Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown infection - possible trojan


  • This topic is locked This topic is locked
16 replies to this topic

#1 caleman22

caleman22

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 06 May 2010 - 11:07 PM

Hello. My computer has been acting strange recently so I suspect I've got a trojan or something else. My AVG claimed to have removed 2 trojans, but I think there is still something there because the problem isn't solved yet. Strange things that have happened recently: not all but most of my program icons went missing, the computer froze a few times, i can't open up troubleshoot compatibility, some other programs aren't working properly, my mouse isn't responding at all times. I understand it's possible that some of these problems aren't related, but this has all happened within the last 2 or 3 days, so something must be wrong.



DDS (Ver_10-03-17.01) - NTFSx86
Run by Cale at 12:01:13.36 on 06/05/2010
Internet Explorer: 8.0.7600.16385
Microsoft Windows 7 Professional 6.1.7600.0.1252.2.1033.18.2975.1945 [GMT 7:00]

SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Spyware Terminator *enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

============== Running Processes ===============

G:\Windows\system32\wininit.exe
G:\Windows\system32\lsm.exe
G:\Windows\system32\svchost.exe -k DcomLaunch
G:\Windows\system32\svchost.exe -k RPCSS
G:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
G:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
G:\Windows\system32\svchost.exe -k netsvcs
G:\Windows\system32\svchost.exe -k LocalService
G:\Windows\system32\svchost.exe -k NetworkService
G:\Windows\System32\spoolsv.exe
G:\Program Files\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe
G:\Windows\system32\taskhost.exe
G:\Windows\system32\Dwm.exe
G:\Windows\Explorer.EXE
G:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
G:\Program Files\AVG\AVG9\avgwdsvc.exe
G:\Program Files\AVG\AVG9\avgfws9.exe
G:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
G:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
G:\Program Files\VinaPhone Mobile Broadband\UIExec.exe
G:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
G:\Program Files\Spyware Terminator\sp_rsser.exe
G:\Program Files\Spyware Terminator\SpywareTerminatorShield.Exe
G:\Windows\system32\svchost.exe -k imgsvc
G:\Windows\System32\svchost.exe -k WerSvcGroup
G:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
B:\Program Files\VirtualCloneDrive\VCDDaemon.exe
G:\Program Files\AVG\AVG9\avgtray.exe
G:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
G:\Program Files\Windows Sidebar\sidebar.exe
G:\Program Files\VinaPhone Mobile Broadband\UIMain.exe
B:\Program Files\Internet Download Manager\IDMan.exe
G:\Program Files\AVG\AVG9\Identity Protection\agent\bin\avgidsmonitor.exe
G:\Windows\system32\conhost.exe
G:\Program Files\AVG\AVG9\avgam.exe
G:\Program Files\AVG\AVG9\avgnsx.exe
G:\Program Files\AVG\AVG9\avgemc.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
B:\Program Files\Internet Download Manager\IEMonitor.exe
G:\Program Files\AVG\AVG9\avgrsx.exe
G:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
G:\Windows\system32\SearchIndexer.exe
G:\Program Files\AVG\AVG9\avgchsvx.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
G:\Windows\system32\WUDFHost.exe
G:\Program Files\VinaPhone Mobile Broadband\CMUpdater.exe
G:\Program Files\AVG\AVG9\avgcsrvx.exe
G:\Program Files\Winamp\winamp.exe
G:\Program Files\Winamp\Elevator.exe
G:\Windows\system32\sppsvc.exe
G:\Windows\system32\wbem\wmiprvse.exe
G:\Windows\system32\taskhost.exe
G:\Windows\system32\svchost.exe -k SDRSVC
B:\Desktop\dds.scr
G:\Windows\system32\conhost.exe
G:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/ncr
uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: IDMIEHlprObj Class: {0055c089-8582-441b-a0bf-17b458c2a3a8} - b:\program files\internet download manager\IDMIECC.dll
BHO: {140BD8E3-C167-11D4-B4A3-080000180323} - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - g:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - g:\program files\avg\avg9\avgssie.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
BHO: SmartSelect Class: {f4971ee7-daa0-4053-9964-665d8ee6a077} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - g:\program files\avg\avg9\toolbar\IEToolbar.dll
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
TB: {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
uRun: [RegistryMechanic] g:\program files\registry mechanic\RegMech.exe /H
uRun: [AVG Tray Monitor] g:\program files\avg\avg9\avgtray.exe
uRun: [AVG User Interface] g:\program files\avg\avg9\avgui.exe
uRun: [SUPERAntiSpyware] g:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [Sidebar] g:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [IDMan] b:\program files\internet download manager\IDMan.exe /onboot
mRun: [UIExec] "g:\program files\vinaphone mobile broadband\UIExec.exe"
mRun: [WinPatrol] g:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [SpywareTerminator] "g:\program files\spyware terminator\SpywareTerminatorShield.exe"
mRun: [Malwarebytes' Anti-Malware] "g:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRun: [VirtualCloneDrive] "b:\program files\virtualclonedrive\VCDDaemon.exe" /s
uPolicies-explorer: TaskbarNoThumbnail = 0 (0x0)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Append Link Target to Existing PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - g:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html
IE: Download all links with IDM - b:\program files\internet download manager\IEGetAll.htm
IE: Download FLV video content with IDM - b:\program files\internet download manager\IEGetVL.htm
IE: Download with IDM - b:\program files\internet download manager\IEExt.htm
IE: E&xport to Microsoft Excel - g:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C}
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - g:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - g:\program files\avg\avg9\avgpp.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - g:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - g:\program files\superantispyware\SASWINLO.dll
AppInit_DLLs: g:\windows\system32\avgrsstx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - g:\program files\superantispyware\SASSEH.DLL
SEH: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File
Hosts: 127.0.0.1 www.spywareinfo.com

================= FIREFOX ===================

FF - ProfilePath - g:\users\cale\appdata\roaming\mozilla\firefox\profiles\c3bf66b0.default\
FF - prefs.js: browser.search.selectedEngine - English - Vietnamese dictionary
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ncr
FF - component: g:\program files\avg\avg9\firefox\components\avgssff.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll
FF - component: g:\program files\avg\avg9\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll
FF - component: g:\program files\nokia\nokia ovi suite\connectors\bookmarks connector\firefoxextension\components\FirefoxExtension.dll
FF - component: g:\users\cale\appdata\roaming\idm\idmmzcc3\components\idmmzcc.dll
FF - component: g:\users\cale\appdata\roaming\mozilla\firefox\profiles\c3bf66b0.default\extensions\support@lastpass.com\platform\winnt_x86-msvc\components\lpxpcom.dll
FF - plugin: g:\program files\mozilla firefox\plugins\npwachk.dll

