Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE & FF won't Open - Recently had Virut Virus


  • This topic is locked This topic is locked
4 replies to this topic

#1 DrunkeNinja

DrunkeNinja

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 13 April 2009 - 05:35 AM

I I recently had the Virut Virus, really nasty did nmerous safe mode scans and then did a repair install to clear out any infected system files... Everything has pretty much been normal since but after trying to fix a re-direct problem in FF and rying to install IE8 I now dodn't have the ability to browse the web at all... Sone Ad Aware, Spybot, Anti-Malware and ESET scan and everything seems a ok.... We will see I guess... Many thanks for all your help...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:09:35, on 13/04/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Billeo\billeo.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Reader 9.0\Reader\AcroRd32Info.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Billeo - {6ADB0F93-1AA5-4BCF-9DF4-CEA689A3C111} - c:\program files\billeo\billeo.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelAudioStudio] "C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe" TRAY
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ScanSoft OmniPage 16-reminder] "C:\Program Files\ScanSoft\OmniPage16\Ereg\Ereg.exe" -r "C:\Documents and Settings\All Users\Application Data\ScanSoft\OmniPage 16\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - Global Startup: billeo.lnk = C:\Program Files\Billeo\billeo.exe
O8 - Extra context menu item: &Download All with FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: &Download with FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Billeo - {97ED3A9F-CD6F-473A-8FE1-7505C1B844C3} - c:\program files\billeo\billeo.dll (file missing) (HKCU)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=58813]http://go.microsoft.com/fwlink/?linkid=58813[/url]
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - [url=http://go.microsoft.com/fwlink/?linkid=39204]http://go.microsoft.com/fwlink/?linkid=39204[/url]
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [url=http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229329794618]http://update.microsoft.com/microsoftupdat...b?1229329794618[/url]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [url=http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab]http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab[/url]
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\WINDOWS\System32\TuneUpDefragService.exe
O23 - Service: TuneUp Program Statistics Service (TuneUp.ProgramStatisticsSvc) - TuneUp Software - C:\WINDOWS\System32\TUProgSt.exe

--
End of file - 6091 bytes

Attached Files


Edited by DrunkeNinja, 13 April 2009 - 05:42 AM.


BC AdBot (Login to Remove)

 


#2 KoanYorel

KoanYorel

    Bleepin' Conundrum


  • Staff Emeritus
  • 19,461 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:65 miles due East of the "Logic Free Zone", in Md, USA
  • Local time:10:46 PM

Posted 27 April 2009 - 09:44 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

R,
K
The only easy day was yesterday.

...some do, some don't; some will, some won't (WR)

#3 DrunkeNinja

DrunkeNinja
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:05:46 AM

Posted 28 April 2009 - 09:00 AM

Many thanks, not sure if it is resolved or not, did find evidence of Virut today but only one file... Thanks for the help...

DDS (Ver_09-03-16.01) - NTFSx86  
Run by Gateway at 16:55:57.35 on 28/04/2009
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_12
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.2045.1046 [GMT 3:00]

AV: AntiVir Desktop *On-access scanning enabled* (Updated)
AV: ESET NOD32 Antivirus 4.0 *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\WINDOWS\System32\TUProgSt.exe
C:\Program Files\Intel Audio Studio\IntelAudioStudio.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\sttray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Billeo\billeo.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\FlashGet\FlashGet.exe
C:\Program Files\Microsoft Office\Office12\MSACCESS.EXE
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Gateway\Desktop\dds.scr

============== Pseudo HJT Report ===============

uInternet Settings,ProxyOverride = <local>
BHO: FGCatchUrl: {2f364306-aa45-47b5-9f9d-39a8b94e7ef7} - c:\program files\flashget\jccatch.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll
TB: Billeo: {6adb0f93-1aa5-4bcf-9df4-cea689a3c111} - c:\program files\billeo\billeo.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
EB: Billeo: {6576ebaa-b570-4345-98e4-96153c77cf24} - c:\program files\billeo\billeo.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [IntelAudioStudio] "c:\program files\intel audio studio\IntelAudioStudio.exe" TRAY
mRun: [CoolSwitch] c:\windows\system32\taskswitch.exe
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [SigmatelSysTrayApp] sttray.exe
mRun: [NodEnabler] c:\program files\eset\nodenabler\NodEnabler.exe /s
mRun: [egui] "c:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\billeo.lnk - c:\program files\billeo\billeo.exe
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll
DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} - hxxp://go.microsoft.com/fwlink/?linkid=58813
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1239700673609
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1229329794618
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} - hxxp://office.microsoft.com/officeupdate/content/opuc4.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\gateway\applic~1\mozilla\firefox\profiles\b2qpykon.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.nufcblog.com/
FF - component: c:\program files\mozilla firefox\extensions\{4be68a18-deba-49e0-9e09-ee7796f3b62a}\components\billeotoolbar.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll

---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

============= SERVICES / DRIVERS ===============

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2009-4-24 64160]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [2009-2-6 106208]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [2009-2-6 93336]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-4-23 108289]
R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-4-23 185089]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-4-23 55640]
R2 ekrn;ESET Service;c:\program files\eset\eset nod32 antivirus\ekrn.exe [2009-2-6 727720]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-4-15 55152]
R2 SeaPort;SeaPort;c:\program files\microsoft\search enhancement pack\seaport\SeaPort.exe [2009-1-14 226656]
R2 TuneUp.ProgramStatisticsSvc;TuneUp Program Statistics Service;c:\windows\system32\TUProgSt.exe [2009-4-15 603904]
S1 avgio;avgio;c:\program files\avira\antivir desktop\avgio.sys [2009-4-23 11608]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 953168]
S3 fsssvc;Windows Live Family Safety;c:\program files\windows live\family safety\fsssvc.exe [2009-2-6 533360]
S3 IAMTXP;Driver for Intel® Active Management Technology - KCS;c:\windows\system32\drivers\iamtxp.sys --> c:\windows\system32\drivers\IAMTXP.sys [?]

=============== Created Last 30 ================

2009-04-24 16:03	15,688	a-------	c:\windows\system32\lsdelete.exe
2009-04-24 15:19	64,160	a-------	c:\windows\system32\drivers\Lbd.sys
2009-04-24 15:04	<DIR>	-cd-h---	c:\docume~1\alluse~1\applic~1\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-24 15:04	<DIR>	--d-----	c:\program files\Lavasoft
2009-04-24 14:45	<DIR>	--d-----	c:\program files\Spybot - Search & Destroy
2009-04-24 10:25	<DIR>	--d-----	c:\program files\NVT Malware Remover Tool
2009-04-24 09:46	116,224	ac------	c:\windows\system32\dllcache\xrxwiadr.dll
2009-04-24 09:46	18,944	ac------	c:\windows\system32\dllcache\xrxscnui.dll
2009-04-24 09:46	19,200	ac------	c:\windows\system32\dllcache\wstcodec.sys
2009-04-24 09:45	8,192	ac------	c:\windows\system32\dllcache\wshirda.dll
2009-04-24 09:45	8,832	ac------	c:\windows\system32\dllcache\wmiacpi.sys
2009-04-24 09:45	31,744	ac------	c:\windows\system32\dllcache\wceusbsh.sys
2009-04-24 09:44	5,376	ac------	c:\windows\system32\dllcache\viaide.sys
2009-04-24 09:44	53,760	ac------	c:\windows\system32\dllcache\vfwwdm32.dll
2009-04-24 09:44	15,104	ac------	c:\windows\system32\dllcache\usbscan.sys
2009-04-24 09:44	17,152	ac------	c:\windows\system32\dllcache\usbohci.sys
2009-04-24 09:44	60,032	ac------	c:\windows\system32\dllcache\usbaudio.sys
2009-04-24 09:43	82,944	ac------	c:\windows\system32\dllcache\tp4mon.exe
2009-04-24 09:42	149,376	ac------	c:\windows\system32\dllcache\tffsport.sys
2009-04-24 09:41	15,232	ac------	c:\windows\system32\dllcache\streamip.sys
2009-04-24 09:41	7,552	ac------	c:\windows\system32\dllcache\sonyait.sys
2009-04-24 09:40	16,000	ac------	c:\windows\system32\dllcache\smbbatt.sys
2009-04-24 09:40	6,912	ac------	c:\windows\system32\dllcache\smbclass.sys
