Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HELP! A virus/malware is killing my computer


  • Please log in to reply
10 replies to this topic

#1 Superman1889

Superman1889

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2009 - 04:05 PM

Ok, I've never used a forum for computer repair before so try to be patient with me while I try to get all the details on here.

I downloaded the virus trying to get a cd key from a program I own that I lost the cd key to. I scanned the keygen's .exe file with all my anti-virus and spyware software and it came up clean. I clicked on it and nothing came up on my screen at all and that's when I new something bad was going to happen.

The virus/malware/spyware/trojan (w/e it is I'm just going to refer to it as the virus) causes my desktop not to load, and causes different programs not to start up because windows has deemed them as possibly hazardous. One of these programs is task manager, but if I get it up fast enough when my computer starts I can keep it on and load programs from it. After this happened, I turned off my computer and started it again. When it loaded the infamous blue screen of death came up with some error that I don't remember. I restarted my computer again and went into safe mode. From safe mode I scanned my computer with avg, adaware, and malwarebytes. These (especially avg) turned up a ton of junk. One thing I found extremely strange tho was what avg said it found. Avg found Win32/heur virus in a ton of different programs, an example is Microsoft Paint.exe, which I'm pretty sure is not a virus. This finished and I restarted my computer and it worked, sort of. My computer worked normally but was slightly slow; also, everytime I click on a link in google, some random website comes up that I didn't want. I turned off my computer and went to bed. When I woke up this morning I fired up the computer and the blue screen of death was staring me in the face again. I repeated the steps I took yesterday, except I also downloaded some other anti-malware program (so that I could see where this malware was hiding) and used it to find the infections and manually delete them. The only notable infection I found on this program was a "Bearshare" infection in the registry. I have yet to restart my computer but I know the same thing will happen as yesterday and it will only sort of work, then after I turn it off I'll have to do this all over again. I'm going to try to give as much information as I can, and when I restart my computer I'll try to find avg's log and show all the strange infections it found. Please help, I've never dealt with anything this bad before. Also, should I use combofix? Thank you anyone and everyone for your help!

------------------
System Information
------------------
Time of this report: 6/21/2009, 16:35:20
Machine name: JOSH-1B78324E3B
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.090206-1234)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc.
System Model: Dell DXP051
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A04
Processor: Intel® Pentium® D CPU 3.00GHz (2 CPUs)
Memory: 2046MB RAM
Page File: 991MB used, 2951MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode

------------
DxDiag Notes
------------
DirectX Files Tab: No problems found.
Display Tab 1: The system is using the generic video driver. Please install video driver provided by the hardware manufacturer. Direct3D functionality not available. You should verify that the driver is a final version from the hardware manufacturer.
Sound Tab 1: No problems found.
Music Tab: No problems found.
Input Tab: No problems found.
Network Tab: No problems found.

--------------------
DirectX Debug Levels
--------------------
Direct3D: 0/4 (n/a)
DirectDraw: 0/4 (retail)
DirectInput: 0/5 (n/a)
DirectMusic: 0/5 (n/a)
DirectPlay: 0/9 (retail)
DirectSound: 0/5 (retail)
DirectShow: 0/6 (retail)

---------------
Display Devices
---------------
Card name:
Manufacturer:
Chip type:
DAC type:
Device Key: Enum\
Display Memory: n/a
Current Mode: 800 x 600 (32 bit) (1Hz)
Monitor:
Monitor Max Res:
Driver Name: vga.dll
Driver Version: 5.01.2600.0000 (English)
DDI Version: unknown
Driver Attributes: Final Retail
Driver Date/Size: 8/10/2004 07:00:00, 9344 bytes
WHQL Logo'd: n/a
WHQL Date Stamp: n/a
VDD: n/a
Mini VDD: vga.sys
Mini VDD Date: 4/13/2008 14:44:40, 20992 bytes
Device Identifier: {D7B70EE0-4340-11CF-B063-282AAEC2C835}
Vendor ID: 0x0000
Device ID: 0x0000
SubSys ID: 0x00000000
Revision ID: 0x0000
Revision ID: 0x0000
Video Accel:
Deinterlace Caps: n/a
Registry: OK
DDraw Status: Not Available
D3D Status: Not Available
AGP Status: Not Available
DDraw Test Result: Not run
D3D7 Test Result: Not run
D3D8 Test Result: Not run
D3D9 Test Result: Not run

-------------
Sound Devices
-------------
Description: Modem #0 Line Playback (emulated)
Default Sound Playback: Yes
Default Voice Playback: No
Hardware ID:
Manufacturer ID: 1
Product ID: 81
Type: Emulated
Driver Name:
Driver Version:
Driver Attributes:
WHQL Logo'd:
Date and Size:
Other Files:
Driver Provider:
HW Accel Level: Full
Cap Flags: 0x0
Min/Max Sample Rate: 0, 0
Static/Strm HW Mix Bufs: 0, 0
Static/Strm HW 3D Bufs: 0, 0
HW Memory: 0
Voice Management: No
EAX™ 2.0 Listen/Src: No, No
I3DL2™ Listen/Src: No, No
Sensaura™ ZoomFX™: No
Registry: OK
Sound Test Result: Not run

---------------------
Sound Capture Devices
---------------------
Description: Modem #0 Line Record (emulated)
Default Sound Capture: Yes
Default Voice Capture: Yes
Driver Name:
Driver Version:
Driver Attributes:
Date and Size:
Cap Flags: 0x0
Format Flags: 0x0

-----------
DirectMusic
-----------
DLS Path: C:\WINDOWS\SYSTEM32\drivers\GM.DLS
DLS Version: 1.00.0016.0002
Acceleration: n/a
Ports: Microsoft Synthesizer, Software (Not Kernel Mode), Output, DLS, Internal, Default Port
Registry: OK
Test Result: Not run

-------------------
DirectInput Devices
-------------------
Device Name: Mouse
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Keyboard
Attached: 1
Controller ID: n/a
Vendor/Product ID: n/a
FF Driver: n/a

Device Name: Microsoft Wireless Optical Mouse® 1.00
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x045E, 0x00E1
FF Driver: n/a

Device Name: Logitech Dual Action USB
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC216
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a

Device Name: USB Receiver
Attached: 1
Controller ID: 0x0
Vendor/Product ID: 0x046D, 0xC509
FF Driver: n/a

Poll w/ Interrupt: No
Registry: OK

-----------
USB Devices
-----------
+ USB Root Hub
| Vendor/Product ID: 0x8086, 0x27CA
| Matching Device ID: usb\root_hub
| Service: usbhub
| Driver: usbhub.sys, 4/13/2008 14:45:37, 59520 bytes
| Driver: usbd.sys, 8/10/2004 07:00:00, 4736 bytes

----------------
Gameport Devices
----------------

------------
PS/2 Devices
------------
+ HID Keyboard Device
| Vendor/Product ID: 0x046D, 0xC509
| Matching Device ID: hid_device_system_keyboard
| Service: kbdhid
| Driver: kbdhid.sys, 4/13/2008 14:39:48, 14592 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
|
+ Terminal Server Keyboard Driver
| Matching Device ID: root\rdp_kbd
| Upper Filters: kbdclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: kbdclass.sys, 4/13/2008 14:39:47, 24576 bytes
|
+ HID-compliant mouse
| Vendor/Product ID: 0x045E, 0x00CB
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 4/13/2008 14:39:48, 23040 bytes
| Driver: mouhid.sys, 8/17/2001 13:48:00, 12160 bytes
|
+ Microsoft USB Wireless Mouse (IntelliPoint)
| Vendor/Product ID: 0x045E, 0x00E1
| Matching Device ID: hid\vid_045e&pid_00e1&col02
| Upper Filters: Point32
| Service: mouhid
| Driver: mouhid.sys, 8/17/2001 13:48:00, 12160 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:48, 23040 bytes
| Driver: point32.sys, 6/30/2006 04:51:21, 21760 bytes
| Driver: ipcoin8.dll, 7/7/2006 19:10:00, 133952 bytes
|
+ HID-compliant mouse
| Vendor/Product ID: 0x046D, 0xC509
| Matching Device ID: hid_device_system_mouse
| Service: mouhid
| Driver: mouclass.sys, 4/13/2008 14:39:48, 23040 bytes
| Driver: mouhid.sys, 8/17/2001 13:48:00, 12160 bytes
|
+ Terminal Server Mouse Driver
| Matching Device ID: root\rdp_mou
| Upper Filters: mouclass
| Service: TermDD
| Driver: termdd.sys, 4/13/2008 20:13:20, 40840 bytes
| Driver: mouclass.sys, 4/13/2008 14:39:48, 23040 bytes

