Antivirus System Pro - Please help! Won't go away!

View previous topic View next topic Go down

Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 28th November 2009, 1:09 am

I've somehow got another rogue software on my computer! The Antivirus System Pro one. I had the WinBlueSoft program before, which you guys helped me get rid of!

I can't open task manager.
I can't open Malwarebytes.
I can't open HiJackThis.

I can open Firefox and browse. Antivirus System Pro keeps on opening a new window, which gets really annoying!

Please help me!
Thanks guys.

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Belahzur on 28th November 2009, 6:59 pm

Please download exeHelper from one of the two links.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click on exeHelper.com or exeHelper.scr to run the fix.
  • A black window should pop up, press any key to close once the fix is completed.
  • Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 29th November 2009, 2:03 pm

Hey,
thanks for the reply!

It looks like Antivirus System pro is blocking exehelper too! I tried both links and they both get blocked Sad tearing
When I run exehelper, the black screen pops up for a second and then closes and I get the pop-up message from Antivirus System Pro saying - "Application cannot be executed. The file exehelper.com is infected. Do you want to activate your antivirus software now?".

Any ideas what else I can do?
Thanks alot,
Matt.

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 29th November 2009, 4:58 pm

Hey again!

I managed to do a System Restore to a day before I got the virus. I did this on another user's account, as Antivirus System Pro didn't seem to block anything on the other users accounts.

I'm now on my user account and the Antivirus System Pro has gone... well the pop-ups have and everything. I've managed to run HiJackThis. Here is the log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:57:29, on 29/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [You must be registered and logged in to see this link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [You must be registered and logged in to see this link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [SigmatelSysTrayApp] "stsystra.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe"
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [DMXLauncher] "C:\Program Files\Dell\Media Experience\DMXLauncher.exe"
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [AVG8_TRAY] "C:\PROGRA~1\AVG\AVG8\avgtray.exe"
O4 - HKLM\..\Run: [LVCOMSX] "C:\WINDOWS\system32\LVCOMSX.EXE"
O4 - HKLM\..\Run: [LogitechVideoRepair] "C:\Program" Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] "C:\Program Files\Logitech\Video\LogiTray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [EPSON Stylus DX6000 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBIE.EXE /FU "C:\DOCUME~1\Matt\LOCALS~1\Temp\E_S13.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: Customize Menu - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - [You must be registered and logged in to see this link.]
O8 - Extra context menu item: Fill Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - [You must be registered and logged in to see this link.] Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - [You must be registered and logged in to see this link.]
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Unknown owner - C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe (file missing)

--
End of file - 9783 bytes

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Belahzur on 29th November 2009, 6:40 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 29th November 2009, 7:58 pm

Hey,

Malwarebtyes found 2 infections. I removed them. Here is the log:

Malwarebytes' Anti-Malware 1.41
Database version: 3258
Windows 5.1.2600 Service Pack 3

29/11/2009 19:55:29
mbam-log-2009-11-29 (19-55-29).txt

Scan type: Quick Scan
Objects scanned: 129238
Time elapsed: 10 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Matt\Local Settings\Temp\574.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Matt\Local Settings\Temporary Internet Files\Content.IE5\J4OXUNFZ\op[1].exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Thanks mate,
is this the end of everything now or is there a bit more?

thanks again,
Matt.

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 29th November 2009, 8:05 pm

Hey again,

it seems there's still something here. When I click certain links (searched in Google for example) I often get redirected to a different random page.

Thanks,
Matt.

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Belahzur on 29th November 2009, 11:49 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 30th November 2009, 2:07 am

Hey,

I used Combo-fix like you said.

Here is the log:

ComboFix 09-11-29.02 - Matt 30/11/2009 0:30.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.196 [GMT 0:00]
Running from: c:\documents and settings\Matt\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\a347scsi.sys . . . is infected!!

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226EE}


((((((((((((((((((((((((( Files Created from 2009-10-28 to 2009-11-30 )))))))))))))))))))))))))))))))
.