2009-04-24 09:40	11,136	ac------	c:\windows\system32\dllcache\slip.sys
2009-04-24 09:39	11,520	ac------	c:\windows\system32\dllcache\scsiscan.sys
2009-04-24 09:37	43,904	ac------	c:\windows\system32\dllcache\sbp2port.sys
2009-04-24 09:37	29,696	ac------	c:\windows\system32\dllcache\rw450ext.dll
2009-04-24 09:37	27,648	ac------	c:\windows\system32\dllcache\rw430ext.dll
2009-04-24 09:36	79,104	ac------	c:\windows\system32\dllcache\rocket.sys
2009-04-24 09:36	6,016	ac------	c:\windows\system32\dllcache\qic157.sys
2009-04-24 09:36	159,232	ac------	c:\windows\system32\dllcache\ptpusd.dll
2009-04-24 09:35	33,280	ac------	c:\windows\system32\dllcache\psisrndr.ax
2009-04-24 09:35	363,520	ac------	c:\windows\system32\dllcache\psisdecd.dll
2009-04-24 09:35	17,664	ac------	c:\windows\system32\dllcache\ppa3.sys
2009-04-24 09:35	8,832	ac------	c:\windows\system32\dllcache\powerfil.sys
2009-04-24 09:35	259,328	ac------	c:\windows\system32\dllcache\perm3dd.dll
2009-04-24 09:35	211,584	ac------	c:\windows\system32\dllcache\perm2dll.dll
2009-04-24 09:35	28,032	ac------	c:\windows\system32\dllcache\perm3.sys
2009-04-24 09:35	27,904	ac------	c:\windows\system32\dllcache\perm2.sys
2009-04-24 09:33	28,672	ac------	c:\windows\system32\dllcache\nscirda.sys
2009-04-24 09:33	10,880	ac------	c:\windows\system32\dllcache\ndisip.sys
2009-04-24 09:33	85,248	ac------	c:\windows\system32\dllcache\nabtsfec.sys
2009-04-24 09:32	5,504	ac------	c:\windows\system32\dllcache\mstee.sys
2009-04-24 09:32	49,024	ac------	c:\windows\system32\dllcache\mstape.sys
2009-04-24 09:32	22,016	ac------	c:\windows\system32\dllcache\msircomm.sys
2009-04-24 09:32	56,832	ac------	c:\windows\system32\dllcache\msdvbnp.ax
2009-04-24 09:32	51,200	ac------	c:\windows\system32\dllcache\msdv.sys
2009-04-24 09:31	15,232	ac------	c:\windows\system32\dllcache\mpe.sys
2009-04-24 09:31	26,112	ac------	c:\windows\system32\dllcache\memstpci.sys
2009-04-24 09:30	7,040	ac------	c:\windows\system32\dllcache\ltotape.sys
2009-04-24 09:30	34,688	ac------	c:\windows\system32\dllcache\lbrtfdc.sys
2009-04-24 09:30	91,136	ac------	c:\windows\system32\dllcache\kswdmcap.ax
2009-04-24 09:30	43,008	ac------	c:\windows\system32\dllcache\ksxbar.ax
2009-04-24 09:30	61,952	ac------	c:\windows\system32\dllcache\kstvtune.ax
2009-04-24 09:30	253,952	ac------	c:\windows\system32\dllcache\kdsusd.dll
2009-04-24 09:30	48,640	ac------	c:\windows\system32\dllcache\kdsui.dll
2009-04-24 09:30	14,592	ac------	c:\windows\system32\dllcache\kbdhid.sys
2009-04-24 09:30	6,144	ac------	c:\windows\system32\dllcache\kbd106.dll
2009-04-24 09:29	28,160	ac------	c:\windows\system32\dllcache\irmon.dll
2009-04-24 09:29	151,552	ac------	c:\windows\system32\dllcache\irftp.exe
2009-04-24 09:29	88,192	ac------	c:\windows\system32\dllcache\irda.sys
2009-04-24 09:29	16,384	ac------	c:\windows\system32\dllcache\ipsink.ax
2009-04-24 09:29	5,504	ac------	c:\windows\system32\dllcache\intelide.sys
2009-04-24 09:28	702,845	ac------	c:\windows\system32\dllcache\i81xdnt5.dll
