Anti Virus Soft on Windows XP

View previous topic View next topic Go down

Solved Anti Virus Soft on Windows XP

Post by TheBlackScepter on 6th June 2010, 4:50 pm

My aunt's computer, a Windows XP, has the same Anti-Virus Soft program my Windows Vista had not to long ago. We tried following small remedies, using a program known as rkill, to remove it but it doesn't seem to remove it long enough for us to run our AntiMalware Software, we are typing this post from a clean computer and we would greatly appreciate your help.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 6th June 2010, 10:32 pm

Hi

Please do the following….. From a clean computer download the following tools to a flash drive. Or Copy to a USB/CD or other media to use on the infected system.

Also, print out or save these instructions into note pad on a flash drive. (so you can see how to run the tools). If you can't save it to the desktop of the infected computer, you can run it right off of the flash drive.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by me or another helper.
---------------------------------------------------------------------------------------------



  1. Download ComboFix from below:

    [You must be registered and logged in to see this link.]


    * IMPORTANT !!! Place combofix.exe on your Desktop

  2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.


    You can get help on disabling your protection programs [You must be registered and logged in to see this link.]

  3. Double click on combofix.exe & follow the prompts.

  4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.

    Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.





    The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.

    With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.

    Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.

    ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.

    Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:

    The Recovery Console was successfully installed.



    Click on Yes, to continue scanning for malware.

  5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

  6. When finished, it shall produce a log for you. Post that log in your next reply

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


    ---------------------------------------------------------------------------------------------

  7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.

    ---------------------------------------------------------------------------------------------

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 12:09 am

Here are the logs.

ComboFix 10-06-06.01 - Marla 06/06/2010 19:49:50.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.558 [GMT -4:00]
Running from: c:\documents and settings\Marla\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *On-access scanning disabled* (Outdated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Marla\Local Settings\Application Data\csrttxhaf
c:\documents and settings\Marla\Local Settings\Application Data\csrttxhaf\fqhaesotssd.exe
c:\documents and settings\Marla\Local Settings\Application Data\lslutfghc
c:\documents and settings\Marla\Local Settings\Application Data\lslutfghc\fidbxgetssd.exe
C:\evcwinw.exe
c:\program files\Zumie
c:\windows\system32\gepesiso.dll
c:\windows\system32\jepazeje.dll
c:\windows\system32\wamejulu.dll
c:\windows\system32\wogutopa.dll
c:\windows\system32\yoharaje.dll
c:\windows\system32\zepepewa.dll
c:\windows\system32\ziluyuda.dll
c:\windows\Tasks\mmszaean.job

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_$SYS$DRMSERVER
-------\Legacy_CD_PROXY
-------\Legacy_FREEZESCREENSAVER
-------\Service_FreezeScreenSaver


((((((((((((((((((((((((( Files Created from 2010-05-06 to 2010-06-06 )))))))))))))))))))))))))))))))
.