----------------------------
DirectPlay Service Providers
----------------------------
DirectPlay8 Modem Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 Serial Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 IPX Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
DirectPlay8 TCP/IP Service Provider - Registry: OK, File: dpnet.dll (5.03.2600.5512)
Internet TCP/IP Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
IPX Connection For DirectPlay - Registry: OK, File: dpwsockx.dll (5.03.2600.5512)
Modem Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)
Serial Connection For DirectPlay - Registry: OK, File: dpmodemx.dll (5.03.2600.5512)

DirectPlay Voice Wizard Tests: Full Duplex: Not run, Half Duplex: Not run, Mic: Not run
DirectPlay Test Result: Not run
Registry: OK

-------------------
DirectPlay Adapters
-------------------
DirectPlay8 TCP/IP Service Provider: Wireless Network Connection - IPv4 -

-----------------------
DirectPlay Voice Codecs
-----------------------
Voxware VR12 1.4kbit/s
Voxware SC06 6.4kbit/s
Voxware SC03 3.2kbit/s
MS-PCM 64 kbit/s
MS-ADPCM 32.8 kbit/s
Microsoft GSM 6.10 13 kbit/s
TrueSpeech™ 8.6 kbit/s

-------------------------
DirectPlay Lobbyable Apps
-------------------------

--------------
System Devices
--------------
Name: Intel® 82801GR/GH/GHM (ICH7 Family) PCI Express Root Port - 27E2
Device ID: PCI\VEN_8086&DEV_27E2&SUBSYS_00000000&REV_01\3&172E68DD&0&E5
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel® 82801GR/GH/GHM (ICH7 Family) PCI Express Root Port - 27E0
Device ID: PCI\VEN_8086&DEV_27E0&SUBSYS_00000000&REV_01\3&172E68DD&0&E4
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel® 82801G (ICH7 Family) Ultra ATA Storage Controllers - 27DF
Device ID: PCI\VEN_8086&DEV_27DF&SUBSYS_01D11028&REV_01\3&172E68DD&0&F9
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 14:51:52, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:29, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:30, 96512 bytes

Name: Intel® 82801G (ICH7 Family) SMBus Controller - 27DA
Device ID: PCI\VEN_8086&DEV_27DA&SUBSYS_01D11028&REV_01\3&172E68DD&0&FB
Driver: n/a

Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_8086&DEV_27D8&SUBSYS_01D11028&REV_01\3&172E68DD&0&D8
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 12:36:05, 144384 bytes

Name: Intel® 82801G (ICH7 Family) PCI Express Root Port - 27D0
Device ID: PCI\VEN_8086&DEV_27D0&SUBSYS_00000000&REV_01\3&172E68DD&0&E0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel® 82801G (ICH7 Family) USB2 Enhanced Host Controller - 27CC
Device ID: PCI\VEN_8086&DEV_27CC&SUBSYS_01D11028&REV_01\3&172E68DD&0&EF
Driver: C:\WINDOWS\system32\drivers\usbehci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 30208 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes
Driver: C:\WINDOWS\system32\hccoin.dll, 5.01.2600.5512 (English), 4/13/2008 20:11:54, 7168 bytes

Name: Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CB
Device ID: PCI\VEN_8086&DEV_27CB&SUBSYS_01D11028&REV_01\3&172E68DD&0&EB
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27CA
Device ID: PCI\VEN_8086&DEV_27CA&SUBSYS_01D11028&REV_01\3&172E68DD&0&EA
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C9
Device ID: PCI\VEN_8086&DEV_27C9&SUBSYS_01D11028&REV_01\3&172E68DD&0&E9
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel® 82801G (ICH7 Family) USB Universal Host Controller - 27C8
Device ID: PCI\VEN_8086&DEV_27C8&SUBSYS_01D11028&REV_01\3&172E68DD&0&E8
Driver: C:\WINDOWS\system32\drivers\usbuhci.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:35, 20608 bytes
Driver: C:\WINDOWS\system32\drivers\usbport.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:36, 143872 bytes
Driver: C:\WINDOWS\system32\usbui.dll, 5.01.2600.5512 (English), 4/13/2008 20:12:08, 74240 bytes
Driver: C:\WINDOWS\system32\drivers\usbhub.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:37, 59520 bytes

Name: Intel® 82801GB/GR/GH (ICH7 Family) Serial ATA Storage Controller - 27C0
Device ID: PCI\VEN_8086&DEV_27C0&SUBSYS_01D11028&REV_01\3&172E68DD&0&FA
Driver: C:\WINDOWS\system32\DRIVERS\pciide.sys, 5.01.2600.0000 (English), 8/17/2001 14:51:52, 3328 bytes
Driver: C:\WINDOWS\system32\DRIVERS\pciidex.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:29, 24960 bytes
Driver: C:\WINDOWS\system32\DRIVERS\atapi.sys, 5.01.2600.5512 (English), 4/13/2008 14:40:30, 96512 bytes

Name: Intel® 82801GH (ICH7DH) LPC Interface Controller - 27B0
Device ID: PCI\VEN_8086&DEV_27B0&SUBSYS_00000000&REV_01\3&172E68DD&0&F8
Driver: C:\WINDOWS\system32\DRIVERS\isapnp.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:41, 37248 bytes

Name: Intel® 945G/GZ/P/PL PCI Express Root Port - 2771
Device ID: PCI\VEN_8086&DEV_2771&SUBSYS_00000000&REV_00\3&172E68DD&0&08
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel® 945G/GZ/P/PL Processor to I/O Controller - 2770
Device ID: PCI\VEN_8086&DEV_2770&SUBSYS_00000000&REV_00\3&172E68DD&0&00
Driver: n/a

Name: Intel® 82801 PCI Bridge - 244E
Device ID: PCI\VEN_8086&DEV_244E&SUBSYS_00000000&REV_E1\3&172E68DD&0&F0
Driver: C:\WINDOWS\system32\DRIVERS\pci.sys, 5.01.2600.5512 (English), 4/13/2008 14:36:44, 68224 bytes

Name: Intel® PRO/1000 PL Network Connection
Device ID: PCI\VEN_8086&DEV_109A&SUBSYS_01D11028&REV_01\4&22443A69&0&00E5
Driver: C:\WINDOWS\system32\DRIVERS\e1e5132.sys, 9.00.0015.0000 (English), 3/31/2005 18:04:52, 180736 bytes
Driver: C:\WINDOWS\system32\Prounstl.exe, 8.00.0007.0000 (English), 3/9/2005 17:22:52, 151552 bytes
Driver: C:\WINDOWS\system32\e1e5132.din, 12/7/2004 14:26:34, 2740 bytes
Driver: C:\WINDOWS\system32\IntelNic.dll, 8.02.0009.0000 (English), 3/8/2005 19:26:28, 23040 bytes
Driver: C:\WINDOWS\system32\e1000msg.dll, 8.05.0012.0000 (English), 3/9/2005 17:21:40, 163840 bytes
Driver: C:\WINDOWS\system32\EtCoInst.dll, 2.02.0001.0000 (English), 3/10/2005 12:49:42, 17408 bytes

Name: D-Link DWA-552 XtremeN Desktop Adapter
Device ID: PCI\VEN_168C&DEV_0023&SUBSYS_3A6D1186&REV_01\4&5855BE9&0&20F0
Driver: C:\WINDOWS\system32\DRIVERS\athw.sys, 7.04.0002.0105 (English), 4/3/2008 05:03:08, 1333152 bytes