---- FIREFOX POLICIES ----
FF - user.js: browser.cache.memory.capacity - 65536
FF - user.js: browser.chrome.favicons - false
FF - user.js: browser.display.show_image_placeholders - true
FF - user.js: browser.turbo.enabled - true
FF - user.js: browser.urlbar.autocomplete.enabled - true
FF - user.js: browser.urlbar.autofill - true
FF - user.js: content.interrupt.parsing - true
FF - user.js: content.max.tokenizing.time - 2250000
FF - user.js: content.notify.backoffcount - 5
FF - user.js: content.notify.interval - 750000
FF - user.js: content.notify.ontimer - true
FF - user.js: content.switch.threshold - 750000
FF - user.js: network.http.max-connections - 48
FF - user.js: network.http.max-connections-per-server - 16
FF - user.js: network.http.max-persistent-connections-per-proxy - 16
FF - user.js: network.http.max-persistent-connections-per-server - 8
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.pipelining.firstrequest - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.request.max-start-delay - 0
FF - user.js: nglayout.initialpaint.delay - 0
FF - user.js: plugin.expose_full_path - true
FF - user.js: ui.submenuDelay - 0
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
g:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
g:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
g:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
g:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
g:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
g:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
g:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R0 AVGIDSErHrw7x;AVG9IDSErHr;g:\windows\system32\drivers\AVGIDSwx.sys [2010-3-3 25096]
R0 AvgRkx86;avgrkx86.sys;g:\windows\system32\drivers\avgrkx86.sys [2010-3-3 52872]
R0 EUBAKUP;EUBAKUP;g:\windows\system32\drivers\eubakup.sys [2010-3-25 27016]
R0 EUFS;EUFS;g:\windows\system32\drivers\eufs.sys [2010-3-25 21896]
R1 Avgfwfd;AVG network filter service;g:\windows\system32\drivers\avgfwd6x.sys [2010-3-3 24856]
R1 AvgLdx86;AVG AVI Loader Driver x86;g:\windows\system32\drivers\avgldx86.sys [2010-3-3 216200]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;g:\windows\system32\drivers\avgmfx86.sys [2010-3-3 29512]
R1 AvgTdiX;AVG Network Redirector;g:\windows\system32\drivers\avgtdix.sys [2010-3-3 242896]
R1 SASDIFSV;SASDIFSV;g:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]
R1 SASKUTIL;SASKUTIL;g:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]
R1 SBRE;SBRE;g:\windows\system32\drivers\SBREDrv.sys [2010-3-9 95024]
R1 sp_rsdrv2;Spyware Terminator Driver 2;g:\windows\system32\drivers\sp_rsdrv2.sys [2010-3-22 142592]
R1 vwififlt;Virtual WiFi Filter Driver;g:\windows\system32\drivers\vwififlt.sys [2009-7-14 48128]
R2 avg9emc;AVG E-mail Scanner;g:\program files\avg\avg9\avgemc.exe [2010-3-5 916760]
R2 avg9wd;AVG WatchDog;g:\program files\avg\avg9\avgwdsvc.exe [2010-3-5 308064]
R2 avgfws9;AVG Firewall;g:\program files\avg\avg9\avgfws9.exe [2010-3-5 2325816]
R2 AVGIDSAgent;AVG9IDSAgent;g:\program files\avg\avg9\identity protection\agent\bin\AVGIDSAgent.exe [2010-3-5 5888008]
R2 SBSDWSCService;SBSD Security Center Service;g:\program files\spybot - search & destroy\SDWinSec.exe [2010-3-3 1153368]
R2 UI Assistant Service;UI Assistant Service;g:\program files\vinaphone mobile broadband\AssistantServices.exe [2010-3-2 246272]
R3 AVGIDSDriverw7x;AVG9IDSDriver;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSDriver.sys [2010-3-3 122376]
R3 AVGIDSFilterw7x;AVG9IDSFilter;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSFilter.sys [2010-3-3 30216]
R3 AVGIDSShimw7x;AVG9IDSShim;g:\program files\avg\avg9\identity protection\agent\driver\platform_win7\AVGIDSShim.sys [2010-3-3 20488]
R3 EuDisk;EASEUS Disk Enumerator;g:\windows\system32\drivers\EuDisk.sys [2010-3-25 123784]
R3 MBAMProtector;MBAMProtector;g:\windows\system32\drivers\mbam.sys [2010-3-22 20824]
R3 RTL8167;Realtek 8167 NT Driver;g:\windows\system32\drivers\Rt86win7.sys [2009-6-11 139776]
S2 MBAMService;MBAMService;g:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-3-22 236368]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;g:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 epmntdrv;epmntdrv;g:\windows\system32\epmntdrv.sys [2010-3-24 14216]
S3 EUDSKACS;EUDSKACS;g:\windows\system32\drivers\eudskacs.sys [2010-3-25 15240]
S3 EuGdiDrv;EuGdiDrv;g:\windows\system32\EuGdiDrv.sys [2010-3-24 8456]
S3 massfilter;ZTE Mass Storage Filter Driver;g:\windows\system32\drivers\massfilter.sys [2010-3-2 9216]
S3 StorSvc;Storage Service;g:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Windows Activation Technologies Service;g:\windows\system32\wat\WatAdminSvc.exe [2010-3-4 1343400]
S4 hpsrv;HP Service;g:\windows\system32\hpservice.exe [2010-2-26 26168]