2010-06-06 17:36 . 2010-06-06 17:40 -------- d-----w- c:\program files\Symantec
2010-06-06 17:26 . 2010-06-06 17:26 -------- d-----w- c:\windows\55A6283C638A4EE0B49151118554BDA2.TMP
2010-06-06 17:03 . 2010-06-06 17:03 -------- d-----w- c:\documents and settings\Marla\Application Data\Motive
2010-06-06 16:13 . 2010-06-06 16:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Google
2010-06-06 16:10 . 2010-06-06 16:10 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Google
2010-06-06 16:10 . 2010-04-29 19:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-06 16:10 . 2010-04-29 19:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-06 16:00 . 2010-06-06 16:00 -------- d-----w- c:\documents and settings\Marla\Application Data\Malwarebytes
2010-06-06 15:10 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\hidserv.dll
2010-06-06 15:10 . 2008-04-14 09:41 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-06 17:39 . 2006-12-15 00:20 -------- d-----w- c:\program files\Common Files\Symantec Shared
2010-06-06 17:39 . 2006-12-15 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2010-06-06 17:24 . 2008-05-09 18:43 805 -c--a-w- c:\windows\system32\drivers\SYMEVENT.INF
2010-06-06 17:24 . 2008-05-09 18:43 10563 -c--a-w- c:\windows\system32\drivers\SYMEVENT.CAT
2010-06-06 16:10 . 2009-12-04 23:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 16:10 . 2006-12-15 00:25 -------- d-----w- c:\program files\Google
2010-06-06 15:32 . 2007-03-30 19:59 76824 -c--a-w- c:\documents and settings\Marla\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-06-30 17:44 . 2008-05-09 18:47 324976 ----a-w- c:\program files\mozilla firefox\components\coFFPlgn.dll
2009-09-30 02:41 . 2007-03-28 02:19 88 -csh--r- c:\windows\system32\0815EB9553.sys
2009-09-30 02:41 . 2007-03-28 02:19 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-13 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"DLA"="c:\windows\System32\DLA\DLACTRLW.EXE" [2005-09-08 122940]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [2009-09-13 1048392]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-12-15 98304]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:\program files\HP\Digital Imaging\bin\hpqthb08.exe [2004-11-4 53248]
SBC Self Support Tool.lnk - c:\program files\SBC Self Support Tool\bin\matcli.exe [2007-4-9 217088]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\ymetray.lnk
backup=c:\windows\pss\ymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATICCC]
2006-01-02 23:41 45056 -c--a-w- c:\program files\ATI Technologies\ATI.ACE\CLI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccleaner]
2008-12-19 18:28 1434864 -c--a-w- c:\program files\CCleaner\CCleaner.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
2006-08-29 03:57 395776 ----a-w- c:\program files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupportCenter]
2008-08-13 22:32 206064 -c--a-w- c:\program files\Dell Support Center\bin\sprtcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-07-27 22:50 221184 -c--a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSScheduler]
2004-07-27 22:50 81920 -c--a-w- c:\program files\Common Files\InstallShield\UpdateService\issch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]
2006-08-15 09:00 282624 -c--a-w- c:\windows\stsystra.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Symantec Core LC"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CD_Proxy"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"$sys$DRMServer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\wbem\\unsecapp.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=
"c:\\Program Files\\Microsoft Security Essentials\\msseces.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqgalry.exe"=
"c:\\Program Files\\HP\\HP Software Update\\hpwuSchd2.exe"=

R0 $sys$cor;$sys$cor;c:\windows\system32\drivers\$sys$cor.sys [10/6/2004 10:11 AM 18432]
R1 $sys$crater;$sys$crater;c:\windows\system32\$sys$filesystem\crater.sys [10/7/2004 3:57 AM 11904]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [6/6/2010 12:10 PM 136176]
S3 COH_Mon;COH_Mon;\??\c:\windows\system32\Drivers\COH_Mon.sys --> c:\windows\system32\Drivers\COH_Mon.sys [?]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys --> c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 16:10]

2010-06-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-06 16:10]