2009-04-24 09:28	18,560	ac------	c:\windows\system32\dllcache\i2omp.sys
2009-04-24 09:28	8,576	ac------	c:\windows\system32\dllcache\i2omgmt.sys
2009-04-24 09:27	21,504	ac------	c:\windows\system32\dllcache\hidserv.dll
2009-04-24 09:27	20,352	ac------	c:\windows\system32\dllcache\hidbatt.sys
2009-04-24 09:27	28,288	ac------	c:\windows\system32\dllcache\grserial.sys
2009-04-24 09:27	59,136	ac------	c:\windows\system32\dllcache\gckernel.sys
2009-04-24 09:27	10,624	ac------	c:\windows\system32\dllcache\gameenum.sys
2009-04-24 09:25	20,992	ac------	c:\windows\system32\dllcache\dshowext.ax
2009-04-24 09:25	206,976	ac------	c:\windows\system32\dllcache\dot4.sys
2009-04-24 09:25	8,320	ac------	c:\windows\system32\dllcache\dlttape.sys
2009-04-24 09:24	249,856	ac------	c:\windows\system32\dllcache\ctmasetp.dll
2009-04-24 09:23	10,240	ac------	c:\windows\system32\dllcache\compbatt.sys
2009-04-24 09:23	13,952	ac------	c:\windows\system32\dllcache\cmbatt.sys
2009-04-24 09:23	8,192	ac------	c:\windows\system32\dllcache\changer.sys
2009-04-24 09:23	17,024	ac------	c:\windows\system32\dllcache\ccdecode.sys
2009-04-24 09:23	121,856	ac------	c:\windows\system32\dllcache\camext30.dll
2009-04-24 09:22	11,776	ac------	c:\windows\system32\dllcache\bdasup.sys
2009-04-24 09:22	18,432	ac------	c:\windows\system32\dllcache\bdaplgin.ax
2009-04-24 09:22	14,208	ac------	c:\windows\system32\dllcache\battc.sys
2009-04-24 09:22	13,696	ac------	c:\windows\system32\dllcache\avcstrm.sys
2009-04-24 09:22	38,912	ac------	c:\windows\system32\dllcache\avc.sys
2009-04-24 09:19	48,128	ac------	c:\windows\system32\dllcache\61883.sys
2009-04-24 09:19	12,288	ac------	c:\windows\system32\dllcache\4mmdat.sys
2009-04-23 16:25	664	a-------	c:\windows\system32\d3d9caps.dat
2009-04-23 15:48	55,640	a-------	c:\windows\system32\drivers\avgntflt.sys
2009-04-23 15:48	<DIR>	--d-----	c:\program files\Avira
2009-04-23 15:48	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Avira
2009-04-22 09:21	<DIR>	--d-----	c:\docume~1\gateway\applic~1\Desktopicon
2009-04-22 09:21	<DIR>	--d-----	c:\program files\Unlocker
2009-04-15 14:38	<DIR>	--dsh---	c:\documents and settings\gateway\IECompatCache
2009-04-15 14:37	<DIR>	--dsh---	c:\documents and settings\gateway\PrivacIE
2009-04-15 14:32	<DIR>	--d-----	c:\documents and settings\gateway\Tracing
2009-04-15 14:31	<DIR>	--d-----	c:\program files\Microsoft Office Outlook Connector
2009-04-15 14:31	55,152	a-------	c:\windows\system32\drivers\fssfltr_tdi.sys
2009-04-15 14:29	3,426,072	a-------	c:\windows\system32\d3dx9_32.dll
2009-04-15 14:29	<DIR>	--d-----	c:\program files\Microsoft SQL Server Compact Edition
2009-04-15 14:28	<DIR>	--d-----	c:\program files\Windows Live SkyDrive
2009-04-15 14:06	<DIR>	--d-----	c:\program files\common files\Windows Live
2009-04-15 14:05	<DIR>	--d-----	c:\program files\Microsoft
2009-04-15 13:50	<DIR>	--d-----	c:\windows\ie8updates
2009-04-15 13:47	<DIR>	-cd-h---	c:\windows\ie8
2009-04-15 13:46	105,984	-c------	c:\windows\system32\dllcache\iecompat.dll