2009-11-29 19:40 . 2009-11-29 19:40 4045528 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
2009-11-29 19:39 . 2009-09-10 14:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-29 19:39 . 2009-11-29 19:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-11-29 19:39 . 2009-09-10 14:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-29 16:44 . 2009-11-06 09:00 2064152 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgcorex.dll
2009-11-29 16:44 . 2009-11-03 13:44 3513624 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgui.exe
2009-11-29 16:44 . 2009-11-03 13:44 2028312 ----a-w- c:\documents and settings\All Users\Application Data\avg8\update\backup\avgtray.exe
2009-11-29 16:32 . 2009-11-29 16:32 -------- d-----w- c:\windows\system32\wbem\Repository
2009-11-27 23:15 . 2009-11-27 23:15 -------- d-----w- c:\documents and settings\LocalService\IETldCache
2009-11-27 15:33 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Application Data\Apple Computer
2009-11-25 23:27 . 2009-11-25 23:27 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Temp
2009-11-25 10:40 . 2009-11-25 10:40 -------- d-----w- C:\found.000
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_B9F43533A67D917C3D3CFD.exe
2009-11-22 20:08 . 2009-11-22 20:08 4286 ----a-r- c:\documents and settings\Matt\Application Data\Microsoft\Installer\{D2D1CFB2-1B70-451C-AD66-3193368B7683}\_377F621D98CD78E4DC325F.exe
2009-11-20 17:37 . 2009-11-20 17:37 -------- d-----w- c:\program files\Microsoft
2009-11-19 00:46 . 2009-11-19 00:48 20798256 ----a-w- c:\documents and settings\Matt\Application Data\Adobe\Acrobat\6.0\Updater\AdbeRdr70_enu_full.exe
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\DivX
2009-11-15 12:01 . 2009-11-15 12:01 -------- d-----w- c:\documents and settings\Malc\Application Data\Media Player Classic
2009-11-14 22:20 . 2009-11-14 22:22 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Temp
2009-11-14 22:20 . 2009-11-14 22:20 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2009-11-14 22:19 . 2009-11-14 22:24 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Google
2009-11-14 22:19 . 2009-11-14 22:23 -------- d-----w- c:\program files\Google
2009-11-14 19:57 . 2009-11-14 19:58 -------- d-----w- c:\documents and settings\Matt\Application Data\Media Player Classic
2009-11-14 19:46 . 2009-11-14 19:46 -------- d-----w- c:\documents and settings\Matt\Application Data\DivX
2009-11-14 19:43 . 2009-09-25 16:42 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-14 19:43 . 2009-09-25 16:42 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-14 19:43 . 2009-09-25 16:42 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-14 19:42 . 2009-11-14 19:52 -------- d-----w- c:\program files\DivX
2009-11-14 19:42 . 2009-11-14 19:43 -------- d-----w- c:\program files\Common Files\DivX Shared
2009-11-14 19:39 . 2001-11-09 00:19 53248 ----a-w- c:\windows\system32\MMTray.exe
2009-11-14 19:39 . 2002-01-16 13:45 224256 ----a-w- c:\windows\system32\MMIJG32.dll
2009-11-14 19:39 . 2009-11-14 19:39 -------- d-----w- c:\program files\Morgan
2009-11-14 19:24 . 2009-11-14 19:24 -------- d-----w- c:\program files\4Videosoft Studio
2009-11-08 11:20 . 2009-11-27 15:33 -------- d-----w- c:\documents and settings\Ann\Local Settings\Application Data\Apple Computer
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iPod
2009-11-04 17:07 . 2009-11-04 17:07 -------- d-----w- c:\program files\iTunes
2009-11-04 17:01 . 2009-11-04 17:01 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.2.25\SetupAdmin.exe
2009-11-03 21:20 . 2009-11-03 21:20 152576 ----a-w- c:\documents and settings\Matt\Application Data\Sun\Java\jre1.6.0_17\lzma.dll
2009-11-02 14:10 . 2009-11-02 14:10 -------- d-----w- c:\documents and settings\Matt\Local Settings\Application Data\Yahoo
2009-11-02 14:07 . 2009-11-02 14:07 -------- d-----w- c:\documents and settings\Matt\Application Data\Yahoo!
2009-11-02 14:05 . 2009-11-02 16:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-11-02 14:05 . 2009-11-02 18:37 -------- d-----w- c:\program files\Yahoo!