2010-06-06 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Essentials\MpCmdRun.exe [2009-07-02 22:36]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:\documents and settings\Marla\Application Data\Mozilla\Firefox\Profiles\7gld5amp.default\
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPSFDMGR.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{BE0027FB-31FF-4661-82BC-83ADCEF28F0F} - (no file)
BHO-{e7210039-176f-4cb0-b071-e1fa1cf5a158} - ziluyuda.dll
HKCU-Run-wxeqmhmc - c:\documents and settings\Marla\Local Settings\Application Data\lslutfghc\fidbxgetssd.exe
HKCU-Run-efjnweix - c:\documents and settings\Marla\Local Settings\Application Data\csrttxhaf\fqhaesotssd.exe
HKLM-Run-mokezaferu - jepazeje.dll
HKLM-Run-dafodihur - c:\windows\system32\wamejulu.dll
HKLM-Run-wxeqmhmc - c:\documents and settings\Marla\Local Settings\Application Data\lslutfghc\fidbxgetssd.exe
HKLM-Run-efjnweix - c:\documents and settings\Marla\Local Settings\Application Data\csrttxhaf\fqhaesotssd.exe
SharedTaskScheduler-{494e0f81-ac76-4bea-80c3-ec16c4b10060} - (no file)
SharedTaskScheduler-{0a9bcbd3-d90d-46c9-9303-2ef4f8071edd} - (no file)
SharedTaskScheduler-{3c0ce1af-00b6-4485-a7ca-e8ec67b8bf10} - (no file)
SharedTaskScheduler-{91bc2cca-4bb3-42b5-80dd-48d9dec27a76} - (no file)
SharedTaskScheduler-{8c2c3ddd-c512-4700-807a-94a02fd65544} - (no file)
SharedTaskScheduler-{f187e71b-a0f4-4703-9468-3510027faf7b} - (no file)
SharedTaskScheduler-{57219ced-2b36-43b0-a30b-b8368d617020} - (no file)
SharedTaskScheduler-{c7cddecb-f33b-428e-8f35-87b6cec6e3e9} - (no file)
SharedTaskScheduler-{dc8b84e5-b071-4f0a-ad7c-2a0e7c8bbbb9} - (no file)
SharedTaskScheduler-{a20b2fae-7796-4a40-83d4-0b6c0728f50a} - (no file)
SharedTaskScheduler-{4b872675-9bf6-48ce-9edd-872bc13d3055} - (no file)
SharedTaskScheduler-{f19d01fd-4b42-4691-b075-e8975b8aaa94} - (no file)
SharedTaskScheduler-{9008c6b1-b71f-4f9d-aa7d-c5eb354cac62} - (no file)
SharedTaskScheduler-{4ab8ddbf-4800-41be-beae-943e808a23cb} - (no file)
SharedTaskScheduler-{b18dbb7c-3ebf-43dd-88bd-d20c9f71e827} - (no file)
SharedTaskScheduler-{5e528d48-9946-48d3-b5b5-8d9f20b1605a} - (no file)
SharedTaskScheduler-{387109e8-6e5b-493a-97bb-57923919670d} - (no file)
SharedTaskScheduler-{8d62f9e4-6200-4fd1-9d10-0427d82a812b} - (no file)
SharedTaskScheduler-{61a9ce68-ede5-4c67-a8ef-7c6cc7877d9c} - (no file)
SharedTaskScheduler-{8be24210-7b58-4e4a-8877-ccfb51a1ac00} - (no file)
SharedTaskScheduler-{5a6c6d8d-ef16-4816-9edf-0832d4d8ed94} - (no file)
SharedTaskScheduler-{0c9c3a35-9568-476b-a756-3087ccf6a5e8} - (no file)
SharedTaskScheduler-{37e63336-6f54-4685-9ff3-23e1cb4af6ce} - (no file)
SharedTaskScheduler-{038b780d-3955-4ef0-8fae-702341ff2fdc} - c:\windows\system32\fituzafi.dll
SharedTaskScheduler-{4a08e4cb-d07d-4818-954e-658740a143fa} - c:\windows\system32\wamejulu.dll
SSODL-turerabet-{494e0f81-ac76-4bea-80c3-ec16c4b10060} - (no file)
SSODL-wiloyayom-{0a9bcbd3-d90d-46c9-9303-2ef4f8071edd} - (no file)
SSODL-mabitukik-{3c0ce1af-00b6-4485-a7ca-e8ec67b8bf10} - (no file)
SSODL-mohutovat-{91bc2cca-4bb3-42b5-80dd-48d9dec27a76} - (no file)
SSODL-wumifiyef-{8c2c3ddd-c512-4700-807a-94a02fd65544} - (no file)
SSODL-moyinaref-{f187e71b-a0f4-4703-9468-3510027faf7b} - (no file)
SSODL-wegofeneb-{57219ced-2b36-43b0-a30b-b8368d617020} - (no file)
SSODL-lepototiw-{c7cddecb-f33b-428e-8f35-87b6cec6e3e9} - (no file)
SSODL-napinopeb-{dc8b84e5-b071-4f0a-ad7c-2a0e7c8bbbb9} - (no file)
SSODL-mesahureg-{a20b2fae-7796-4a40-83d4-0b6c0728f50a} - (no file)
SSODL-kuyanajop-{4b872675-9bf6-48ce-9edd-872bc13d3055} - (no file)
SSODL-dozeyamal-{b18dbb7c-3ebf-43dd-88bd-d20c9f71e827} - (no file)
SSODL-pijapamaz-{9008c6b1-b71f-4f9d-aa7d-c5eb354cac62} - (no file)
SSODL-roruwamen-{4ab8ddbf-4800-41be-beae-943e808a23cb} - (no file)
SSODL-duwikekem-{5e528d48-9946-48d3-b5b5-8d9f20b1605a} - (no file)
SSODL-yenawujus-{387109e8-6e5b-493a-97bb-57923919670d} - (no file)
SSODL-jikuruyir-{37e63336-6f54-4685-9ff3-23e1cb4af6ce} - (no file)
SSODL-vejemivaz-{038b780d-3955-4ef0-8fae-702341ff2fdc} - c:\windows\system32\fituzafi.dll
SSODL-lonewosis-{4a08e4cb-d07d-4818-954e-658740a143fa} - c:\windows\system32\wamejulu.dll
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-avast! - c:\progra~1\ALWILS~1\Avast4\ashDisp.exe
MSConfigStartUp-BJCFD - c:\program files\BroadJump\Client Foundation\CFD.exe
MSConfigStartUp-ccApp - c:\program files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-dafodihur - c:\windows\system32\wowafuha.dll
MSConfigStartUp-osCheck - c:\program files\Norton Internet Security\osCheck.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-06 19:54
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2353383158-389931355-32074981-1008\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3152)
c:\windows\system32\WININET.dll
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
c:\windows\system32\ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Essentials\MsMpEng.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\wdfmgr.exe
c:\program files\SBC Self Support Tool\bin\mpbtn.exe
c:\program files\HP\Digital Imaging\bin\hpqgalry.exe
c:\progra~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
.
**************************************************************************
.
Completion time: 2010-06-06 20:03:13 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 00:03