============== File Associations ===============

.txt=

=============== Created Last 30 ================

2010-05-06 04:29:43 0 ----a-w- g:\users\cale\defogger_reenable
2010-05-06 03:55:29 0 d-----w- g:\users\cale\appdata\roaming\GetRightToGo
2010-05-05 17:29:05 0 d-----w- G:\DECCHECK
2010-04-29 20:06:47 0 d-----w- g:\users\cale\appdata\roaming\TweakNow RegCleaner
2010-04-29 18:55:38 0 d-----w- g:\users\cale\appdata\roaming\GameInvest
2010-04-29 17:05:13 0 d-----w- g:\users\cale\appdata\roaming\IDM
2010-04-28 09:03:56 194488 ----a-w- g:\windows\system32\drivers\fvevol.sys
2010-04-28 09:03:53 1037312 ----a-w- g:\windows\system32\lsasrv.dll
2010-04-28 09:03:52 133720 ----a-w- g:\windows\system32\drivers\ksecpkg.sys
2010-04-27 13:30:30 210352 ----a-w- g:\windows\system32\idmmbc.dll
2010-04-27 11:07:06 0 d-----w- g:\users\cale\appdata\roaming\AnvSoft
2010-04-25 08:06:23 0 d-----w- g:\users\cale\appdata\roaming\FFSJ
2010-04-25 06:25:03 165376 ----a-w- g:\windows\system32\unrar.dll
2010-04-25 01:00:13 0 d-----w- g:\users\cale\appdata\roaming\FinalMediaPlayer
2010-04-24 07:38:20 0 d-----w- g:\programdata\InterVideo
2010-04-23 06:55:00 0 d-----w- g:\users\cale\appdata\roaming\Nokia Ovi Suite
2010-04-23 06:37:54 0 d-----w- g:\windows\RegisteredPackages
2010-04-23 06:30:37 0 d-----w- g:\program files\common files\Protexis
2010-04-23 06:25:58 0 d-----w- g:\program files\Windows Media Components
2010-04-23 06:25:15 0 d-----w- g:\programdata\Ulead Systems
2010-04-23 06:25:15 0 d-----w- g:\program files\common files\Ulead Systems
2010-04-14 11:38:40 3899280 ----a-w- g:\windows\system32\ntoskrnl.exe
2010-04-14 11:38:39 3954568 ----a-w- g:\windows\system32\ntkrnlpa.exe
2010-04-14 11:35:41 427520 ----a-w- g:\windows\system32\vbscript.dll
2010-04-14 11:35:23 221696 ----a-w- g:\windows\system32\drivers\mrxsmb10.sys
2010-04-14 11:35:22 95744 ----a-w- g:\windows\system32\drivers\mrxsmb20.sys
2010-04-14 11:35:22 123392 ----a-w- g:\windows\system32\drivers\mrxsmb.sys
2010-04-14 11:22:06 172032 ----a-w- g:\windows\system32\wintrust.dll
2010-04-14 11:21:57 132608 ----a-w- g:\windows\system32\cabview.dll

==================== Find3M ====================

2010-04-20 12:09:57 242896 ----a-w- g:\windows\system32\drivers\avgtdix.sys
2010-03-29 17:46:30 38224 ----a-w- g:\windows\system32\drivers\mbamswissarmy.sys
2010-03-29 17:45:52 20824 ----a-w- g:\windows\system32\drivers\mbam.sys
2010-03-22 02:35:59 142592 ----a-w- g:\windows\system32\drivers\sp_rsdrv2.sys
2010-03-10 14:56:50 21584 ------w- g:\windows\system32\drivers\atapi.sys
2010-03-09 06:19:22 95024 ----a-w- g:\windows\system32\drivers\SBREDrv.sys
2010-03-05 03:52:51 12464 ----a-w- g:\windows\system32\avgrsstx.dll
2010-03-03 06:45:12 56 ---ha-w- g:\programdata\ezsidmv.dat
2010-02-26 13:34:24 15416 ----a-w- g:\windows\system32\HPMDPCoInst.dll
2010-02-26 13:34:12 26168 ----a-w- g:\windows\system32\hpservice.exe
2010-02-26 13:34:02 15416 ----a-w- g:\windows\system32\accelerometerdll.DLL
2010-02-24 02:16:06 181632 ------w- g:\windows\system32\MpSigStub.exe
2010-02-23 07:56:00 977920 ----a-w- g:\windows\system32\wininet.dll
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfd.dat
2009-07-14 04:56:42 31548 ----a-w- g:\windows\inf\perflib\0409\perfc.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfi.dat
2009-07-14 04:56:42 291294 ----a-w- g:\windows\inf\perflib\0409\perfh.dat
2009-07-14 04:41:57 174 --sha-w- g:\program files\desktop.ini
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfi.dat
2009-07-14 00:34:40 291294 ----a-w- g:\windows\inf\perflib\0000\perfh.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfd.dat
2009-07-14 00:34:38 31548 ----a-w- g:\windows\inf\perflib\0000\perfc.dat
2003-09-15 18:19:48 99544 ----a-w- g:\windows\inf\virprn.exe
2003-09-15 18:19:48 18950 ----a-w- g:\windows\inf\virpntd.dll
2003-09-15 18:19:48 10240 ----a-w- g:\windows\inf\virport.dll
2003-09-15 18:19:46 90624 ----a-w- g:\windows\inf\prtproc.dll
2009-06-10 21:26:35 9633792 --sha-r- g:\windows\fonts\StaticCache.dat
2009-07-14 01:14:45 396800 --sha-w- g:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe

============= FINISH: 12:02:44.82 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 09 May 2010 - 02:52 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks thumbup2.gif
Posted Image
m0le is a proud member of UNITE

#3 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 09 May 2010 - 10:15 PM

i'm still here. the only update i have for you is that now whenever i open firefox it asks me to make firefox the default browser. Something is changing it constantly.

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 10 May 2010 - 02:55 PM

Firstly, please uninstall two of your antispyware programs. You have three currently and you only require one.

Spyware Terminator is also known for slowing down systems, please uninstall this and Spybot. SAS is your best choice currently.


Next please run MBAM

Please download Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.


Now run ESET's online scan

I'd like us to scan your machine with ESET OnlineScan
  1. Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  2. Click the button.
  3. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    1. Click on to download the ESET Smart Installer. Save it to your desktop.
    2. Double click on the icon on your desktop.
  4. Check
  5. Click the button.
  6. Accept any security warnings from your browser.
  7. Leave the top box checked and then check
  8. Push the Start button.
  9. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  10. When the scan completes, push
  11. Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  12. Push the button.
  13. Push
NOTE: If no malware is found then no log will be produced. Let me know if this is the case.
Posted Image
m0le is a proud member of UNITE

#5 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 11 May 2010 - 03:12 AM

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4089

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11/05/2010 3:09:26 PM
mbam-log-2010-05-11 (15-09-26).txt

Scan type: Full scan (A:\|B:\|G:\|)
Objects scanned: 197743
Time elapsed: 34 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


currently doing the eset scan

#6 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 12 May 2010 - 02:19 AM

ok, there was nothing found. wow that took a long time.

just so you know, before i created this thread, i used AVG full scan and it found two random trojan things and i deleted them, i can show you the log file of that scan if you like. however, the problems are still happening since that scan.

and I've just found some more problems, and i don't know if these have anything to do with any malware or not. my windows action center popped up
and said that it needs more information to solve 12 problems. I expanded the window and these are the problems. and to add to the problems, I tried to send the information to microsoft and it reported a problem connecting to windows.

besides this, my default browser is still being changed to IE automatically and troubleshoot compatibility isn't working.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100416-2111.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100417-1712.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100417-1739.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100418-1421.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100413-1922.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100418-1416.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100417-1700.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100419-1938.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100418-1400.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100411-1933.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100417-1632.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.