Name: Conexant D850 56K V.9x DFVc Modem
Device ID: PCI\VEN_14F1&DEV_2F20&SUBSYS_200F14F1&REV_00\4&5855BE9&0&28F0
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_CNXT.sys, 7.06.0000.0000 (English), 11/17/2003 16:58:02, 680704 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSFHWBS2.sys, 7.06.0000.0000 (English), 11/17/2003 16:59:20, 212224 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\HSF_DP.sys, 7.06.0000.0000 (English), 11/17/2003 16:56:26, 1042432 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\mdmxsdk.sys, 1.00.0002.0002 (English), 4/9/2003 14:48:08, 11043 bytes
Driver: C:\WINDOWS\SYSTEM32\DRIVERS\del200f.cty, 11/19/2003 03:15:00, 128398 bytes
Driver: C:\WINDOWS\system32\mdmxsdk.dll, 1.00.0002.0002 (English), 4/9/2003 15:01:32, 90112 bytes
Driver: C:\Program Files\CONEXANT\CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1\HXFSetup.exe, 2.01.0008.0000 (English), 10/30/2003 16:25:38, 557056 bytes
Driver: C:\WINDOWS\system32\HSFCI008.dll, 7.99.0099.0099 (English), 10/23/2003 16:01:36, 32218 bytes

Name: Creative SB X-Fi
Device ID: PCI\VEN_1102&DEV_0005&SUBSYS_00311102&REV_00\4&5855BE9&0&10F0
Driver: C:\WINDOWS\system32\drivers\drmk.sys, 5.01.2600.5512 (English), 4/13/2008 14:45:14, 60160 bytes
Driver: C:\WINDOWS\system32\drivers\portcls.sys, 5.01.2600.5512 (English), 4/13/2008 15:19:42, 146048 bytes
Driver: C:\WINDOWS\system32\drivers\stream.sys, 5.03.2600.5512 (English), 4/13/2008 14:45:16, 49408 bytes
Driver: C:\WINDOWS\system32\wdmaud.drv, 5.01.2600.5512 (English), 4/13/2008 20:12:45, 23552 bytes
Driver: C:\WINDOWS\system32\ksuser.dll, 5.03.2600.5512 (English), 4/13/2008 20:11:56, 4096 bytes
Driver: C:\WINDOWS\system32\drivers\ctac32k.sys, 5.12.0001.1186 (English), 5/23/2006 23:37:44, 502272 bytes
Driver: C:\WINDOWS\system32\drivers\ctaud2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:41:04, 499584 bytes
Driver: C:\WINDOWS\system32\drivers\ctoss2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:38:30, 116224 bytes
Driver: C:\WINDOWS\system32\drivers\ctprxy2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:41:07, 7168 bytes
Driver: C:\WINDOWS\system32\drivers\ctsfm2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:38:08, 143872 bytes
Driver: C:\WINDOWS\system32\drivers\emupia2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:38:01, 78336 bytes
Driver: C:\WINDOWS\system32\drivers\ha10kx2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:39:03, 765952 bytes
Driver: C:\WINDOWS\system32\drivers\haP16v2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:39:09, 154112 bytes
Driver: C:\WINDOWS\system32\drivers\haP17v2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:39:15, 180224 bytes
Driver: C:\WINDOWS\system32\drivers\ha20x2k.sys, 5.12.0001.1186 (English), 5/23/2006 23:40:21, 1110016 bytes
Driver: C:\WINDOWS\system32\drivers\pfmodnt.sys, 3.00.0000.0012 (English), 5/24/2006 00:46:07, 8192 bytes
Driver: C:\WINDOWS\system32\ctdlang.dat, 5/23/2006 23:49:25, 323640 bytes
Driver: C:\WINDOWS\system32\ctdnlstr.dat, 5/23/2006 23:49:25, 44567 bytes
Driver: C:\WINDOWS\system32\ctstatic.dat, 5/23/2006 23:33:33, 313207 bytes
Driver: C:\WINDOWS\system32\ctdaught.dat, 5/23/2006 23:33:34, 53932 bytes
Driver: C:\WINDOWS\system32\a3d.dll, 80.00.0000.0003 (English), 5/24/2006 00:38:39, 33792 bytes
Driver: C:\WINDOWS\system32\commonfx.dll, 5.12.0001.1186 (English), 5/23/2006 23:45:48, 87552 bytes
Driver: C:\WINDOWS\system32\ctaudfx.dll, 5.12.0001.1186 (English), 5/23/2006 23:46:02, 536576 bytes
Driver: C:\WINDOWS\system32\ctsblfx.dll, 5.12.0001.1186 (English), 5/23/2006 23:46:58, 548352 bytes
Driver: C:\WINDOWS\system32\cteapsfx.dll, 5.12.0001.1186 (English), 5/23/2006 23:46:32, 160768 bytes
Driver: C:\WINDOWS\system32\CTEXFIFX.dll, 5.12.0001.1186 (English), 5/23/2006 23:47:44, 1170432 bytes
Driver: C:\WINDOWS\system32\CTHWIUT.DLL, 5.12.0001.1186 (English), 5/23/2006 23:48:07, 61952 bytes
Driver: C:\WINDOWS\system32\CT20XUT.DLL, 5.12.0001.1186 (English), 5/23/2006 23:48:02, 158720 bytes
Driver: C:\WINDOWS\system32\ctemupia.dll, 5.12.0001.1186 (English), 5/23/2006 23:48:09, 108032 bytes
Driver: C:\WINDOWS\system32\piaproxy.dll, 5.12.0001.1186 (English), 5/23/2006 23:37:50, 73728 bytes
Driver: C:\WINDOWS\system32\ctdproxy.dll, 5.12.0001.1186 (English), 5/23/2006 23:40:31, 71680 bytes
Driver: C:\WINDOWS\system32\sfman32.dll, 5.12.0001.0130 (English), 5/23/2006 23:38:17, 21504 bytes
Driver: C:\WINDOWS\system32\data\cts20x.dat, 5/23/2006 23:33:34, 2091 bytes
Driver: C:\WINDOWS\system32\data\ctd20x.dat, 5/23/2006 23:33:34, 15899 bytes
Driver: C:\WINDOWS\system32\SBXFi.ico, 2/7/2005 05:45:22, 766 bytes
Driver: C:\WINDOWS\system32\XFi.bmp, 2/7/2005 05:45:22, 3128 bytes
Driver: C:\WINDOWS\system32\ctcoinst.dll, 3.00.0002.0036 (English), 5/24/2006 00:55:00, 81920 bytes
Driver: C:\WINDOWS\system32\ctdvinst.dll, 0.04.0000.0036 (English), 5/24/2006 00:55:01, 146432 bytes
Driver: C:\WINDOWS\system32\drivers\ctdvda2k.sys, 5.13.0001.0467 (English), 11/10/2005 05:06:04, 340704 bytes

Name: Microsoft UAA Bus Driver for High Definition Audio
Device ID: PCI\VEN_1002&DEV_AA18&SUBSYS_AA181545&REV_00\4&1A646D2D&0&0108
Driver: C:\WINDOWS\system32\DRIVERS\hdaudbus.sys, 5.10.0001.5013 (English), 4/13/2008 12:36:05, 144384 bytes