2009-04-15 13:29	603,904	a-------	c:\windows\system32\TUProgSt.exe
2009-04-15 13:29	27,904	a-------	c:\windows\system32\uxtuneup.dll
2009-04-15 13:29	362,240	a-------	c:\windows\system32\TuneUpDefragService.exe
2009-04-15 13:25	<DIR>	--d-h---	c:\windows\system32\System32
2009-04-15 13:25	16,728,832	a-------	c:\docume~1\gateway\applic~1\TU2009TrialEN-US.exe
2009-04-15 11:23	376,896	a-------	c:\windows\system32\IASMCECM.ocx
2009-04-15 11:21	<DIR>	--d-----	C:\EbuDllTmpDir
2009-04-15 11:09	192,512	--------	c:\windows\system32\Stac97co.dll
2009-04-15 11:09	<DIR>	--d-----	C:\dell
2009-04-15 10:28	2,560	--------	c:\windows\system32\xpsp4res.dll
2009-04-15 10:19	<DIR>	--d-----	C:\fixit
2009-04-15 10:16	<DIR>	--d-----	C:\pci32
2009-04-15 10:01	413,696	a-------	c:\windows\sttray.exe
2009-04-14 16:36	7,925,760	a-------	c:\windows\system32\idtsg.cpl
2009-04-14 16:36	212,992	a-------	c:\windows\system32\stacsv.exe
2009-04-14 16:33	1,089,593	-c------	c:\windows\system32\dllcache\ntprint.cat
2009-04-14 16:33	1,985,024	ac------	c:\windows\system32\dllcache\iertutil.dll
2009-04-14 16:33	594,432	ac------	c:\windows\system32\dllcache\msfeeds.dll
2009-04-14 16:33	55,296	ac------	c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-14 16:33	445,952	ac------	c:\windows\system32\dllcache\ieapfltr.dll
2009-04-14 16:33	59,904	ac------	c:\windows\system32\dllcache\icardie.dll
2009-04-14 16:33	13,824	-c------	c:\windows\system32\dllcache\ieudinit.exe
2009-04-14 16:33	3,698,584	ac------	c:\windows\system32\dllcache\ieapfltr.dat
2009-04-14 16:33	1,241,088	ac------	c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-14 16:33	11,063,808	ac------	c:\windows\system32\dllcache\ieframe.dll
2009-04-14 15:17	597,504	-c------	c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2009-04-14 15:17	575,488	-c------	c:\windows\system32\dllcache\xpsshhdr.dll
2009-04-14 15:17	89,088	-c------	c:\windows\system32\dllcache\filterpipelineprintproc.dll
2009-04-14 15:17	1,676,288	-c------	c:\windows\system32\dllcache\xpssvcs.dll
2009-04-14 15:17	<DIR>	--d-----	C:\ddac44ff9edd9a8e5889c120b3c5
2009-04-14 14:17	339,968	a-------	c:\windows\system32\mesoludlg.exe
2009-04-14 14:17	309,760	a-------	c:\windows\system32\difxapi.dll
2009-04-14 14:17	121,232	a-------	c:\windows\system32\IScrNB.bmp
2009-04-14 13:46	2,189,056	ac------	c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-14 13:46	2,066,048	ac------	c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-14 13:21	<DIR>	--d-----	c:\program files\Messenger
2009-04-14 12:59	294,912	-c------	c:\windows\system32\dllcache\msaud32.acm
2009-04-14 12:12	<DIR>	--d-----	c:\program files\ESET
2009-04-13 11:11	<DIR>	--d-----	c:\windows\system32\appmgmt
2009-04-13 09:07	<DIR>	--dsh---	c:\documents and settings\gateway\IETldCache
2009-04-10 14:11	23,040	ac------	c:\windows\system32\dllcache\xrxwbtmp.dll
2009-04-10 14:11	27,648	ac------	c:\windows\system32\dllcache\xrxftplt.exe
2009-04-10 14:11	4,608	ac------	c:\windows\system32\dllcache\xrxflnch.exe