Pre-Run: 135,372,058,624 bytes free
Post-Run: 135,471,067,136 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 8CCFAFCC43FA7A078D36617A032B1FA2

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 1:00 pm

I see you have Microsoft Security Essentials and Symantec Anti-Virus (Looks like leftovers of Symantec ) in your computer.Two Anti-Virus Programs take up an enormous amount of your computer's resources when they are actively scanning your computer. Having two anti-virus programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

Here's how:

To remove Norton, Click on Start > Settings > Control Panel
double click on Add/Remove Programs, search for every item that belongs to Norton, Symantec, or LiveUpdate and remove them, reboot when prompt, or reboot manually if your computer hasn't automatically rebooted. To remove the leftovers download and run the Norton Removal Tool, read [You must be registered and logged in to see this link.]


Update Run Malwarebytes



  • Launch Malwarebytes' Anti-Malware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 4:14 pm

Here are the logs from MBAM.

Malwarebytes' Anti-Malware 1.46
[You must be registered and logged in to see this link.]

Database version: 4175

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.11

6/7/2010 12:10:04 PM
mbam-log-2010-06-07 (12-10-04).txt

Scan type: Quick scan
Objects scanned: 172208
Time elapsed: 18 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionExtStats{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_CURRENT_USERSOFTWAREMicrosoftInternet ExplorerToolbarWebBrowser{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:Program FilesAngle InteractiveRD2010 (Rogue.RegDefender) -> Quarantined and deleted successfully.

Files Infected:
C:imoliv.exe (Trojan.Vundo) -> Quarantined and deleted successfully.
C:Documents and SettingsDavidLocal SettingsTemp84c92444.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:Program FilesAngle InteractiveRD2010check.txt (Rogue.RegDefender) -> Quarantined and deleted successfully.
C:vbaaaah.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 6:34 pm

Looking better! Can you get on line now?


Run CFScript



  • Close any open browsers.
  • Open Notepad by click start
  • Click Run
  • Type notepad into the box and click enter
  • Notepad will open
  • Copy and Paste everything from the Code box into Notepad:

Code:
KILLALL::

File::
c:windowssystem32815EB9553.sys

Registry::
[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000000

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000000

Save the file to your desktop and name it CFScript.txt

Then drag the CFScript.txt into the ComboFix.exe as shown in the screenshot below.





This will start ComboFix again. It may ask to reboot. Post the contents of Combofix.txt in your next reply

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 7:58 pm

here are the logs.


ComboFix 10-06-07.01 - Marla 06/07/2010 15:43:17.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.447 [GMT -4:00]
Running from: c:documents and settingsMarlaDesktopComboFix.exe
Command switches used :: c:documents and settingsMarlaDesktopCFscript.txt
AV: Microsoft Security Essentials *On-access scanning disabled* (Updated) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
.

((((((((((((((((((((((((( Files Created from 2010-05-07 to 2010-06-07 )))))))))))))))))))))))))))))))
.

2010-06-07 15:44 . 2010-04-29 19:39 38224 ----a-w- c:windowssystem32driversmbamswissarmy.sys
2010-06-07 15:44 . 2010-04-29 19:39 20952 ----a-w- c:windowssystem32driversmbam.sys
2010-06-06 17:36 . 2010-06-06 17:40 -------- d-----w- c:program filesSymantec
2010-06-06 17:26 . 2010-06-06 17:26 -------- d-----w- c:windows55A6283C638A4EE0B49151118554BDA2.TMP
2010-06-06 17:03 . 2010-06-06 17:03 -------- d-----w- c:documents and settingsMarlaApplication DataMotive
2010-06-06 16:13 . 2010-06-06 16:13 -------- d-----w- c:documents and settingsNetworkServiceLocal SettingsApplication DataGoogle
2010-06-06 16:10 . 2010-06-06 16:10 -------- d-----w- c:documents and settingsLocalServiceLocal SettingsApplication DataGoogle
2010-06-06 16:00 . 2010-06-06 16:00 -------- d-----w- c:documents and settingsMarlaApplication DataMalwarebytes
2010-06-06 15:10 . 2008-04-14 09:41 21504 ----a-w- c:windowssystem32hidserv.dll
2010-06-06 15:10 . 2008-04-14 09:41 21504 ----a-w- c:windowssystem32dllcachehidserv.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-07 16:17 . 2006-12-15 00:26 -------- d-----w- c:program filesYahoo!
2010-06-07 16:17 . 2006-12-15 00:26 -------- d-----w- c:documents and settingsAll UsersApplication DataYAHOO
2010-06-07 16:10 . 2009-11-01 16:38 -------- d-----w- c:program filesAngle Interactive
2010-06-07 15:44 . 2009-12-04 23:08 -------- d-----w- c:program filesMalwarebytes' Anti-Malware
2010-06-07 15:34 . 2007-04-08 23:27 -------- d-----w- c:program filesHP
2010-06-07 15:30 . 2006-12-15 00:16 -------- d-----w- c:program filesCommon FilesInstallShield
2010-06-07 15:26 . 2006-12-15 00:20 -------- d-----w- c:program filesCommon FilesSymantec Shared
2010-06-07 15:26 . 2006-12-15 00:21 -------- d-----w- c:documents and settingsAll UsersApplication DataSymantec
2010-06-07 15:14 . 2009-11-14 01:11 -------- d-----w- c:program filesMicrosoft Silverlight
2010-06-07 01:22 . 2008-05-09 18:32 76824 -c--a-w- c:documents and settingsLocalServiceLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-06-07 01:22 . 2009-11-06 02:01 -------- d-----w- c:program filesMicrosoft Security Essentials
2010-06-06 16:10 . 2006-12-15 00:25 -------- d-----w- c:program filesGoogle
2010-06-06 15:32 . 2007-03-30 19:59 76824 -c--a-w- c:documents and settingsMarlaLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2010-05-21 18:14 . 2009-11-06 02:03 221568 ------w- c:windowssystem32MpSigStub.exe
2010-03-11 12:38 . 2004-08-10 18:51 832512 ----a-w- c:windowssystem32wininet.dll
2010-03-11 12:38 . 2004-08-10 18:51 78336 ----a-w- c:windowssystem32ieencode.dll
2010-03-11 12:38 . 2004-08-10 18:50 17408 ------w- c:windowssystem32corpol.dll
2008-06-30 17:44 . 2008-05-09 18:47 324976 ----a-w- c:program filesmozilla firefoxcomponentscoFFPlgn.dll
2009-09-30 02:41 . 2007-03-28 02:19 88 -csh--r- c:windowssystem32815EB9553.sys
2009-09-30 02:41 . 2007-03-28 02:19 2516 -csha-w- c:windowssystem32KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2007-01-29 08:58 . 2009-10-28 15:07 46080 c:windowssystem32tzchange.exe
+ 2007-01-29 08:58 . 2010-04-21 13:28 46080 c:windowssystem32tzchange.exe
- 2004-08-10 18:51 . 2008-04-14 10:42 75776 c:windowssystem32strmfilt.dll