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-30 00:22 . 2006-01-06 11:04 872064 ----a-w- c:\windows\system32\drivers\iastor.sys
2009-11-30 00:10 . 2009-07-14 16:20 -------- d-----w- c:\documents and settings\Matt\Application Data\uTorrent
2009-11-29 16:31 . 2009-07-14 16:20 -------- d-----w- c:\program files\uTorrent
2009-11-24 23:54 . 2009-07-14 22:11 -------- d-----w- c:\documents and settings\Matt\Application Data\vlc
2009-11-22 20:10 . 2009-10-09 13:37 -------- d-----w- c:\program files\FriendAdderElite
2009-11-19 00:46 . 2009-07-27 17:50 -------- d-----w- c:\documents and settings\Matt\Application Data\AdobeUM
2009-11-18 14:15 . 2009-08-30 00:37 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-14 19:57 . 2009-11-14 19:54 -------- d-----w- c:\program files\K-Lite Codec Pack
2009-11-14 19:53 . 2006-01-06 11:31 -------- d-----w- c:\program files\Common Files\Real
2009-11-12 11:08 . 2009-07-05 23:45 33768 ----a-w- c:\documents and settings\Matt\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-11-09 18:00 . 2009-11-14 19:54 85504 ----a-w- c:\windows\system32\ff_vfw.dll
2009-11-05 15:27 . 2009-10-19 23:28 -------- d-----w- c:\documents and settings\Matt\Application Data\Apple Computer
2009-11-04 17:07 . 2009-10-19 23:23 -------- d-----w- c:\program files\Common Files\Apple
2009-11-03 21:26 . 2006-01-06 11:25 -------- d-----w- c:\program files\Java
2009-10-28 15:14 . 2009-07-11 13:32 30984 ----a-w- c:\documents and settings\Ann\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-21 13:28 . 2009-10-19 23:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-10-19 23:28 . 2009-10-19 23:27 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-19 23:27 . 2009-10-19 23:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-10-19 23:27 . 2009-10-19 23:27 -------- d-----w- c:\program files\Bonjour
2009-10-19 23:27 . 2006-01-06 11:32 -------- d-----w- c:\program files\QuickTime
2009-10-19 23:24 . 2009-10-19 23:24 -------- d-----w- c:\program files\Apple Software Update
2009-10-11 04:17 . 2009-08-28 12:36 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-10-09 13:29 . 2009-10-09 13:29 -------- d-----w- c:\program files\Myspace Marketing Manager
2009-10-09 12:55 . 2009-10-09 12:49 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-10-09 12:26 . 2009-10-09 12:26 -------- d-----w- c:\program files\DAMN NFO Viewer
2009-10-09 11:43 . 2009-10-08 09:30 -------- d-----w- c:\program files\FriendBlasterPro
2009-09-29 12:23 . 2009-09-29 12:23 56 ---ha-w- c:\windows\system32\ezsidmv.dat
2009-09-25 16:42 . 2009-07-01 22:54 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-09-25 16:42 . 2009-07-01 22:54 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-09-25 16:42 . 2005-04-25 02:03 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2009-09-19 21:59 . 2009-09-19 21:56 52770576 ----a-w- c:\documents and settings\Matt\Application Data\Sony Setup\64993CD0-67D1-4244-A2BC-FD73F4DA5B62\dotnetfx3.exe
2009-09-11 14:18 . 2004-08-10 12:51 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03 . 2004-08-10 12:51 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-25 16:41 . 2009-09-25 16:41 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-09-25 16:41 . 2009-09-25 16:41 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.

------- Sigcheck -------

[7] 2008-04-14 . 6D4FEB43EE538FC5428CC7F0565AA656 . 56320 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\eventlog.dll
[7] 2004-08-04 . 82B24CB70E5944E6E34662205A2A5B78 . 55808 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\eventlog.dll

c:\windows\System32\eventlog.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2004-07-19 306688]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"LogitechSoftwareUpdate"="c:\program files\Logitech\Video\ManifestEngine.exe" [2005-06-08 196608]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-07-08 160592]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechVideoRepair"="c:\program files\Logitech\Video\ISStart.exe " [X]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2005-06-17 139264]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 344064]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2005-02-23 53248]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-09-05 417792]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2005-01-27 86016]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 81920]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-11-29 2029336]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-07-19 221184]
"LogitechVideoTray"="c:\program files\Logitech\Video\LogiTray.exe" [2005-06-08 217088]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-28 141600]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-03-23 339968]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2006-1-6 24576]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-23 11:53 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgnsx.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

R0 a347scsi;a347scsi;c:\windows\system32\drivers\a347scsi.sys [03/08/2009 16:20 5248]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [03/07/2009 23:53 335240]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [03/07/2009 23:53 108552]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [03/07/2009 23:52 297752]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [03/07/2009 23:52 908056]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [14/11/2009 22:20 135664]
S4 a347bus;a347bus;c:\windows\system32\drivers\a347bus.sys [03/08/2009 16:20 160640]
.
Contents of the 'Scheduled Tasks' folder

2009-10-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-14 22:19]