Windows
Problem: Video hardware error
Files that help describe the problem:
WD-20100417-1658.dmp
sysdata.xml
WERInternalMetadata.xml
View a temporary copy of these files
Warning: If a virus or other security threat caused the problem, opening a copy of the files could harm your computer.


#7 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 12 May 2010 - 02:41 PM

This may well be the result of damage from the malware.

You may have corrupt critical system files. Let's see if we can fix that.
  1. Select
  2. Select All Programs
  3. Select Accessories
  4. Right click Command Prompt and choose Run as administrator
  • If you have the User Account Control (UAC) enabled you will be asked for authorization prior to the command prompt opening.
  • You may simply need to press the Continue button if you are the administrator or insert the administrator password.
  • Copy & paste sfc /scannow in the command window and press enter.
  • Note the space between the c and the /
    • Be patient because the scan may take some time.
    • When that has completed then we need to create a logfile.
  • Repeat the process but this time copy & paste findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >%userprofile%\Desktop\sfcdetails.txt in the command window and press Enter.

    Note: This will place a sfcdetails.txt file on your desktop with the SFC scan details from the CBS.LOG. Please copy and paste that log into your next reply.

Posted Image
m0le is a proud member of UNITE

#8 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 12 May 2010 - 10:20 PM

2010-05-13 09:49:50, Info CSI 00000009 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:49:50, Info CSI 0000000a [SR] Beginning Verify and Repair transaction
2010-05-13 09:49:54, Info CSI 0000000c [SR] Verify complete
2010-05-13 09:49:54, Info CSI 0000000d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:49:54, Info CSI 0000000e [SR] Beginning Verify and Repair transaction
2010-05-13 09:49:56, Info CSI 00000010 [SR] Verify complete
2010-05-13 09:49:56, Info CSI 00000011 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:49:56, Info CSI 00000012 [SR] Beginning Verify and Repair transaction
2010-05-13 09:49:58, Info CSI 00000014 [SR] Verify complete
2010-05-13 09:49:59, Info CSI 00000015 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:49:59, Info CSI 00000016 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:01, Info CSI 00000018 [SR] Verify complete
2010-05-13 09:50:01, Info CSI 00000019 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:01, Info CSI 0000001a [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:05, Info CSI 0000001c [SR] Verify complete
2010-05-13 09:50:05, Info CSI 0000001d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:05, Info CSI 0000001e [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:08, Info CSI 00000020 [SR] Verify complete
2010-05-13 09:50:08, Info CSI 00000021 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:08, Info CSI 00000022 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:11, Info CSI 00000024 [SR] Verify complete
2010-05-13 09:50:11, Info CSI 00000025 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:11, Info CSI 00000026 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:18, Info CSI 00000028 [SR] Verify complete
2010-05-13 09:50:18, Info CSI 00000029 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:18, Info CSI 0000002a [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:20, Info CSI 0000002c [SR] Verify complete
2010-05-13 09:50:21, Info CSI 0000002d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:21, Info CSI 0000002e [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:24, Info CSI 00000030 [SR] Verify complete
2010-05-13 09:50:24, Info CSI 00000031 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:24, Info CSI 00000032 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:29, Info CSI 00000034 [SR] Verify complete
2010-05-13 09:50:29, Info CSI 00000035 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:29, Info CSI 00000036 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:32, Info CSI 0000003b [SR] Verify complete
2010-05-13 09:50:33, Info CSI 0000003c [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:33, Info CSI 0000003d [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:35, Info CSI 00000040 [SR] Verify complete
2010-05-13 09:50:36, Info CSI 00000041 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:36, Info CSI 00000042 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:38, Info CSI 00000044 [SR] Verify complete
2010-05-13 09:50:38, Info CSI 00000045 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:38, Info CSI 00000046 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:44, Info CSI 0000004c [SR] Verify complete
2010-05-13 09:50:44, Info CSI 0000004d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:44, Info CSI 0000004e [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:49, Info CSI 00000056 [SR] Verify complete
2010-05-13 09:50:49, Info CSI 00000057 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:49, Info CSI 00000058 [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:54, Info CSI 0000005a [SR] Verify complete
2010-05-13 09:50:54, Info CSI 0000005b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:54, Info CSI 0000005c [SR] Beginning Verify and Repair transaction
2010-05-13 09:50:58, Info CSI 0000005e [SR] Verify complete
2010-05-13 09:50:58, Info CSI 0000005f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:50:58, Info CSI 00000060 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:02, Info CSI 00000062 [SR] Verify complete
2010-05-13 09:51:02, Info CSI 00000063 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:02, Info CSI 00000064 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:06, Info CSI 00000066 [SR] Verify complete
2010-05-13 09:51:06, Info CSI 00000067 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:06, Info CSI 00000068 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:12, Info CSI 0000006a [SR] Verify complete
2010-05-13 09:51:12, Info CSI 0000006b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:12, Info CSI 0000006c [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:20, Info CSI 00000070 [SR] Verify complete
2010-05-13 09:51:20, Info CSI 00000071 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:20, Info CSI 00000072 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:26, Info CSI 00000074 [SR] Verify complete
2010-05-13 09:51:26, Info CSI 00000075 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:26, Info CSI 00000076 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:39, Info CSI 00000078 [SR] Verify complete
2010-05-13 09:51:39, Info CSI 00000079 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:39, Info CSI 0000007a [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:48, Info CSI 0000007c [SR] Verify complete
2010-05-13 09:51:48, Info CSI 0000007d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:48, Info CSI 0000007e [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:50, Info CSI 00000080 [SR] Verify complete
2010-05-13 09:51:50, Info CSI 00000081 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:50, Info CSI 00000082 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:51, Info CSI 00000084 [SR] Verify complete
2010-05-13 09:51:51, Info CSI 00000085 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:51, Info CSI 00000086 [SR] Beginning Verify and Repair transaction
2010-05-13 09:51:54, Info CSI 00000088 [SR] Verify complete
2010-05-13 09:51:54, Info CSI 00000089 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:51:54, Info CSI 0000008a [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:04, Info CSI 000000a8 [SR] Verify complete
2010-05-13 09:52:04, Info CSI 000000a9 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:04, Info CSI 000000aa [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:07, Info CSI 000000ac [SR] Verify complete
2010-05-13 09:52:08, Info CSI 000000ad [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:08, Info CSI 000000ae [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:11, Info CSI 000000b0 [SR] Verify complete
2010-05-13 09:52:12, Info CSI 000000b1 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:12, Info CSI 000000b2 [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:14, Info CSI 000000b4 [SR] Verify complete
2010-05-13 09:52:14, Info CSI 000000b5 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:14, Info CSI 000000b6 [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:19, Info CSI 000000b8 [SR] Verify complete
2010-05-13 09:52:19, Info CSI 000000b9 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:19, Info CSI 000000ba [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:28, Info CSI 000000bc [SR] Verify complete
2010-05-13 09:52:28, Info CSI 000000bd [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:28, Info CSI 000000be [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:31, Info CSI 000000c0 [SR] Verify complete
2010-05-13 09:52:31, Info CSI 000000c1 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:31, Info CSI 000000c2 [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:33, Info CSI 000000c4 [SR] Verify complete
2010-05-13 09:52:33, Info CSI 000000c5 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:33, Info CSI 000000c6 [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:37, Info CSI 000000c8 [SR] Verify complete
2010-05-13 09:52:38, Info CSI 000000c9 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:38, Info CSI 000000ca [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:42, Info CSI 000000cc [SR] Verify complete
2010-05-13 09:52:42, Info CSI 000000cd [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:42, Info CSI 000000ce [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:46, Info CSI 000000d0 [SR] Verify complete
2010-05-13 09:52:47, Info CSI 000000d1 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:47, Info CSI 000000d2 [SR] Beginning Verify and Repair transaction
2010-05-13 09:52:56, Info CSI 000000d5 [SR] Verify complete
2010-05-13 09:52:56, Info CSI 000000d6 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:52:56, Info CSI 000000d7 [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:05, Info CSI 000000fc [SR] Verify complete
2010-05-13 09:53:05, Info CSI 000000fd [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:05, Info CSI 000000fe [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:12, Info CSI 00000100 [SR] Verify complete
2010-05-13 09:53:13, Info CSI 00000101 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:13, Info CSI 00000102 [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:30, Info CSI 00000104 [SR] Verify complete
2010-05-13 09:53:30, Info CSI 00000105 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:30, Info CSI 00000106 [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:43, Info CSI 00000109 [SR] Verify complete
2010-05-13 09:53:43, Info CSI 0000010a [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:43, Info CSI 0000010b [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:51, Info CSI 0000010d [SR] Verify complete
2010-05-13 09:53:52, Info CSI 0000010e [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:52, Info CSI 0000010f [SR] Beginning Verify and Repair transaction
2010-05-13 09:53:58, Info CSI 00000111 [SR] Verify complete
2010-05-13 09:53:58, Info CSI 00000112 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:53:58, Info CSI 00000113 [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:03, Info CSI 00000115 [SR] Verify complete
2010-05-13 09:54:03, Info CSI 00000116 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:03, Info CSI 00000117 [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:08, Info CSI 00000119 [SR] Verify complete
2010-05-13 09:54:08, Info CSI 0000011a [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:08, Info CSI 0000011b [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:13, Info CSI 0000011e [SR] Verify complete
2010-05-13 09:54:13, Info CSI 0000011f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:13, Info CSI 00000120 [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:28, Info CSI 00000122 [SR] Verify complete
2010-05-13 09:54:29, Info CSI 00000123 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:29, Info CSI 00000124 [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:41, Info CSI 00000127 [SR] Verify complete
2010-05-13 09:54:41, Info CSI 00000128 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:41, Info CSI 00000129 [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:48, Info CSI 0000012b [SR] Verify complete
2010-05-13 09:54:48, Info CSI 0000012c [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:48, Info CSI 0000012d [SR] Beginning Verify and Repair transaction
2010-05-13 09:54:55, Info CSI 0000012f [SR] Verify complete
2010-05-13 09:54:55, Info CSI 00000130 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:54:55, Info CSI 00000131 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:03, Info CSI 00000133 [SR] Verify complete
2010-05-13 09:55:03, Info CSI 00000134 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:03, Info CSI 00000135 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:10, Info CSI 00000138 [SR] Verify complete
2010-05-13 09:55:10, Info CSI 00000139 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:10, Info CSI 0000013a [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:15, Info CSI 0000013c [SR] Verify complete
2010-05-13 09:55:16, Info CSI 0000013d [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:16, Info CSI 0000013e [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:21, Info CSI 00000140 [SR] Verify complete
2010-05-13 09:55:22, Info CSI 00000141 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:22, Info CSI 00000142 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:27, Info CSI 00000145 [SR] Verify complete
2010-05-13 09:55:27, Info CSI 00000146 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:27, Info CSI 00000147 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:33, Info CSI 00000149 [SR] Verify complete
2010-05-13 09:55:33, Info CSI 0000014a [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:33, Info CSI 0000014b [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:38, Info CSI 0000014d [SR] Verify complete
2010-05-13 09:55:38, Info CSI 0000014e [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:38, Info CSI 0000014f [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:45, Info CSI 00000151 [SR] Verify complete
2010-05-13 09:55:45, Info CSI 00000152 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:45, Info CSI 00000153 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:51, Info CSI 00000156 [SR] Verify complete
2010-05-13 09:55:51, Info CSI 00000157 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:51, Info CSI 00000158 [SR] Beginning Verify and Repair transaction
2010-05-13 09:55:57, Info CSI 0000015a [SR] Verify complete
2010-05-13 09:55:57, Info CSI 0000015b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:55:57, Info CSI 0000015c [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:03, Info CSI 0000015e [SR] Verify complete
2010-05-13 09:56:04, Info CSI 0000015f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:04, Info CSI 00000160 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:11, Info CSI 00000162 [SR] Verify complete
2010-05-13 09:56:11, Info CSI 00000163 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:11, Info CSI 00000164 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:17, Info CSI 00000166 [SR] Verify complete
2010-05-13 09:56:17, Info CSI 00000167 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:17, Info CSI 00000168 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:19, Info CSI 0000016a [SR] Verify complete
2010-05-13 09:56:20, Info CSI 0000016b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:20, Info CSI 0000016c [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:24, Info CSI 0000016e [SR] Verify complete
2010-05-13 09:56:25, Info CSI 0000016f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:25, Info CSI 00000170 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:28, Info CSI 00000172 [SR] Verify complete
2010-05-13 09:56:28, Info CSI 00000173 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:28, Info CSI 00000174 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:31, Info CSI 00000176 [SR] Verify complete
2010-05-13 09:56:32, Info CSI 00000177 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:32, Info CSI 00000178 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:34, Info CSI 0000017a [SR] Verify complete
2010-05-13 09:56:35, Info CSI 0000017b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:35, Info CSI 0000017c [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:39, Info CSI 0000017e [SR] Verify complete
2010-05-13 09:56:40, Info CSI 0000017f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:40, Info CSI 00000180 [SR] Beginning Verify and Repair transaction
2010-05-13 09:56:53, Info CSI 00000182 [SR] Verify complete
2010-05-13 09:56:53, Info CSI 00000183 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:56:53, Info CSI 00000184 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:13, Info CSI 00000186 [SR] Verify complete
2010-05-13 09:57:13, Info CSI 00000187 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:13, Info CSI 00000188 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:18, Info CSI 0000018a [SR] Verify complete
2010-05-13 09:57:18, Info CSI 0000018b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:18, Info CSI 0000018c [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:23, Info CSI 0000018e [SR] Verify complete
2010-05-13 09:57:24, Info CSI 0000018f [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:24, Info CSI 00000190 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:25, Info CSI 00000192 [SR] Verify complete
2010-05-13 09:57:25, Info CSI 00000193 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:25, Info CSI 00000194 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:29, Info CSI 00000196 [SR] Verify complete
2010-05-13 09:57:29, Info CSI 00000197 [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:29, Info CSI 00000198 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:35, Info CSI 0000019a [SR] Verify complete
2010-05-13 09:57:35, Info CSI 0000019b [SR] Verifying 100 (0x00000064) components
2010-05-13 09:57:35, Info CSI 0000019c [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:42, Info CSI 0000019e [SR] Verify complete
2010-05-13 09:57:42, Info CSI 0000019f [SR] Verifying 12 (0x0000000c) components
2010-05-13 09:57:42, Info CSI 000001a0 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:42, Info CSI 000001a2 [SR] Verify complete
2010-05-13 09:57:42, Info CSI 000001a3 [SR] Repairing 0 components
2010-05-13 09:57:42, Info CSI 000001a4 [SR] Beginning Verify and Repair transaction
2010-05-13 09:57:42, Info CSI 000001a6 [SR] Repair complete
2010-05-13 10:03:38, Info CSI 000001a7 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:38, Info CSI 000001a8 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:39, Info CSI 000001aa [SR] Verify complete
2010-05-13 10:03:40, Info CSI 000001ab [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:40, Info CSI 000001ac [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:41, Info CSI 000001ae [SR] Verify complete
2010-05-13 10:03:41, Info CSI 000001af [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:41, Info CSI 000001b0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:43, Info CSI 000001b2 [SR] Verify complete
2010-05-13 10:03:43, Info CSI 000001b3 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:43, Info CSI 000001b4 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:45, Info CSI 000001b6 [SR] Verify complete
2010-05-13 10:03:45, Info CSI 000001b7 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:45, Info CSI 000001b8 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:50, Info CSI 000001ba [SR] Verify complete
2010-05-13 10:03:50, Info CSI 000001bb [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:50, Info CSI 000001bc [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:53, Info CSI 000001be [SR] Verify complete
2010-05-13 10:03:53, Info CSI 000001bf [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:53, Info CSI 000001c0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:56, Info CSI 000001c2 [SR] Verify complete
2010-05-13 10:03:56, Info CSI 000001c3 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:56, Info CSI 000001c4 [SR] Beginning Verify and Repair transaction
2010-05-13 10:03:59, Info CSI 000001c6 [SR] Verify complete
2010-05-13 10:03:59, Info CSI 000001c7 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:03:59, Info CSI 000001c8 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:01, Info CSI 000001ca [SR] Verify complete
2010-05-13 10:04:01, Info CSI 000001cb [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:01, Info CSI 000001cc [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:05, Info CSI 000001ce [SR] Verify complete
2010-05-13 10:04:05, Info CSI 000001cf [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:05, Info CSI 000001d0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:11, Info CSI 000001d2 [SR] Verify complete
2010-05-13 10:04:11, Info CSI 000001d3 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:11, Info CSI 000001d4 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:15, Info CSI 000001d9 [SR] Verify complete
2010-05-13 10:04:15, Info CSI 000001da [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:15, Info CSI 000001db [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:18, Info CSI 000001de [SR] Verify complete
2010-05-13 10:04:18, Info CSI 000001df [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:18, Info CSI 000001e0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:21, Info CSI 000001e2 [SR] Verify complete
2010-05-13 10:04:21, Info CSI 000001e3 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:21, Info CSI 000001e4 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:26, Info CSI 000001ea [SR] Verify complete
2010-05-13 10:04:26, Info CSI 000001eb [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:26, Info CSI 000001ec [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:31, Info CSI 000001f4 [SR] Verify complete
2010-05-13 10:04:31, Info CSI 000001f5 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:31, Info CSI 000001f6 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:36, Info CSI 000001f8 [SR] Verify complete
2010-05-13 10:04:37, Info CSI 000001f9 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:37, Info CSI 000001fa [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:42, Info CSI 000001fc [SR] Verify complete
2010-05-13 10:04:42, Info CSI 000001fd [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:42, Info CSI 000001fe [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:47, Info CSI 00000200 [SR] Verify complete
2010-05-13 10:04:47, Info CSI 00000201 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:47, Info CSI 00000202 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:51, Info CSI 00000204 [SR] Verify complete
2010-05-13 10:04:51, Info CSI 00000205 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:51, Info CSI 00000206 [SR] Beginning Verify and Repair transaction
2010-05-13 10:04:57, Info CSI 00000208 [SR] Verify complete
2010-05-13 10:04:57, Info CSI 00000209 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:04:57, Info CSI 0000020a [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:05, Info CSI 0000020e [SR] Verify complete
2010-05-13 10:05:05, Info CSI 0000020f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:05, Info CSI 00000210 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:11, Info CSI 00000212 [SR] Verify complete
2010-05-13 10:05:12, Info CSI 00000213 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:12, Info CSI 00000214 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:25, Info CSI 00000216 [SR] Verify complete
2010-05-13 10:05:25, Info CSI 00000217 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:25, Info CSI 00000218 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:34, Info CSI 0000021a [SR] Verify complete
2010-05-13 10:05:34, Info CSI 0000021b [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:34, Info CSI 0000021c [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:36, Info CSI 0000021e [SR] Verify complete
2010-05-13 10:05:36, Info CSI 0000021f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:36, Info CSI 00000220 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:37, Info CSI 00000222 [SR] Verify complete
2010-05-13 10:05:37, Info CSI 00000223 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:37, Info CSI 00000224 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:40, Info CSI 00000226 [SR] Verify complete
2010-05-13 10:05:40, Info CSI 00000227 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:40, Info CSI 00000228 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:49, Info CSI 00000246 [SR] Verify complete
2010-05-13 10:05:50, Info CSI 00000247 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:50, Info CSI 00000248 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:52, Info CSI 0000024a [SR] Verify complete
2010-05-13 10:05:53, Info CSI 0000024b [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:53, Info CSI 0000024c [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:55, Info CSI 0000024e [SR] Verify complete
2010-05-13 10:05:55, Info CSI 0000024f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:55, Info CSI 00000250 [SR] Beginning Verify and Repair transaction
2010-05-13 10:05:58, Info CSI 00000252 [SR] Verify complete
2010-05-13 10:05:58, Info CSI 00000253 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:05:58, Info CSI 00000254 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:02, Info CSI 00000256 [SR] Verify complete
2010-05-13 10:06:02, Info CSI 00000257 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:02, Info CSI 00000258 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:10, Info CSI 0000025a [SR] Verify complete
2010-05-13 10:06:10, Info CSI 0000025b [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:10, Info CSI 0000025c [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:13, Info CSI 0000025e [SR] Verify complete
2010-05-13 10:06:13, Info CSI 0000025f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:13, Info CSI 00000260 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:14, Info CSI 00000262 [SR] Verify complete
2010-05-13 10:06:14, Info CSI 00000263 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:14, Info CSI 00000264 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:18, Info CSI 00000266 [SR] Verify complete
2010-05-13 10:06:19, Info CSI 00000267 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:19, Info CSI 00000268 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:22, Info CSI 0000026a [SR] Verify complete
2010-05-13 10:06:22, Info CSI 0000026b [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:22, Info CSI 0000026c [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:27, Info CSI 0000026e [SR] Verify complete