Name: ATI Radeon HD 3800 Series
Device ID: PCI\VEN_1002&DEV_9501&SUBSYS_39501545&REV_00\4&1A646D2D&0&0008
Driver: C:\WINDOWS\system32\DRIVERS\ati2mtag.sys, 6.14.0010.6833 (English), 7/4/2008 02:33:33, 3230720 bytes
Driver: C:\WINDOWS\system32\DRIVERS\ati2erec.dll, 1.00.0000.0013 (English), 7/3/2008 22:28:00, 53248 bytes
Driver: C:\WINDOWS\system32\ati2dvag.dll, 6.14.0010.6833 (English), 7/3/2008 23:23:45, 309248 bytes
Driver: C:\WINDOWS\system32\ati2cqag.dll, 6.14.0010.0384 (English), 7/3/2008 22:22:03, 565248 bytes
Driver: C:\WINDOWS\system32\Ati2mdxx.exe, 6.14.0010.2495 (English), 7/3/2008 23:14:01, 47616 bytes
Driver: C:\WINDOWS\system32\ati3duag.dll, 6.14.0010.0597 (English), 7/3/2008 23:00:59, 3786144 bytes
Driver: C:\WINDOWS\system32\ativvaxx.dll, 6.14.0010.0193 (English), 7/3/2008 22:49:08, 2140672 bytes
Driver: C:\WINDOWS\system32\atiicdxx.dat, 6/10/2008 17:50:17, 174819 bytes
Driver: C:\WINDOWS\system32\ativvaxx.dat, 9/29/2007 02:36:06, 3107788 bytes
Driver: C:\WINDOWS\system32\ativva5x.dat, 9/29/2007 02:36:06, 3107788 bytes
Driver: C:\WINDOWS\system32\ativva6x.dat, 7/3/2008 22:48:42, 887724 bytes
Driver: C:\WINDOWS\system32\amdpcom32.dll, 6.14.0010.0008 (English), 7/3/2008 22:34:38, 48640 bytes
Driver: C:\WINDOWS\system32\atiadlxx.dll, 6.14.0010.1007 (English), 7/3/2008 22:29:01, 32768 bytes
Driver: C:\WINDOWS\system32\ATIDDC.DLL, 6.14.0010.0008 (English), 7/3/2008 23:10:40, 53248 bytes
Driver: C:\WINDOWS\system32\atitvo32.dll, 6.14.0010.4200 (English), 7/3/2008 22:28:50, 17408 bytes
Driver: C:\WINDOWS\system32\ativcoxx.dll, 6.13.0010.0005 (English), 11/9/2001 15:01:04, 24064 bytes
Driver: C:\WINDOWS\system32\ati2evxx.exe, , 0 bytes
Driver: C:\WINDOWS\system32\ati2evxx.dll, 6.14.0010.4177 (English), 7/3/2008 23:13:35, 139264 bytes
Driver: C:\WINDOWS\system32\atipdlxx.dll, 6.14.0010.2537 (English), 7/3/2008 23:14:23, 184320 bytes
Driver: C:\WINDOWS\system32\Oemdspif.dll, 6.15.0004.0003 (English), 7/3/2008 23:14:10, 143360 bytes
Driver: C:\WINDOWS\system32\ati2edxx.dll, 6.14.0010.2513 (English), 7/3/2008 23:13:52, 43520 bytes
Driver: C:\WINDOWS\system32\atikvmag.dll, 6.14.0010.0082 (English), 7/3/2008 22:30:28, 348160 bytes
Driver: C:\WINDOWS\system32\atifglpf.xml, 8/31/2007 09:20:49, 7167 bytes
Driver: C:\WINDOWS\system32\ATIDEMGX.dll, 2.00.3106.40351 (English), 7/3/2008 23:25:03, 421888 bytes
Driver: C:\WINDOWS\system32\atiok3x2.dll, 6.14.0010.7769 (English), 7/3/2008 23:06:26, 253952 bytes
Driver: C:\WINDOWS\system32\atioglx2.dll, 6.14.0010.7769 (English), 7/3/2008 23:48:30, 9490432 bytes
Driver: C:\WINDOWS\system32\atiiiexx.dll, 6.14.0010.4006 (English), 7/3/2008 22:55:27, 307200 bytes
Driver: C:\WINDOWS\atiogl.xml, 5/13/2008 08:10:10, 13052 bytes
Driver: C:\WINDOWS\system32\ATIODCLI.exe, 8/21/2007 15:36:12, 72164 bytes
Driver: C:\WINDOWS\system32\ATIODE.exe, 8/21/2007 17:51:16, 126884 bytes

------------------
DirectX Components
------------------
ddraw.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 279552 bytes
ddrawex.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 27136 bytes
dxapi.sys: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 10496 bytes
d3d8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1179648 bytes
d3d8thk.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 8192 bytes
d3d9.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 1689088 bytes
d3dim.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 436224 bytes
d3dim700.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:51 824320 bytes
d3dramp.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 590336 bytes
d3drm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 350208 bytes
d3dxof.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 47616 bytes
d3dpmesh.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 34816 bytes
dplay.dll: 5.00.2134.0001 English Final Retail 8/10/2004 07:00:00 33040 bytes
dplayx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 229888 bytes
dpmodemx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 23552 bytes
dpwsock.dll: 5.00.2134.0001 English Final Retail 8/10/2004 07:00:00 42768 bytes
dpwsockx.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 57344 bytes
dplaysvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 51200 bytes
dpnsvr.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:17 39424 bytes
dpnet.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 375296 bytes
dpnlobby.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:20 3072 bytes
dpnaddr.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:09:19 3072 bytes
dpvoice.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 212480 bytes
dpvsetup.exe: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:18 104960 bytes
dpvvox.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 116736 bytes
dpvacm.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 21504 bytes
dpnhpast.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35328 bytes
dpnhupnp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 60928 bytes
dpserial.dll: 5.00.2134.0001 English Final Retail 8/10/2004 07:00:00 53520 bytes
dinput.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 158720 bytes
dinput8.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181760 bytes
dimap.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 44032 bytes
diactfrm.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 394240 bytes
joy.cpl: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:41 68608 bytes
gcdef.dll: 5.01.2600.0000 English Final Retail 8/10/2004 07:00:00 76800 bytes
pid.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:02 35328 bytes
dsound.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 367616 bytes
dsound3d.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1293824 bytes
dswave.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 19456 bytes
dsdmo.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dsdmoprp.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 71680 bytes
dmusic.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 104448 bytes
dmband.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 28672 bytes
dmcompos.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 61440 bytes
dmime.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 181248 bytes
dmloader.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 35840 bytes
dmstyle.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 105984 bytes
dmsynth.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 103424 bytes
dmscript.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 82432 bytes
system.dll: 1.00.3705.6060 English Final Retail 8/13/2008 02:54:02 1179648 bytes
system.dll: 1.01.4322.2407 English Final Retail 11/2/2007 23:34:08 1232896 bytes
Microsoft.DirectX.Direct3D.dll: 9.05.0132.0000 English Final Retail 5/12/2009 13:53:11 473600 bytes
Microsoft.DirectX.Direct3DX.dll: 5.04.0000.3900 English Final Retail 5/12/2009 13:53:04 2676224 bytes
Microsoft.DirectX.Direct3DX.dll: 9.04.0091.0000 English Final Retail 5/12/2009 13:53:06 2846720 bytes
Microsoft.DirectX.Direct3DX.dll: 9.05.0132.0000 English Final Retail 5/12/2009 13:53:07 563712 bytes
Microsoft.DirectX.Direct3DX.dll: 9.06.0168.0000 English Final Retail 5/12/2009 13:53:07 567296 bytes
Microsoft.DirectX.Direct3DX.dll: 9.07.0239.0000 English Final Retail 5/12/2009 13:53:08 576000 bytes
Microsoft.DirectX.Direct3DX.dll: 9.08.0299.0000 English Final Retail 5/12/2009 13:53:08 577024 bytes
Microsoft.DirectX.Direct3DX.dll: 9.09.0376.0000 English Final Retail 5/12/2009 13:53:09 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.10.0455.0000 English Final Retail 5/12/2009 13:53:09 577536 bytes
Microsoft.DirectX.Direct3DX.dll: 9.11.0519.0000 English Final Retail 5/12/2009 13:53:09 578560 bytes
Microsoft.DirectX.Direct3DX.dll: 9.12.0589.0000 English Final Retail 5/12/2009 13:53:12 578560 bytes
Microsoft.DirectX.DirectDraw.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:12 145920 bytes
Microsoft.DirectX.DirectInput.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:13 159232 bytes
Microsoft.DirectX.DirectPlay.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:13 364544 bytes
Microsoft.DirectX.DirectSound.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:13 178176 bytes
Microsoft.DirectX.AudioVideoPlayback.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:11 53248 bytes
Microsoft.DirectX.Diagnostics.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:11 12800 bytes
Microsoft.DirectX.dll: 5.04.0000.2904 English Final Retail 5/12/2009 13:53:10 223232 bytes
dx7vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 619008 bytes
dx8vb.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 1227264 bytes
dxdiagn.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:52 2113536 bytes
mfc40.dll: 4.01.0000.6140 English Final Retail 8/10/2004 07:00:00 924432 bytes
mfc42.dll: 6.02.4131.0000 English Final Retail 4/13/2008 20:11:56 1028096 bytes
wsock32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:10 22528 bytes
amstream.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:49 70656 bytes
devenum.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:51 59904 bytes
dxmasf.dll: 6.04.0009.1133 English Final Retail 4/13/2008 20:11:52 498742 bytes
mciqtz32.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:56 35328 bytes
mpg2splt.ax: 6.05.2710.2732 English Final Retail 8/5/2005 14:06:50 165376 bytes
msdmo.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:11:59 14336 bytes
encapi.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:53 20480 bytes
qasf.dll: 11.00.5721.5145 English Final Retail 10/18/2006 22:47:18 211456 bytes
qcap.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 192512 bytes
qdv.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 279040 bytes
qdvd.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 386048 bytes
qedit.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:03 562176 bytes
qedwipes.dll: 6.05.2600.5512 English Final Retail 4/13/2008 13:21:32 733696 bytes
quartz.dll: 6.05.2600.5731 English Final Retail 12/20/2008 18:14:38 1288192 bytes
strmdll.dll: 4.01.0000.3937 English Final Retail 10/3/2008 06:02:42 247326 bytes
iac25_32.ax: 2.00.0005.0053 English Final Retail 4/13/2008 20:12:42 199680 bytes
ir41_32.ax: 4.51.0016.0003 English Final Retail 4/13/2008 20:12:42 848384 bytes
ir41_qc.dll: 4.30.0062.0002 English Final Retail 4/13/2008 20:11:55 120320 bytes
ir41_qcx.dll: 4.30.0064.0001 English Final Retail 4/13/2008 20:11:55 338432 bytes
ir50_32.dll: 5.2562.0015.0055 English Final Retail 4/13/2008 20:11:55 755200 bytes
ir50_qc.dll: 5.00.0063.0048 English Final Retail 4/13/2008 20:11:55 200192 bytes
ir50_qcx.dll: 5.00.0064.0048 English Final Retail 4/13/2008 20:11:55 183808 bytes
ivfsrc.ax: 5.10.0002.0051 English Final Retail 4/13/2008 20:12:42 154624 bytes
mswebdvd.dll: 6.05.2600.5512 English Final Retail 4/13/2008 20:12:01 203776 bytes
ks.sys: 5.03.2600.5512 English Final Retail 4/13/2008 15:16:36 141056 bytes
ksproxy.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 129536 bytes
ksuser.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:11:56 4096 bytes
stream.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:45:16 49408 bytes
mspclock.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5376 bytes
mspqm.sys: 5.01.2600.5512 English Final Retail 4/13/2008 14:39:51 4992 bytes
mskssrv.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:52 7552 bytes
swenum.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:53 4352 bytes
mstee.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:39:50 5504 bytes
bdaplgin.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 18432 bytes
bdasup.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:21 11776 bytes
msdvbnp.ax: 6.05.2710.2732 English Final Retail 8/5/2005 15:01:54 58368 bytes
psisdecd.dll: 6.05.2715.3011 English Final Retail 10/9/2006 17:12:14 235008 bytes
psisrndr.ax: 6.05.2715.3011 English Final Retail 10/9/2006 17:12:30 224256 bytes
ipsink.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 16384 bytes
mpeg2data.ax: 6.05.2710.2732 English Final Retail 8/5/2005 15:01:54 62976 bytes
ndisip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:22 10880 bytes
mpe.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:22 15232 bytes
streamip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:21 15232 bytes
msvidctl.dll: 6.05.2715.3011 English Final Retail 10/9/2006 17:15:52 1669632 bytes
slip.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 11136 bytes
nabtsfec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:25 85248 bytes
ccdecode.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:23 17024 bytes
vbisurf.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 30208 bytes
msyuv.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:01 16896 bytes
kstvtune.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 61952 bytes
ksxbar.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 43008 bytes
kswdmcap.ax: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:42 91136 bytes
vfwwdm32.dll: 5.01.2600.5512 English Final Retail 4/13/2008 20:12:08 53760 bytes
wstcodec.sys: 5.03.2600.5512 English Final Retail 4/13/2008 14:46:24 19200 bytes
wstdecod.dll: 5.03.2600.5512 English Final Retail 4/13/2008 20:12:10 50688 bytes
msdv.sys: 5.01.2600.0000 English Final Retail 7/9/2004 05:26:38 52096 bytes

------------------
DirectShow Filters
------------------

WDM Streaming VBI Codecs:
NABTS/FEC VBI Codec,0x00000000,0,0,,
CC Decoder,0x00000000,0,0,,
WST Codec,0x00000000,0,0,,

DirectShow Filters:
WMAudio Decoder DMO,0x00800800,1,1,,
WMAPro over S/PDIF DMO,0x00600800,1,1,,
WMA Voice Decoder DMO,0x00600800,1,1,,
WMVideo Advanced Decoder DMO,0x00800001,1,1,,
Mpeg4s Decoder DMO,0x00800001,1,1,,
WMV Screen decoder DMO,0x00800001,1,1,,
WMVideo Decoder DMO,0x00800001,1,1,,
Mpeg43 Decoder DMO,0x00800001,1,1,,
Mpeg4 Decoder DMO,0x00800001,1,1,,
WMT MuxDeMux Filter,0x00200000,0,0,wmm2filt.dll,2.01.4026.0000
InterVideo Video Decoder,0x00700000,2,3,,
Creative LiveRecording Filter,0x00400000,0,1,LiveRec.ax,2.01.0001.0000
Full Screen Renderer,0x00200000,1,0,quartz.dll,6.05.2600.5731
CT Upsampler filter,0x00100000,1,1,Upsample.ax,2.00.0005.0000
ATI Ticker,0x00200000,0,1,Ticker.ax,
Creative Wave Writer,0x00200000,1,0,WavWrite.ax,3.01.0004.0000
WST Renderer,0x00800000,1,1,WSTRenderer.ax,6.05.2710.2732
DV Muxer,0x00400000,0,0,qdv.dll,6.05.2600.5512
Creative MLP Source Filter,0x00400000,0,1,MlpSrc.ax,3.00.0000.0000
Color Space Converter,0x00400001,1,1,quartz.dll,6.05.2600.5731
WM ASF Reader,0x00400000,0,0,qasf.dll,11.00.5721.5145
Creative NVF Filter,0x00400000,0,1,NvfSrc.ax,3.00.0000.0000
Screen Capture filter,0x00200000,0,1,wmpsrcwp.dll,11.00.5721.5145
AVI Splitter,0x00600000,1,1,quartz.dll,6.05.2600.5731
BPM Metadata,0x001fffff,1,1,MetaBPM.ax,1.00.0004.0000
WMT AudioAnalyzer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VGA 16 Color Ditherer,0x00400000,1,1,quartz.dll,6.05.2600.5731
Indeo® video 5.10 Compression Filter,0x00200000,1,1,ir50_32.dll,5.2562.0015.0055
BPM Metadata,0x001fffff,1,1,MetaBPMu.ax,2.00.0002.0000
Windows Media Audio Decoder,0x00800001,1,1,msadds32.ax,8.00.0000.4487
Creative Recording Wav_Asio Filter,0x00400000,0,1,AudioRec.ax,1.00.0002.0000
AC3 Parser Filter,0x00600000,1,1,mpg2splt.ax,6.05.2710.2732
WMT Format Conversion,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
CT Time-Scaling filter,0x00100000,1,1,TimeScal.ax,2.03.0001.0000
StreamBufferSink,0x00200000,0,0,sbe.dll,6.05.2715.3011
WMT Black Frame Generator,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Microsoft TV Caption Decoder,0x00600000,1,0,MSTVCapn.dll,5.01.2715.3011
MJPEG Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5731
Indeo® video 5.10 Decompression Filter,0x00640000,1,1,ir50_32.dll,5.2562.0015.0055
WMT Screen Capture filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
SVM Metadata,0x001fffff,1,1,MetaSVM.ax,1.00.0006.0000
Microsoft Screen Video Decompressor,0x00800000,1,1,msscds32.ax,8.00.0000.4487
MPEG-I Stream Splitter,0x00600000,1,2,quartz.dll,6.05.2600.5731
SAMI (CC) Parser,0x00400000,1,1,quartz.dll,6.05.2600.5731
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2710.2732
MPEG Layer-3 Decoder,0x00810000,1,1,l3codecx.ax,1.05.0000.0050
MPEG-2 Splitter,0x005fffff,1,0,mpg2splt.ax,6.05.2710.2732
ACELP.net Sipro Lab Audio Decoder,0x00800001,1,1,acelpdec.ax,1.04.0000.0000
Internal Script Command Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5731
MPEG Audio Decoder,0x03680001,1,1,quartz.dll,6.05.2600.5731
MMACE ProcAmp,0x00200000,0,2,MMACEFilters.dll,
File Source (Netshow URL),0x00400000,0,1,wmpasf.dll,11.00.5721.5145
WMT Import Filter,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
DV Splitter,0x00600000,1,2,qdv.dll,6.05.2600.5512
Bitmap Generate,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Windows Media Video Decoder,0x00800000,1,1,wmvds32.ax,8.00.0000.4487
Video Mixing Renderer 9,0x00200000,1,0,quartz.dll,6.05.2600.5731
Windows Media Video Decoder,0x00800000,1,1,wmv8ds32.ax,8.00.0000.4000
WMT VIH2 Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
PCM to EXT,0x00200000,0,0,Pcm2Ext.ax,6.00.0002.0000
Record Queue,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
CT Karaoke filter,0x00100000,1,1,Karaoke.ax,2.00.0003.0000
Creative AC3 Source Filter,0x00400000,0,1,AC3Srcu.ax,3.01.0000.0000
Creative PCM Raw Writer,0x00200000,1,0,RawWritu.ax,1.00.0000.0000
Creative MP3 Source Filter,0x00400000,0,1,Mp3Src.ax,3.01.0003.0000
Windows Media Multiplexer,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASX v.2 file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
NSC file Parser,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
CT PDP filter,0x00100000,1,1,PDP.ax,1.00.0008.0000
ACM Wrapper,0x00600000,1,1,quartz.dll,6.05.2600.5731
Windows Media source filter,0x00600000,0,2,wmpasf.dll,11.00.5721.5145
Video Renderer,0x00800001,1,0,quartz.dll,6.05.2600.5731
Frame Eater,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Video Stream Analyzer,0x00200000,0,0,sbe.dll,6.05.2715.3011
Line 21 Decoder,0x00600000,1,1,qdvd.dll,6.05.2600.5512
Video Port Manager,0x00600000,2,1,quartz.dll,6.05.2600.5731
WST Decoder,0x00600000,1,1,wstdecod.dll,5.03.2600.5512
Video Renderer,0x00400000,1,0,quartz.dll,6.05.2600.5731
Creative AC3 Source Filter,0x00400000,0,1,AC3Src.ax,3.00.0002.0000
CT SmartVolumeManagement filter,0x00100000,1,1,DSCompr.ax,1.00.0002.0000
Creative Audio Gain Filter,0x00200000,1,1,AudGain.ax,1.00.0000.0000
WM ASF Writer,0x00400000,0,0,qasf.dll,11.00.5721.5145
InterVideo Audio Decoder,0x00700000,1,1,,
CBVA Filter,0x00200000,1,1,CBVAFilter.dll,5.01.2700.2180
WMT Sample Information Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
VBI Surface Allocator,0x00600000,1,1,vbisurf.ax,5.03.2600.5512
Creative MP3 Writer,0x00200000,1,0,MP3Write.ax,3.00.0002.0000
Microsoft MPEG-4 Video Decompressor,0x00800000,1,1,mpg4ds32.ax,8.00.0000.4487
MMACE SoftEmu,0x00200000,0,2,MMACEFilters.dll,
File writer,0x00200000,1,0,qcap.dll,6.05.2600.5512
Creative MLP Source Filter,0x00400000,0,1,MlpSrcu.ax,3.01.0000.0000
AEWave,0x00200000,0,0,AEWave.ax,
SVM Metadata,0x001fffff,1,1,MetaSVMu.ax,2.00.0002.0000
CT HPVirtualizer filter,0x00100000,1,1,Virtual.ax,1.00.0000.0000
WMT Log Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Virtual Renderer,0x00200000,1,0,wmm2filt.dll,2.01.4026.0000
DVD Navigator,0x00200000,0,2,qdvd.dll,6.05.2600.5512
MMACE DeInterlace,0x00200000,0,2,MMACEFilters.dll,
Sonic Cinemaster® MCE Audio Decoder,0x00710000,1,1,CinemasterAudio.DLL,2.05.0004.1414
Overlay Mixer2,0x00400000,1,1,qdvd.dll,6.05.2600.5512
CT CMSS3 filter,0x00100000,1,1,CMSS3.ax,3.00.0013.0000
AVI Draw,0x00600064,9,1,quartz.dll,6.05.2600.5731
.RAM file Parser,0x00600000,1,0,wmpasf.dll,11.00.5721.5145
WST Pager,0x00800000,1,1,WSTPager.ax,6.05.2710.2732
WMT DirectX Transform Wrapper,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
G.711 Codec,0x00200000,1,1,g711codc.ax,5.01.2600.0000
MPEG-2 Demultiplexer,0x00600000,1,1,mpg2splt.ax,6.05.2710.2732
DV Video Decoder,0x00800000,1,1,qdv.dll,6.05.2600.5512
Creative NVF Filter,0x00400000,0,1,NvfSrcu.ax,3.01.0001.0000
Indeo® audio software,0x00500000,1,1,iac25_32.ax,2.00.0005.0053
Windows Media Update Filter,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
Creative PCM Raw Writer,0x00200000,1,0,RawWrit.ax,1.00.0000.0000
Noise Reduction,0x00100000,1,1,NoisRedu.ax,3.00.0002.0000
ASF DIB Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ACM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF ICM Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF URL Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF JPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF DJPEG Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
ASF embedded stuff Handler,0x00600000,1,1,wmpasf.dll,11.00.5721.5145
9x8Resize,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WIA Stream Snapshot Filter,0x00200000,1,1,wiasf.ax,1.00.0000.0000
Allocator Fix,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
SampleGrabber,0x00200000,1,1,qedit.dll,6.05.2600.5512
Null Renderer,0x00200000,1,0,qedit.dll,6.05.2600.5512
Creative WMA Writer,0x00200000,1,0,WMAWrite.ax,3.01.0004.0000
WMT Virtual Source,0x00200000,0,1,wmm2filt.dll,2.01.4026.0000
MPEG-2 Sections and Tables,0x005fffff,1,0,mpeg2data.ax,6.05.2710.2732
WMT Interlacer,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
StreamBufferSource,0x00200000,0,0,sbe.dll,6.05.2715.3011
Smart Tee,0x00200000,1,2,qcap.dll,6.05.2600.5512
Creative WMA Source Filter,0x00400000,0,1,WmaSrc.ax,3.01.0001.0000
Overlay Mixer,0x00200000,0,0,qdvd.dll,6.05.2600.5512
AVI Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5731
Uncompressed Domain Shot Detection Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
AVI/WAV File Source,0x00400000,0,2,quartz.dll,6.05.2600.5731
QuickTime Movie Parser,0x00600000,1,1,quartz.dll,6.05.2600.5731
Wave Parser,0x00400000,1,1,quartz.dll,6.05.2600.5731
MIDI Parser,0x00400000,1,1,quartz.dll,6.05.2600.5731
Multi-file Parser,0x00400000,1,1,quartz.dll,6.05.2600.5731
File stream renderer,0x00400000,1,1,quartz.dll,6.05.2600.5731
XML Playlist,0x00400000,1,0,wmpasf.dll,11.00.5721.5145
Sonic Cinemaster® DS Video Decoder,0x00710000,2,1,CinemasterVideo.DLL,2.07.0006.9086
AVI Mux,0x00200000,1,0,qcap.dll,6.05.2600.5512
Line 21 Decoder 2,0x00600002,1,1,quartz.dll,6.05.2600.5731
File Source (Async.),0x00400000,0,1,quartz.dll,6.05.2600.5731
File Source (URL),0x00400000,0,1,quartz.dll,6.05.2600.5731
WMT DV Extract,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Creative CDDA Source Filter,0x00400000,0,1,CDDA.ax,3.00.0002.0000
Creative LiveRecording Filter SxS,0x00400000,0,1,LiveRecu.ax,5.00.0001.0000
WMT Switch Filter,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
WMT Volume,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Creative Internet Source Filter,0x00400000,0,1,InetSrcu.ax,1.00.0000.0000
Stretch Video,0x00200000,1,1,wmm2filt.dll,2.01.4026.0000
Infinite Pin Tee Filter,0x00200000,1,1,qcap.dll,6.05.2600.5512
BDA MPEG2 Transport Information Filter,0x00200000,2,0,psisrndr.ax,6.05.2715.3011
QT Decompressor,0x00600000,1,1,quartz.dll,6.05.2600.5731
MPEG Video Decoder,0x40000001,1,1,quartz.dll,6.05.2600.5731
Indeo® video 4.4 Decompression Filter,0x00640000,1,1,ir41_32.ax,4.51.0016.0003
Indeo® video 4.4 Compression Filter,0x00200000,1,1,ir41_32.ax,4.51.0016.0003

WDM Streaming Tee/Splitter Devices:
Tee/Sink-to-Sink Converter,0x00000000,0,0,,

Video Compressors:
WMVideo8 Encoder DMO,0x00600800,1,1,,
MSScreen encoder DMO,0x00600800,1,1,,
WMVideo9 Encoder DMO,0x00600800,1,1,,
MSScreen 9 encoder DMO,0x00600800,1,1,,
DV Video Encoder,0x00200000,0,0,qdv.dll,6.05.2600.5512
Indeo® video 5.10 Compression Filter,0x00100000,1,1,ir50_32.dll,5.2562.0015.0055
MJPEG Compressor,0x00200000,0,0,quartz.dll,6.05.2600.5731
Cinepak Codec by Radius,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel 4:2:0 Video V2.50,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video R3.2,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel Indeo® Video 4.5,0x00200000,1,1,qcap.dll,6.05.2600.5512
Indeo® video 5.10,0x00200000,1,1,qcap.dll,6.05.2600.5512
Intel IYUV codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.261 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft H.263 Video Codec,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft RLE,0x00200000,1,1,qcap.dll,6.05.2600.5512
Microsoft Video 1,0x00200000,1,1,qcap.dll,6.05.2600.5512

Audio Compressors:
WMA Voice Encoder DMO,0x00600800,1,1,,
WM Speech Encoder DMO,0x00600800,1,1,,
WMAudio Encoder DMO,0x00600800,1,1,,
IAC2,0x00200000,1,1,quartz.dll,6.05.2600.5731
IMA ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5731
PCM,0x00200000,1,1,quartz.dll,6.05.2600.5731
Microsoft ADPCM,0x00200000,1,1,quartz.dll,6.05.2600.5731
ACELP.net,0x00200000,1,1,quartz.dll,6.05.2600.5731
DSP Group TrueSpeech™,0x00200000,1,1,quartz.dll,6.05.2600.5731
Windows Media Audio V1,0x00200000,1,1,quartz.dll,6.05.2600.5731
Windows Media Audio V2,0x00200000,1,1,quartz.dll,6.05.2600.5731
GSM 6.10,0x00200000,1,1,quartz.dll,6.05.2600.5731
Microsoft G.723.1,0x00200000,1,1,quartz.dll,6.05.2600.5731
CCITT A-Law,0x00200000,1,1,quartz.dll,6.05.2600.5731
CCITT u-Law,0x00200000,1,1,quartz.dll,6.05.2600.5731
MPEG Layer-3,0x00200000,1,1,quartz.dll,6.05.2600.5731

Audio Capture Sources:
Modem #0 Line Record,0x00200000,0,0,qcap.dll,6.05.2600.5512

Midi Renderers:
Default MidiOut Device,0x00800000,1,0,quartz.dll,6.05.2600.5731

BDA Rendering Filters:
BDA IP Sink,0x00000000,0,0,,

BDA Network Providers:
Microsoft ATSC Network Provider,0x00200000,0,1,msdvbnp.ax,6.05.2710.2732
Microsoft DVBC Network Provider,0x00200000,0,1,msdvbnp.ax,6.05.2710.2732
Microsoft DVBS Network Provider,0x00200000,0,1,msdvbnp.ax,6.05.2710.2732
Microsoft DVBT Network Provider,0x00200000,0,1,msdvbnp.ax,6.05.2710.2732
Microsoft Network Provider,0x00200000,0,1,MSNP.ax,6.05.2710.2732

Multi-Instance Capable VBI Codecs:
VBI Codec,0x00600000,1,4,VBICodec.ax,6.05.2710.2732

BDA Transport Information Renderers:
BDA MPEG2 Transport Information Filter,0x00600000,2,0,psisrndr.ax,6.05.2715.3011
MPEG-2 Sections and Tables,0x00600000,1,0,mpeg2data.ax,6.05.2710.2732

BDA CP/CA Filters:
Decrypt/Tag,0x00600000,1,0,encdec.dll,6.05.2715.3011
Encrypt/Tag,0x00200000,0,0,encdec.dll,6.05.2715.3011
XDS Codec,0x00200000,0,0,encdec.dll,6.05.2715.3011

WDM Streaming Communication Transforms:
Tee/Sink-to-Sink Converter,0x00000000,0,0,,

Audio Renderers:
Modem #0 Line Playback,0x00200000,1,0,quartz.dll,6.05.2600.5731
Default DirectSound Device,0x00800000,1,0,quartz.dll,6.05.2600.5731
Default WaveOut Device,0x00200000,1,0,quartz.dll,6.05.2600.5731
DirectSound: Modem #0 Line Playback (emulated),0x00200000,1,0,quartz.dll,6.05.2600.5731

BDA Receiver Components:
BDA Slip De-Framer,0x00600000,1,1,,5.03.2600.5512
BDA MPE Filter,0x00600000,1,1,,5.03.2600.5512

I lied. Right now my desktop still won't load and I'm running everything from the taskmanager. :thumbsup: also I can't figure out where the avg log is.


One other thing, on startup, the program windows stopped from running was usernet something or other I think

BC AdBot (Login to Remove)

 


#2 Superman1889

Superman1889
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2009 - 06:14 PM

ok random update: my computer just popped up another message (it might've been there all along I just didn't see it since I don't have a taskbar that lets things hide behind each other) with another error report saying Windows will not let WMI run or something to that effect. I sent the error report and then msconfig popped up with the box for load startup items filled up with green instead of having a check mark. I clicked the box and closed it and then my desktop appeared. The virus is still there though and I still need help. Thanks!

#3 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:10 AM

Posted 21 June 2009 - 06:17 PM

Hello Superman1889, and :thumbsup: to Bleepingcomputer.

You have a very badly damaged system. In order to have the best chance for recovery, please take careful, detailed notes everything going on with your computer including but not limited to error messages. There is no such thing as too much information in these situations.

In order to see what caused the damage, and thus determine whether this is fixable, we need to attempt to upload that executable you downloaded to Jotti

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the browse button and navigate to the files listed below in bold, then click Submit. You will only be able to have one file scanned at a time.

Submit the file you downloaded

Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

In your next reply, please include the following:
Jotti/Virustotal log

Edited by Blade Zephon, 21 June 2009 - 06:20 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#4 Superman1889

Superman1889
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2009 - 07:03 PM

Thanks for helping me out. Niether site will load :thumbsup:

#5 Superman1889

Superman1889
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2009 - 07:16 PM

Well I couldn't type fast enough... I was racing the clock of my computer telling me it was shutting down initiated by AUTHORITY\ then I lost what I was typing and my computer died.

Basically I went to the task manager and killed a couple of ghost internet explorers that were running and then my computer crashed. Now I'm in safe mode. On the bright side, Jotti is able to load now and I'll see what I can come up with

#6 Superman1889

Superman1889
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:10:10 AM

Posted 21 June 2009 - 07:36 PM

The first file that may have done it (I used a few different files) turned up negative on 19 of the scans by on one it said: Trojan.Crypt

File 2: Clean

File 3: Oh great this one is fun I'm going to just list them under this
Win32:JunkPoly
W32/Virut.Gen
Troj.W32.Obfuscated.gen
Win32.Virut.56
W32/Virut.AI!Generic
IRC-Worm.Win32.Qhost
Virus.Win32.Virut.ce
Win32/Virut.NBP
W32/Smalltroj.OOKS
Mal/Generic-A
Virus.Win32.Virut.1
Win32.Virut.Y.Gen

Figures avg didn't find anything -_- but then again I knew I shouldn't have opened it. Whoever made it did a fine job though.

File 4: Clean

File 5: Clean

Once again thanks for helping me out. This one is going to be fun.

#7 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:10 AM

Posted 21 June 2009 - 07:40 PM

I'm afraid this really isn't going to be fun. Jotti confirmed my suspicions. I regret to inform you that your system is infected with Virut.

Your system is infected with a nasty variant of Virut, a polymorphic file infector with IRCBot functionality which infects .exe, .scr files, downloads more malicious files to your system, and opens a back door that compromises your computer. According to this Norman White Paper Assessment of W32/Virut, some variants can infect the HOSTS file and block access to security related web sites. Virux is an even more complex file infector which can embed an iframe into the body of web-related files and infect script files (.php, .asp, and .html). When Virut creates infected files, it also creates non-functional files that are corrupted beyond repair. In many cases the infected files cannot be disinfected properly by your anti-virus. When disinfection is attempted, the files become corrupted and the system may become irreparable.

The virus has a number of bugs in its code, and as a result it may misinfect a proportion of executable files....some W32/Virut.h infections are corrupted beyond repair.

McAfee Risk Assessment and Overview of W32/Virut

There are bugs in the viral code. When the virus produces infected files, it also creates non-functional files that also contain the virus...Due to the damaged caused to files by virut it's possible to find repaired but corrupted files. They became corrupted by the incorrect writing of the viral code during the process of infection. undetected, corrupted files (possibly still containing part of the viral code) can also be found. this is caused by incorrectly written and non-function viral code present in these files.

AVG Overview of W32/VirutThis kind of infection is contracted and spread by visiting remote, crack and keygen sites. These type of sites are infested with a smörgåsbord of malware and an increasing source of system infection. However, the CA Security Advisor Research Blog says they have found MySpace user pages carrying the malicious Virut URL. Either way you can end up with a computer system so badly damaged that recovery is not possible and it cannot be repaired. When that happens there is nothing you can do besides reformatting and reinstalling the OS.

...warez and crack web pages are being used by cybercriminals as download sites for malware related to VIRUT and VIRUX. Searches for serial numbers, cracks, and even antivirus products like Trend Micro yield malcodes that come in the form of executables or self-extracting files...quick links in these sites also lead to malicious files. Ads and banners are also infection vectors...

Keygen and Crack Sites Distribute VIRUX and FakeAV

If your computer was used for online banking, has credit card information or other sensitive data on it, you should disconnect from the Internet until your system is cleaned. All passwords should be changed immediately to include those used for banking, email, eBay, paypal and online forums. You should consider them to be compromised. You should change each password using a clean computer and not the infected one. If not, an attacker may get the new passwords and transaction information. If using a router, you need to reset it with a strong logon/password so the malware cannot gain control before connect again. Banking and credit card institutions should be notified of the possible security breach. Because your computer was compromised please read:There is no guarantee this infection can be completely removed. In some instances it may have caused so much damage to your system that it cannot be completely cleaned or repaired. The malware may leave so many remnants behind that security tools cannot find them. Many experts in the security community believe that once infected with this type of malware, the best course of action is to wipe the drive clean, reformat and reinstall the OS. Reinstalling Windows without first wiping the entire hard drive with a repartition and/or format will not remove the infection. The reinstall will only overwrite the Windows files. Any malware on the system will still be there afterwards. Please read:
If you have any questions regarding this, or need help with the reformatting process, feel free to post here and I will do all I can to help. Sorry things turned out this way, Virut is one of the few infections that simply cannot be eliminated without a reformat.

Edited by Blade Zephon, 21 June 2009 - 07:44 PM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#8 CalusBlade

CalusBlade

  • Members
  • 538 posts
  • OFFLINE
  •  
  • Local time:09:10 AM

Posted 21 June 2009 - 09:05 PM

I feel your pain Superman1889. My old computer died and norton didn't find anything. This was before bleepingcomputer came out too. But what I learned is, saving a few bucks isn't worth it. Now a days I buy the programs. As blade said keygens are filled with viruses and a lot of other things you don't want. Next time, if you notice something strange, post it here right away. They helped me get rid of unwanted invaders. Also, I would suggest doing what he said because, once your computer dies, its game over. After reformatting, I would suggest rescanning with the program given to you (mal-ware, and jotti). DON'T PUT THEM AS A BACK UP OR IN A DISC, download it again, and repost what you find to make sure they are gone.

#9 joseibarra

joseibarra

  • Members
  • 1,154 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:10:10 AM

Posted 22 June 2009 - 05:10 AM

I have been surveying this topic and others like it as a learning experience and came up with a few questions if anyone feels like answering them.

What was the information gathering tool Superman used to create his system information post? Whenever I see a new tool used, I like to run them on my system to see what they might tell me!

After looking at the information and the Jotti run, Blade said the suspicions were confirmed. What there something in the previous posts that made Blade suspicious before the Jotti confirmation or was it just Blade's experience with the symptoms?

Blade asked Superman to upload the "files listed below in bold" for scanning but I didn't see any files listed in bold, so what 5 files did Superman know to upload for scanning?

Superman uploaded and scanned 5 files. Did Superman download 5 files from the keygen site or just 1 that got expanded into 5 - how did Superman know what 5 files to upload and how did Blade know there were "files".

Does Blade think that there is any scanning software that might have detected this before it went this far, or is it just too late after the fact?

Thanks for the education!

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.


#10 Blade

Blade

    Strong in the Bleepforce


  • Site Admin
  • 12,704 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:US
  • Local time:10:10 AM

Posted 22 June 2009 - 09:56 AM

Hello joseibarra, I'll be happy to answer your questions.

1. I've never seen this information tool myself either, but from the log I would guess it was called DXDiag

------------------
System Information
------------------
Time of this report: 6/21/2009, 16:35:20
Machine name: JOSH-1B78324E3B
Operating System: Windows XP Professional (5.1, Build 2600) Service Pack 3 (2600.xpsp_sp3_gdr.090206-1234)
Language: English (Regional Setting: English)
System Manufacturer: Dell Inc.
System Model: Dell DXP051
BIOS: Phoenix ROM BIOS PLUS Version 1.10 A04
Processor: Intel® Pentium® D CPU 3.00GHz (2 CPUs)
Memory: 2046MB RAM
Page File: 991MB used, 2951MB available
Windows Dir: C:\WINDOWS
DirectX Version: DirectX 9.0c (4.09.0000.0904)
DX Setup Parameters: Not found
DxDiag Version: 5.03.2600.5512 32bit Unicode


2. My suspicions were based off a combination of the symptoms present and the fact that Superman said he had downloaded from a keygen site. keygen and crack sites are the primary infection vectors for Virut.

3. Normally I would have given specific file names to upload, but in this case I didn't know the actual names of the files, so I substituted "Submit the file you downloaded"

4. I can't say exactly, but I would guess that 5 files were downloaded. He knew which files to upload because I asked him to submit whatever he had downloaded from the keygen site.

5. To put it bluntly. . . no. Virut is a computer killer. Once an infected file is executed, the virus spreads to other files on the system, and there is currently no software out there that can detect and remove Virut with 100% accuracy. If even one infected file is missed, the system can become reinfected. It's just a matter of time. The only safe option is to reformat the HD and reinstall the OS.

Hope that helps.

~Blade

Edited by Blade Zephon, 22 June 2009 - 09:58 AM.

Posted Image

If I am helping you, it has been 48 hours since your last post, and I have yet to reply to your topic, please send me a PM
Become a BleepingComputer fan: Facebook
Follow us on Twitter!
Circle us on Google+


#11 joseibarra

joseibarra

  • Members
  • 1,154 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Downstairs
  • Local time:10:10 AM

Posted 22 June 2009 - 11:53 AM

Very good.

I missed the DxDiag reference in the log, but I will check it out.

Never been to a keygen site, but know a little about what they are "for". At least Superman gave enough information up front about what he thought brought this upon himself, so you had to pull fewer teeth to arrive at the only good resolution.

I put away Jotti and Virustotal in my notes, ran a few files through myself just to see what it does, etc. I guess it is sometimes too late by the time you get to the point of having to use them :thumbsup:

I appreciate the response and being sort of new here I like to follow the situations and discussions just to watch and learn more about fixing the situations people sometimes get themselves into.

The interactions are more professional here than some other places, things are monitored, etc. This is a good thing...

The mediocre teacher tells. The good teacher explains. The superior teacher demonstrates.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users