2009-04-10 14:11	99,865	ac------	c:\windows\system32\dllcache\xlog.exe
2009-04-10 14:11	19,455	ac------	c:\windows\system32\dllcache\wvchntxx.sys
2009-04-10 14:11	16,970	ac------	c:\windows\system32\dllcache\xem336n5.sys
2009-04-10 14:11	12,063	ac------	c:\windows\system32\dllcache\wsiintxx.sys
2009-04-10 14:11	154,624	ac------	c:\windows\system32\dllcache\wlluc48.sys
2009-04-10 14:11	34,890	ac------	c:\windows\system32\dllcache\wlandrv2.sys
2009-04-10 14:09	224,802	ac------	c:\windows\system32\dllcache\usr1807a.sys
2009-04-10 14:08	222,336	ac------	c:\windows\system32\dllcache\trid3dm.sys
2009-04-10 14:07	28,384	ac------	c:\windows\system32\dllcache\sym_hi.sys
2009-04-10 14:06	9,600	ac------	c:\windows\system32\dllcache\sonymc.sys
2009-04-10 14:05	161,568	ac------	c:\windows\system32\dllcache\sgsmusb.sys
2009-04-10 14:04	62,496	ac------	c:\windows\system32\dllcache\s3mtrio.dll
2009-04-10 14:03	40,448	ac------	c:\windows\system32\dllcache\ql1240.sys
2009-04-10 14:02	86,016	ac------	c:\windows\system32\dllcache\pctspk.exe
2009-04-10 14:01	51,552	ac------	c:\windows\system32\dllcache\ntgrip.sys
2009-04-10 14:00	103,296	ac------	c:\windows\system32\dllcache\mtxvideo.sys
2009-04-10 14:00	12,416	ac------	c:\windows\system32\dllcache\msriffwv.sys
2009-04-10 14:00	2,944	ac------	c:\windows\system32\dllcache\msmpu401.sys
2009-04-10 14:00	35,200	ac------	c:\windows\system32\dllcache\msgame.sys
2009-04-10 14:00	6,016	ac------	c:\windows\system32\dllcache\msfsio.sys
2009-04-10 14:00	17,280	ac------	c:\windows\system32\dllcache\mraid35x.sys
2009-04-10 14:00	16,128	ac------	c:\windows\system32\dllcache\modemcsa.sys
2009-04-10 14:00	6,528	ac------	c:\windows\system32\dllcache\miniqic.sys
2009-04-10 14:00	320,384	ac------	c:\windows\system32\dllcache\mgaum.sys
2009-04-10 14:00	235,648	ac------	c:\windows\system32\dllcache\mgaud.dll
2009-04-10 14:00	47,616	ac------	c:\windows\system32\dllcache\memgrp.dll
2009-04-10 14:00	8,320	ac------	c:\windows\system32\dllcache\memcard.sys
2009-04-10 14:00	164,586	ac------	c:\windows\system32\dllcache\mdgndis5.sys
2009-04-10 13:58	5,632	ac------	c:\windows\system32\dllcache\kbd103.dll
2009-04-10 13:57	26,624	ac------	c:\windows\system32\dllcache\icam3ext.dll
2009-04-10 13:56	324,608	ac------	c:\windows\system32\dllcache\hpojwia.dll
2009-04-10 13:55	444,416	ac------	c:\windows\system32\dllcache\fpcibase.sys
2009-04-10 13:54	66,591	ac------	c:\windows\system32\dllcache\el90xbc5.sys
2009-04-10 13:53	179,584	ac------	c:\windows\system32\dllcache\dac2w2k.sys
2009-04-10 13:52	13,824	ac------	c:\windows\system32\dllcache\bulltlp3.sys
2009-04-10 13:51	66,048	ac------	c:\windows\system32\dllcache\s3legacy.dll
2009-04-09 14:47	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-04-08 15:55	92,416	ac------	c:\windows\system32\dllcache\mga.sys
2009-04-08 15:54	45,056	ac------	c:\windows\system32\dllcache\EXCH_aqadmin.dll
2009-04-08 15:54	5,632	ac------	c:\windows\system32\dllcache\EXCH_adsiisex.dll
2009-04-08 15:54	49,664	ac------	c:\windows\system32\dllcache\adrot.dll