2009-08-30 c:\windows\Tasks\User_Feed_Synchronization-{E388B728-B4AA-4974-A125-80116E5C1734}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uInternet Connection Wizard,ShellNext = "c:\program files\Outlook Express\msimn.exe"
uInternet Settings,ProxyOverride = *.local
IE: Customize Menu - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - [You must be registered and logged in to see this link.] files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath - c:\documents and settings\Matt\Application Data\Mozilla\Firefox\Profiles\r7hezc8q.default\
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Siber Systems\AI RoboForm\Firefox\components\rfproxy_31.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - hȋdden: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - truec:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
- - - - ORPHANS REMOVED - - - -

AddRemove-HijackThis - c:\documents and settings\Matt\My Documents\Downloads\HijackThis.exe
AddRemove-QcDrv - c:\program files\Common Files\Logitech\QCDRV\BIN\SETUP.EXE UNINSTALL REMOVEPROMPT



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-30 01:52
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, [You must be registered and logged in to see this link.]

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x82D2D618]<<
kernel: MBR read successfully
detected MBR rootkit hooks:
\Driver\Disk -> CLASSPNP.SYS @ 0xf85dff28
\Driver\ACPI -> ACPI.sys @ 0xf8472cb8
\Driver\atapi -> atapi.sys @ 0xf8355852
\Driver\iaStor -> iastor.sys @ 0xf8379b10
IoDeviceObjectType -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
\Device\Harddisk0\DR0 -> ParseProcedure -> ntkrnlpa.exe @ 0x805827e8
NDIS: Intel(R) PRO/1000 PL Network Connection -> SendCompleteHandler -> NDIS.sys @ 0xf8249bb0
PacketIndicateHandler -> NDIS.sys @ 0xf8256a21
SendHandler -> NDIS.sys @ 0xf823487b
user & kernel MBR OK

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(700)
c:\windows\system32\WININET.dll

- - - - - - - > 'lsass.exe'(768)
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(3420)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Intel\Intel Matrix Storage Manager\iaantmon.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\AVG\AVG8\avgrsx.exe
c:\progra~1\AVG\AVG8\avgnsx.exe
c:\windows\system32\wscntfy.exe
c:\program files\Logitech\Video\FxSvr2.exe
c:\program files\iPod\bin\iPodService.exe
.
**************************************************************************
.
Completion time: 2009-11-30 02:00 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-30 02:00

Pre-Run: 171,901,964,288 bytes free
Post-Run: 174,601,830,400 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - F320AA2CF2C536E76470B28F9B4B9112

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 30th November 2009, 8:37 pm

Hey again,

I think the whole Antivirus Pro thing has gone now. But some of the links I click are still getting redirected to different pages :S

You have any idea I can sort this out?
Thanks for your help so far Belahzur,
Matt.

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Belahzur on 30th November 2009, 8:37 pm

Please download SystemLook from one of the links below and save it to your Desktop.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    Code:

    :filefind
    a347scsi.sys
    iastor.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34918
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : 7 Home Premium x64
Points Points : 245111
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Antivirus System Pro - Please help! Won't go away!

Post by Mattitude on 30th November 2009, 8:56 pm

Hey,

here is the log:

SystemLook v1.0 by jpshortstuff (29.08.09)
Log created at 20:54 on 30/11/2009 by Matt (Administrator - Elevation successful)

========== filefind ==========

Searching for "a347scsi.sys"
C:\WINDOWS\system32\drivers\a347scsi.sys ------ 5248 bytes [16:20 03/08/2009] [08:33 30/04/2004] 113E4B318BBAA7483CA4E582A4D63F49

Searching for "iastor.sys"
C:\dell\MEDIAEXE\RepFiles\iastor.sys --a--- 871040 bytes [11:04 06/01/2006] [13:28 25/04/2005] D593517879E65167DF35F6015814AC59
C:\drivers\storage\sata\onboard\iastor.sys --a--- 872064 bytes [11:04 06/01/2006] [12:33 17/06/2005] 9A65E42664D1534B68512CAAD0EFE963
C:\i386\iaStor.sys --a--- 872064 bytes [23:48 03/07/2009] [12:33 17/06/2005] 9A65E42664D1534B68512CAAD0EFE963
C:\WINDOWS\system32\drivers\iastor.sys --a--- 872064 bytes [11:04 06/01/2006] [00:22 30/11/2009] 9A65E42664D1534B68512CAAD0EFE963

-=End Of File=-

Mattitude
Intermediate
Intermediate

Posts Posts : 64
Joined Joined : 2009-06-25
OS OS : XP
Points Points : 27772
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum