Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New win7 genuine install,found root access Trojan in win def flags,R THERE MORE?


  • This topic is locked This topic is locked
6 replies to this topic

#1 stanleybeast

stanleybeast

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 08 January 2015 - 01:10 PM

I feel viruses are attached to my motherboard pci drivers, or one of them IS the virus/script, or a script is attached in very early binary to make install always be

corrupted and  the system32 folder with 2500+files for just a Home basic version.. I know and see files that are for Ultimate versions in the system folder 32, but why? This script bug got to go, my drivers using correct and updated digitally signed win drivers and scripts disabled that are not needed for win 7 operations...Also the auto updates pf  certificates update doesnt work as the MS 2009 CERT is outdated and allowed to sign for all drivers, and when I change that and remove its purposes? it still goes back to being allowed to sign for anything and everything though 6 years out dated..

 

** PS:**

 I did a ZAP 0 wipe of the hard drive, also formatted it, then did win7 install and did NOT install any drivers or programs execpt Rogure killer by alice(Which found the Trojan root access) the first clean install I did last week, but it crashed the comp and would not start again due to wherever that Trojan was, was a serious WIN OS needed program. I also noted the hidden boot x drive of the genuine cd have its root folder and system32 folder bloated though it was not like that before.



Here are the farbar test results I have already done for you guys

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Joker (administrator) on TIGGER-PC on 09-01-2015 01:43:55
Running from C:\Users\Joker\Desktop
Loaded Profile: Joker (Available profiles: Joker)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-375109954-3701267231-1130255501-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 01:43 - 2015-01-09 01:44 - 00002436 _____ () C:\Users\Joker\Desktop\FRST.txt
2015-01-09 01:43 - 2015-01-09 01:43 - 00000000 ____D () C:\FRST
2015-01-09 01:42 - 2015-01-09 01:42 - 01115648 _____ (Farbar) C:\Users\Joker\Desktop\FRST.exe
2015-01-04 02:58 - 2015-01-09 01:40 - 01982142 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 02:56 - 2015-01-04 02:58 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-04 02:55 - 2015-01-03 11:12 - 00000000 ____D () C:\Windows\Panther
2015-01-03 15:42 - 2015-01-03 15:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-03 15:42 - 2015-01-03 15:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-03 15:40 - 2015-01-03 15:40 - 15298136 _____ () C:\Users\Joker\Desktop\RogueKiller.exe
2015-01-03 11:29 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-03 11:29 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-03 11:29 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-03 11:27 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 11:27 - 2012-02-17 13:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-03 11:27 - 2012-02-17 12:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-03 11:27 - 2012-02-17 12:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-03 11:22 - 2015-01-03 11:22 - 00057560 _____ () C:\Users\Joker\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:12 - 2015-01-03 11:12 - 00001413 _____ () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 11:12 - 2015-01-03 11:12 - 00000020 ___SH () C:\Users\Joker\ntuser.ini
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 __SHD () C:\Recovery
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\Users\Joker\AppData\Local\VirtualStore
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\Users\Joker
2015-01-03 11:12 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-03 11:12 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-03 11:12 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-03 11:12 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-03 11:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-03 11:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-03 11:12 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 11:12 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 01:41 - 2009-07-14 12:34 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 01:41 - 2009-07-14 12:34 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 01:36 - 2010-11-21 05:01 - 00669028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 01:31 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 01:31 - 2009-07-14 12:39 - 00022460 _____ () C:\Windows\setupact.log
2015-01-04 03:00 - 2009-07-14 12:33 - 00257736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 02:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 02:56 - 2009-07-14 12:34 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-04 02:55 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-04 02:55 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-03 16:40 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-01-03 15:19 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-03 11:38 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 11:37 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
2015-01-03 11:37 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-03 11:12 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-03 11:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery

Some content of TEMP:
====================
C:\Users\Joker\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-03 15:30

==================== End Of Log ============================



And ADDITION notepad result is


 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 07-01-2015
Ran by Joker at 2015-01-09 01:44:33
Running from C:\Users\Joker\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

==================== Restore Points  =========================

03-01-2015 11:14:55 After Win Key reg as GENUINE:)
03-01-2015 11:17:24 Windows Modules Installer
03-01-2015 11:27:31 Windows Update
03-01-2015 11:37:17 Windows Update
09-01-2015 01:34:51 before online assistance

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 10:04 - 2009-06-11 05:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-375109954-3701267231-1130255501-500 - Administrator - Disabled)
Guest (S-1-5-21-375109954-3701267231-1130255501-501 - Limited - Disabled)
Joker (S-1-5-21-375109954-3701267231-1130255501-1000 - Administrator - Enabled) => C:\Users\Joker

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (01/09/2015 01:33:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 02:53:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 03:07:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

System errors:
=============
Error: (01/09/2015 01:31:40 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Error: (01/03/2015 02:52:20 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cdrom

Microsoft Office Sessions:
=========================
Error: (01/09/2015 01:33:23 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/03/2015 02:53:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/04/2015 03:07:16 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

==================== Memory info ===========================

Processor: AMD Athlon™ II X2 250 Processor
Percentage of memory in use: 32%
Total physical RAM: 3327.23 MB
Available physical RAM: 2230.45 MB
Total Pagefile: 6652.74 MB
Available Pagefile: 5522.67 MB
Total Virtual: 2047.88 MB
Available Virtual: 1898.59 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:229.39 GB) (Free:216.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 61A7D6A5)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=229.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

All the help is very much appreciated!



BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 08 January 2015 - 01:20 PM

The FRST.txt LOG is not complete.

Please post again.

#3 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 08 January 2015 - 01:38 PM

Also, There are files in the root dir that I didnt think should be there for a new install, as root dir folder can be accessed remotely and these files accessed in turn.  

Windows update txt folder

bootstat.dat

setupact.txt

TSSysprep.txt

Dtcinstall.txt

PFRO.txt

twain_32.dll

explorer app

bfsvc App

win.ini config settings

setuperr.txt

write App

winhlp32 app

twunk_32 app

regedit app

notepad

fveupdate app

helpPane app

hh app

mib.bin file

_default.pif ( shortcut to MS-DOS Program) it "says" owned by trusted installer

winhelp app

twain.dll app extension

twunk_16 app

WMSysPr9.prx   file

msdfmap.ini  config settings

Starter.xml

home Basic.xml

 

windows\inf folder full of precompiled set up info

windows\winsxs folder full of any and every single program and file and driver, for all

of microsofts computer editions, xp, win me, win nt  ,win 7, vista and so on...

Here you go,

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-01-2015
Ran by Joker (administrator) on TIGGER-PC on 09-01-2015 01:43:55
Running from C:\Users\Joker\Desktop
Loaded Profile: Joker (Available profiles: Joker)
Platform: Microsoft Windows 7 Home Basic  Service Pack 1 (X86) OS Language: English (United States)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKU\S-1-5-19\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] => %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-375109954-3701267231-1130255501-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-ph/?ocid=iehp
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========

Chrome:
=======

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 01:43 - 2015-01-09 01:44 - 00002436 _____ () C:\Users\Joker\Desktop\FRST.txt
2015-01-09 01:43 - 2015-01-09 01:43 - 00000000 ____D () C:\FRST
2015-01-09 01:42 - 2015-01-09 01:42 - 01115648 _____ (Farbar) C:\Users\Joker\Desktop\FRST.exe
2015-01-04 02:58 - 2015-01-09 01:40 - 01982142 _____ () C:\Windows\WindowsUpdate.log
2015-01-04 02:56 - 2015-01-04 02:58 - 00001355 _____ () C:\Windows\TSSysprep.log
2015-01-04 02:55 - 2015-01-03 11:12 - 00000000 ____D () C:\Windows\Panther
2015-01-03 15:42 - 2015-01-03 15:42 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-01-03 15:42 - 2015-01-03 15:42 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-01-03 15:40 - 2015-01-03 15:40 - 15298136 _____ () C:\Users\Joker\Desktop\RogueKiller.exe
2015-01-03 11:29 - 2013-10-12 10:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-03 11:29 - 2013-10-12 10:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-03 11:29 - 2013-10-12 10:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-03 11:27 - 2014-11-24 14:04 - 00229000 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 11:27 - 2012-02-17 13:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-01-03 11:27 - 2012-02-17 12:14 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-03 11:27 - 2012-02-17 12:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-01-03 11:22 - 2015-01-03 11:22 - 00057560 _____ () C:\Users\Joker\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-03 11:12 - 2015-01-03 11:12 - 00001413 _____ () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-03 11:12 - 2015-01-03 11:12 - 00000020 ___SH () C:\Users\Joker\ntuser.ini
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 __SHD () C:\Recovery
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\Users\Joker\AppData\Local\VirtualStore
2015-01-03 11:12 - 2015-01-03 11:12 - 00000000 ____D () C:\Users\Joker
2015-01-03 11:12 - 2014-05-15 00:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-03 11:12 - 2014-05-15 00:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-03 11:12 - 2014-05-15 00:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-03 11:12 - 2014-05-15 00:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-03 11:12 - 2014-05-15 00:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-03 11:12 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-03 11:12 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-03 11:12 - 2009-07-14 12:42 - 00000000 ___RD () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-03 11:12 - 2009-07-14 12:37 - 00000000 ___RD () C:\Users\Joker\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-09 01:41 - 2009-07-14 12:34 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-09 01:41 - 2009-07-14 12:34 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-09 01:36 - 2010-11-21 05:01 - 00669028 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-09 01:31 - 2009-07-14 12:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-09 01:31 - 2009-07-14 12:39 - 00022460 _____ () C:\Windows\setupact.log
2015-01-04 03:00 - 2009-07-14 12:33 - 00257736 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-04 02:59 - 2009-07-14 10:37 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-04 02:56 - 2009-07-14 12:34 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-04 02:55 - 2009-07-14 12:57 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-04 02:55 - 2009-07-14 12:52 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-03 16:40 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\rescache
2015-01-03 15:19 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-01-03 11:38 - 2009-07-14 12:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-03 11:37 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\spool
2015-01-03 11:37 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2015-01-03 11:12 - 2009-07-14 12:52 - 00000000 ____D () C:\Windows\system32\restore
2015-01-03 11:12 - 2009-07-14 10:37 - 00000000 ____D () C:\Windows\system32\Recovery

Some content of TEMP:
====================
C:\Users\Joker\AppData\Local\Temp\dllnt_dump.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-01-03 15:30

==================== End Of Log ============================


I copied it completely.. I downloaded farbar, never selected any options, just hit scan and thats the results.. I am here now, quick bathroom break



#4 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 08 January 2015 - 02:17 PM

I'm ready when you are:)



#5 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 09 January 2015 - 08:01 AM

Something went wrong when you re installed the operating system.

I suggest you start a new topic in the Windows 7 Forum and see what an expert in that operating system will suggest.
I do not want to render you system inoperative by suggesting something that may or may not work.

You will find the forum here : http://www.bleepingcomputer.com/forums/f/167/windows-7/
I will leave this topic open for awhile. It you need to return please do.

#6 stanleybeast

stanleybeast
  • Topic Starter

  • Members
  • 38 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:06 AM

Posted 09 January 2015 - 01:27 PM

Okay



#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,747 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:06 PM

Posted 15 January 2015 - 09:55 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users