2009-04-08 15:54	6,144	ac------	c:\windows\system32\dllcache\admxprox.dll
2009-04-08 15:54	7,168	ac------	c:\windows\system32\dllcache\wamregps.dll
2009-04-08 15:54	169,984	ac------	c:\windows\system32\dllcache\iisui.dll
2009-04-08 15:54	19,968	ac------	c:\windows\system32\dllcache\inetsloc.dll
2009-04-08 15:54	14,336	ac------	c:\windows\system32\dllcache\iisreset.exe
2009-04-08 15:54	7,680	ac------	c:\windows\system32\dllcache\inetmgr.exe
2009-04-08 15:54	5,632	ac------	c:\windows\system32\dllcache\iisrstap.dll
2009-04-08 15:54	6,144	ac------	c:\windows\system32\dllcache\ftpsapi2.dll
2009-04-08 15:54	94,720	ac------	c:\windows\system32\dllcache\certmap.ocx
2009-04-08 15:53	488	a---hr--	c:\windows\system32\logonui.exe.manifest
2009-04-08 15:53	749	a---hr--	c:\windows\WindowsShell.Manifest
2009-04-08 15:53	749	a---hr--	c:\windows\system32\wuaucpl.cpl.manifest
2009-04-08 15:53	749	a---hr--	c:\windows\system32\sapi.cpl.manifest
2009-04-08 15:53	749	a---hr--	c:\windows\system32\nwc.cpl.manifest
2009-04-08 15:53	749	a---hr--	c:\windows\system32\ncpa.cpl.manifest
2009-04-08 15:53	16,384	ac------	c:\windows\system32\dllcache\isignup.exe
2009-04-08 15:48	181,895	a-------	c:\windows\system32\nvdsp.chm
2009-04-08 15:48	121,529	a-------	c:\windows\system32\nvcpl.chm
2009-04-08 15:48	116,384	a-------	c:\windows\system32\nv3d.chm
2009-04-08 15:48	54,988	a-------	c:\windows\system32\nvmob.chm
2009-04-08 15:40	13,753	a----r--	c:\windows\SET57.tmp
2009-04-08 15:40	1,086,058	a----r--	c:\windows\SET4B.tmp
2009-04-08 15:40	1,042,903	a----r--	c:\windows\SET48.tmp
2009-04-08 15:17	<DIR>	--d-----	c:\windows\NV8001448.TMP
2009-04-08 15:09	13,753	a----r--	c:\windows\SET56.tmp
2009-04-08 15:09	1,086,058	a----r--	c:\windows\SET4A.tmp
2009-04-08 15:09	1,042,903	a----r--	c:\windows\SET47.tmp
2009-04-08 15:01	<DIR>	--d-----	c:\windows\NV7721412.TMP
2009-04-08 14:54	13,753	a----r--	c:\windows\SET55.tmp
2009-04-08 14:54	1,086,058	a----r--	c:\windows\SET49.tmp
2009-04-08 14:54	1,042,903	a----r--	c:\windows\SET46.tmp
2009-04-08 14:16	<DIR>	--d-----	c:\windows\NV7721824.TMP
2009-04-08 14:03	24,661	ac------	c:\windows\system32\dllcache\spxcoins.dll
2009-04-08 14:03	13,312	ac------	c:\windows\system32\dllcache\irclass.dll
2009-04-08 14:03	24,661	a-------	c:\windows\system32\spxcoins.dll
2009-04-08 14:03	13,312	a-------	c:\windows\system32\irclass.dll
2009-04-08 14:02	37,484	ac------	c:\windows\system32\dllcache\MW770.CAT
2009-04-08 14:02	13,472	ac------	c:\windows\system32\dllcache\HPCRDP.CAT
2009-04-08 14:02	8,574	ac------	c:\windows\system32\dllcache\IASNT4.CAT
2009-04-08 14:02	7,382	ac------	c:\windows\system32\dllcache\OEMBIOS.CAT
2009-04-08 14:02	797,189	ac------	c:\windows\system32\dllcache\NT5IIS.CAT
2009-04-08 14:02	399,645	ac------	c:\windows\system32\dllcache\MAPIMIG.CAT
2009-04-08 14:02	13,753	a----r--	c:\windows\SET8C.tmp
2009-04-08 14:02	1,086,058	a----r--	c:\windows\SET80.tmp
2009-04-08 14:02	1,042,903	a----r--	c:\windows\SET7D.tmp
2009-04-03 15:28	<DIR>	--d-----	c:\docume~1\alluse~1\applic~1\PC Drivers HeadQuarters

==================== Find3M  ====================

2009-04-08 15:51	23,348	a-------	c:\windows\system32\emptyregdb.dat
2009-03-24 10:10	410,984	a-------	c:\windows\system32\deploytk.dll
2009-03-08 04:34	914,944	a-------	c:\windows\system32\wininet.dll
2009-03-08 04:34	43,008	a-------	c:\windows\system32\licmgr10.dll
2009-03-08 04:33	18,944	a-------	c:\windows\system32\corpol.dll
2009-03-08 04:33	420,352	a-------	c:\windows\system32\vbscript.dll
2009-03-08 04:32	72,704	a-------	c:\windows\system32\admparse.dll
2009-03-08 04:32	71,680	a-------	c:\windows\system32\iesetup.dll
2009-03-08 04:31	34,816	a-------	c:\windows\system32\imgutil.dll
2009-03-08 04:31	48,128	a-------	c:\windows\system32\mshtmler.dll
2009-03-08 04:31	45,568	a-------	c:\windows\system32\mshta.exe
2009-03-08 04:22	156,160	a-------	c:\windows\system32\msls31.dll
2009-03-07 10:03	742,770	a-------	c:\windows\system32\abgx360.exe
2009-03-06 17:22	284,160	a-------	c:\windows\system32\pdh.dll
2009-02-09 15:10	729,088	a-------	c:\windows\system32\lsasrv.dll
2009-02-09 15:10	714,752	a-------	c:\windows\system32\ntdll.dll
2009-02-09 15:10	617,472	a-------	c:\windows\system32\advapi32.dll
2009-02-09 15:10	401,408	a-------	c:\windows\system32\rpcss.dll
2009-02-09 14:13	1,846,784	a-------	c:\windows\system32\win32k.sys
2009-02-06 19:03	307,576	a-------	c:\windows\WLXPGSS.SCR
2009-02-06 18:52	49,504	a-------	c:\windows\system32\sirenacm.dll
2009-02-06 14:11	110,592	a-------	c:\windows\system32\services.exe
2009-02-06 14:06	2,145,280	a-------	c:\windows\system32\ntoskrnl.exe
2009-02-06 13:39	35,328	a-------	c:\windows\system32\sc.exe
2009-02-06 13:32	2,023,936	a-------	c:\windows\system32\ntkrnlpa.exe
2009-02-03 22:59	56,832	a-------	c:\windows\system32\secur32.dll

============= FINISH: 16:56:21.95 ===============

Edited by DrunkeNinja, 28 April 2009 - 09:02 AM.


#4 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:46 AM

Posted 28 April 2009 - 06:09 PM

Hi DrunkeNinja,

Sorry for the delay. I am farbar.

I'm afraid I've got bad news.

Your system is infected with one of the nastiest file infectors:

Virut is a polymorphic file infector with some additional features. It spreads all around the drive and infects even files infected by another virus previously. The only symptoms are a strange HDD activity while infecting, and also unwanted TCP traffic. Virut tries to connect you into an IRC network under the user name "Virtu" and zombify you. Unfortunately, the cleaning of this virus is very difficult or almost impossible.

http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

The virus remains resident in memory and infects executable files with ".EXE" and ".SCR" file extensions.


It's damage to the system is almost beyond repair as it disables Windows File Protection:

The virus disables Windows File Protection by injecting code into the "winlogon.exe" process that patches system code in memory.


http://www.ca.com/us/securityadvisor/virus...s.aspx?id=55141

Therefore all those running processes are most probably now the virus agent.

There is a claim by Grisoft that the following tool can remove the infection:

http://www.softpedia.com/get/Antivirus/Win...t-Remover.shtml

This claim is hard to believe. Not only almost all the running processes are infected but also their copy in i386 folder and in the dll cache are patched.

Therefore the only fast and safe answer to the virus is reformatting and reinstalling windows. You may backup non-executable (data) files and reformat the entire hard drive.

#5 Farbar

Farbar

    Just Curious


  • Security Developer
  • 21,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:04:46 AM

Posted 05 May 2009 - 02:43 PM

This thread will now be closed.

If you should have a new issue, please start a new topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users