2010-05-13 10:06:27, Info CSI 0000026f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:27, Info CSI 00000270 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:35, Info CSI 00000273 [SR] Verify complete
2010-05-13 10:06:35, Info CSI 00000274 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:35, Info CSI 00000275 [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:43, Info CSI 0000029a [SR] Verify complete
2010-05-13 10:06:44, Info CSI 0000029b [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:44, Info CSI 0000029c [SR] Beginning Verify and Repair transaction
2010-05-13 10:06:50, Info CSI 0000029e [SR] Verify complete
2010-05-13 10:06:51, Info CSI 0000029f [SR] Verifying 100 (0x00000064) components
2010-05-13 10:06:51, Info CSI 000002a0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:08, Info CSI 000002a2 [SR] Verify complete
2010-05-13 10:07:08, Info CSI 000002a3 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:08, Info CSI 000002a4 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:19, Info CSI 000002a7 [SR] Verify complete
2010-05-13 10:07:19, Info CSI 000002a8 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:19, Info CSI 000002a9 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:26, Info CSI 000002ab [SR] Verify complete
2010-05-13 10:07:26, Info CSI 000002ac [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:26, Info CSI 000002ad [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:33, Info CSI 000002af [SR] Verify complete
2010-05-13 10:07:33, Info CSI 000002b0 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:33, Info CSI 000002b1 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:37, Info CSI 000002b3 [SR] Verify complete
2010-05-13 10:07:37, Info CSI 000002b4 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:37, Info CSI 000002b5 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:41, Info CSI 000002b7 [SR] Verify complete
2010-05-13 10:07:42, Info CSI 000002b8 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:42, Info CSI 000002b9 [SR] Beginning Verify and Repair transaction
2010-05-13 10:07:46, Info CSI 000002bc [SR] Verify complete
2010-05-13 10:07:47, Info CSI 000002bd [SR] Verifying 100 (0x00000064) components
2010-05-13 10:07:47, Info CSI 000002be [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:00, Info CSI 000002c0 [SR] Verify complete
2010-05-13 10:08:00, Info CSI 000002c1 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:00, Info CSI 000002c2 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:09, Info CSI 000002c5 [SR] Verify complete
2010-05-13 10:08:09, Info CSI 000002c6 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:09, Info CSI 000002c7 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:16, Info CSI 000002c9 [SR] Verify complete
2010-05-13 10:08:16, Info CSI 000002ca [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:16, Info CSI 000002cb [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:22, Info CSI 000002cd [SR] Verify complete
2010-05-13 10:08:23, Info CSI 000002ce [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:23, Info CSI 000002cf [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:30, Info CSI 000002d1 [SR] Verify complete
2010-05-13 10:08:30, Info CSI 000002d2 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:30, Info CSI 000002d3 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:38, Info CSI 000002d6 [SR] Verify complete
2010-05-13 10:08:38, Info CSI 000002d7 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:38, Info CSI 000002d8 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:42, Info CSI 000002da [SR] Verify complete
2010-05-13 10:08:43, Info CSI 000002db [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:43, Info CSI 000002dc [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:48, Info CSI 000002de [SR] Verify complete
2010-05-13 10:08:48, Info CSI 000002df [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:48, Info CSI 000002e0 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:52, Info CSI 000002e3 [SR] Verify complete
2010-05-13 10:08:53, Info CSI 000002e4 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:53, Info CSI 000002e5 [SR] Beginning Verify and Repair transaction
2010-05-13 10:08:58, Info CSI 000002e7 [SR] Verify complete
2010-05-13 10:08:59, Info CSI 000002e8 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:08:59, Info CSI 000002e9 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:02, Info CSI 000002eb [SR] Verify complete
2010-05-13 10:09:02, Info CSI 000002ec [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:02, Info CSI 000002ed [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:08, Info CSI 000002ef [SR] Verify complete
2010-05-13 10:09:08, Info CSI 000002f0 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:08, Info CSI 000002f1 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:14, Info CSI 000002f4 [SR] Verify complete
2010-05-13 10:09:14, Info CSI 000002f5 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:14, Info CSI 000002f6 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:19, Info CSI 000002f8 [SR] Verify complete
2010-05-13 10:09:19, Info CSI 000002f9 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:19, Info CSI 000002fa [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:25, Info CSI 000002fc [SR] Verify complete
2010-05-13 10:09:25, Info CSI 000002fd [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:25, Info CSI 000002fe [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:32, Info CSI 00000300 [SR] Verify complete
2010-05-13 10:09:32, Info CSI 00000301 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:32, Info CSI 00000302 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:37, Info CSI 00000304 [SR] Verify complete
2010-05-13 10:09:38, Info CSI 00000305 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:38, Info CSI 00000306 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:39, Info CSI 00000308 [SR] Verify complete
2010-05-13 10:09:40, Info CSI 00000309 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:40, Info CSI 0000030a [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:44, Info CSI 0000030c [SR] Verify complete
2010-05-13 10:09:44, Info CSI 0000030d [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:44, Info CSI 0000030e [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:47, Info CSI 00000310 [SR] Verify complete
2010-05-13 10:09:47, Info CSI 00000311 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:47, Info CSI 00000312 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:51, Info CSI 00000314 [SR] Verify complete
2010-05-13 10:09:51, Info CSI 00000315 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:51, Info CSI 00000316 [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:53, Info CSI 00000318 [SR] Verify complete
2010-05-13 10:09:53, Info CSI 00000319 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:53, Info CSI 0000031a [SR] Beginning Verify and Repair transaction
2010-05-13 10:09:58, Info CSI 0000031c [SR] Verify complete
2010-05-13 10:09:58, Info CSI 0000031d [SR] Verifying 100 (0x00000064) components
2010-05-13 10:09:58, Info CSI 0000031e [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:11, Info CSI 00000320 [SR] Verify complete
2010-05-13 10:10:11, Info CSI 00000321 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:11, Info CSI 00000322 [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:32, Info CSI 00000324 [SR] Verify complete
2010-05-13 10:10:32, Info CSI 00000325 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:32, Info CSI 00000326 [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:37, Info CSI 00000328 [SR] Verify complete
2010-05-13 10:10:37, Info CSI 00000329 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:37, Info CSI 0000032a [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:42, Info CSI 0000032c [SR] Verify complete
2010-05-13 10:10:42, Info CSI 0000032d [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:42, Info CSI 0000032e [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:44, Info CSI 00000330 [SR] Verify complete
2010-05-13 10:10:44, Info CSI 00000331 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:44, Info CSI 00000332 [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:48, Info CSI 00000334 [SR] Verify complete
2010-05-13 10:10:48, Info CSI 00000335 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:48, Info CSI 00000336 [SR] Beginning Verify and Repair transaction
2010-05-13 10:10:54, Info CSI 00000338 [SR] Verify complete
2010-05-13 10:10:54, Info CSI 00000339 [SR] Verifying 100 (0x00000064) components
2010-05-13 10:10:54, Info CSI 0000033a [SR] Beginning Verify and Repair transaction
2010-05-13 10:11:01, Info CSI 0000033c [SR] Verify complete
2010-05-13 10:11:01, Info CSI 0000033d [SR] Verifying 12 (0x0000000c) components
2010-05-13 10:11:01, Info CSI 0000033e [SR] Beginning Verify and Repair transaction
2010-05-13 10:11:01, Info CSI 00000340 [SR] Verify complete
2010-05-13 10:11:01, Info CSI 00000341 [SR] Repairing 0 components
2010-05-13 10:11:01, Info CSI 00000342 [SR] Beginning Verify and Repair transaction
2010-05-13 10:11:01, Info CSI 00000344 [SR] Repair complete


