your OS disk.

 

I will have to get a new pc, THIS ones disc drive broke for ever ago, and the computers internal hardwares so out dated, I can't even play half life 2, I think that may be because the viruses, but whats weird is, I'm on my pc right now, its not clicking at all, and when I start it up, it does click pretty bad for the start up, but I have EVERYTHING shut down, avg included, I have the files I need backed up on my flash drive, but if its not clicking, is it worth it to still do your last step and fight to get the viruses off? I'm thinking they MAY have something to do, I could be wrong, but since I shut everything down, her ram usage is way lower, and shes so quite, I have never heard her this quite, is it worth it? I tried a few games I have downloaded, I can play them and it doesn't fight it, only problem I have is on start up, and if I open anything to quick on start up, the power like fades in and out then steadies its self, any idea? I'm kinda wanting to go ahead with the steps you have

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...