#9 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 13 May 2010 - 05:20 PM

We are going to run chkdsk which will verify and repair the file system

Step One: Click Windows, type chkdsk

Step Two: Right click the chkdsk.exe file and right-click the mouse

Step Three: Choose Run as Adminstrator

Step Four: Run the chkdsk utility by typing in the following command:

chkdsk c: /f /r

NOTE: The /f command automatically fixes any errors encountered, the /r command locates bad sectors and recovers readable information.

Step Five: A reboot is normally required for the chkdsk program to lock the disk and run correctly (this is typical on machines that have only one volume), so simply restart the computer and chkdsk will run automatically. When it's finished, (This process can take quite a while depending on the size of your disk, etc.), it will boot back to normal Windows.

On Rebooting the PC you will see the disk being checked.

This process will take, on average, about an hour.
Posted Image
m0le is a proud member of UNITE

#10 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 13 May 2010 - 11:34 PM

ok, i tried your method, but as soon as i clicked on Run as Admin, it opened the window and started the scan. i had no chance to type anything in. and besides that, the scan took about 1 minute, if that. so i don't think that was right.

i'm running windows 7, does that have anything to do with why it didn't seem to work?

anyways, I opened up windows explorer, right clicked on one of my partitions, clicked on properties, clicked on the tools tab, and checked the disk that way. that partition had no problem, and i'm currently checking the next partition. then I 'll reboot and allow chkdisk to scan the main partition. is this method ok? or should i do something different?

#11 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 13 May 2010 - 11:35 PM

as well, in doing this, I clicked on both the boxes to highlight automatic fixing, and scanning for bad sectors.

#12 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 May 2010 - 01:12 AM

ok, I ran the chkdsk on all my drive partitions. The result of the first 2 partitions was clean, no problems. As soon as the scan of the main partition finished, it reboot the computer not letting me look at the results.

#13 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 14 May 2010 - 05:56 PM

That's as fixed as you are going to get here. We can set a policy fix file on the PC but after that you may need to try a non-malware forum for some of the issues on the machine.


1. Download FixPolicies to your Desktop.

2. Double-click FixPolicies.exe.

3. Click the Install button on the bottom toolbar of the box that will open.
The program will create a new folder called FixPolicies.

4. Double-click to open the new folder, and then double-click
the file within: Fix_policies.cmd
A black box will briefly appear and then close.

5. Reboot the computer so the changes can take effect.
Posted Image
m0le is a proud member of UNITE

#14 caleman22

caleman22
  • Topic Starter

  • Members
  • 86 posts
  • OFFLINE
  •  
  • Local time:11:15 AM

Posted 14 May 2010 - 08:36 PM

done. I got troubleshoot compatibility back. still can't seem to connect with microsoft windows problem reporting. and the browser is still being changed to IE as default. but it looks like you've helped me clean up most of the mess that was left behind from the malware. Thanks so much!! For my remaining problems, do you have any suggestions or can you point me in the right direction to find some answers. What thread would I go to for that? this website or a different one?

Thanks so much for your help!

#15 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:04:15 PM

Posted 15 May 2010 - 12:55 PM

Have you checked the settings in Internet Options?
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users