+ 2004-08-10 18:51 . 2009-10-21 05:38 75776 c:windowssystem32strmfilt.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 79872 c:windowssystem32raschap.dll
+ 2004-08-10 18:51 . 2009-10-12 13:38 79872 c:windowssystem32raschap.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 44544 c:windowssystem32pngfilt.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 44544 c:windowssystem32pngfilt.dll
+ 2004-08-10 18:51 . 2010-06-07 15:16 54484 c:windowssystem32perfc009.dat
- 2004-08-10 18:51 . 2010-06-06 15:33 54484 c:windowssystem32perfc009.dat
+ 2004-08-04 06:56 . 2009-11-27 17:11 17920 c:windowssystem32msyuv.dll
+ 2004-08-10 18:51 . 2009-11-27 16:07 28672 c:windowssystem32msvidc32.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 11264 c:windowssystem32msrle32.dll
+ 2004-08-10 18:51 . 2009-11-27 16:07 11264 c:windowssystem32msrle32.dll
- 2006-11-08 01:03 . 2009-08-29 07:36 52224 c:windowssystem32msfeedsbs.dll
+ 2006-11-08 01:03 . 2010-03-11 12:38 52224 c:windowssystem32msfeedsbs.dll
+ 2003-09-04 18:14 . 2003-09-04 18:14 94208 c:windowssystem32MacromedFlashGetFlash.exe
+ 2004-08-10 18:51 . 2010-03-11 12:38 27648 c:windowssystem32jsproxy.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 27648 c:windowssystem32jsproxy.dll
+ 2004-08-04 06:56 . 2009-11-27 16:07 48128 c:windowssystem32iyuv_32.dll
+ 2006-11-07 07:26 . 2010-03-10 13:18 13824 c:windowssystem32ieudinit.exe
- 2006-11-07 07:26 . 2009-08-28 10:28 13824 c:windowssystem32ieudinit.exe
- 2004-08-10 18:51 . 2009-08-29 07:36 44544 c:windowssystem32iernonce.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 44544 c:windowssystem32iernonce.dll
+ 2004-08-10 18:51 . 2010-03-10 13:18 70656 c:windowssystem32ie4uinit.exe
- 2004-08-10 18:51 . 2009-08-28 10:28 70656 c:windowssystem32ie4uinit.exe
- 2006-10-17 15:58 . 2009-08-29 07:36 63488 c:windowssystem32icardie.dll
+ 2006-10-17 15:58 . 2010-03-11 12:38 63488 c:windowssystem32icardie.dll
+ 2004-08-10 18:51 . 2009-10-21 05:38 25088 c:windowssystem32httpapi.dll
+ 2004-08-10 18:51 . 2009-10-15 16:28 81920 c:windowssystem32fontsub.dll
- 2004-08-10 18:51 . 2009-06-16 14:36 81920 c:windowssystem32fontsub.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 75776 c:windowssystem32dllcachestrmfilt.dll
+ 2004-08-10 18:51 . 2009-10-21 05:38 75776 c:windowssystem32dllcachestrmfilt.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 79872 c:windowssystem32dllcacheraschap.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 44544 c:windowssystem32dllcachepngfilt.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 44544 c:windowssystem32dllcachepngfilt.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:windowssystem32dllcachemsyuv.dll
+ 2004-08-10 18:51 . 2009-11-27 16:07 28672 c:windowssystem32dllcachemsvidc32.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 11264 c:windowssystem32dllcachemsrle32.dll
- 2007-05-09 16:28 . 2009-08-29 07:36 52224 c:windowssystem32dllcachemsfeedsbs.dll
+ 2007-05-09 16:28 . 2010-03-11 12:38 52224 c:windowssystem32dllcachemsfeedsbs.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 27648 c:windowssystem32dllcachejsproxy.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 27648 c:windowssystem32dllcachejsproxy.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:windowssystem32dllcacheiyuv_32.dll
+ 2007-05-09 16:28 . 2010-03-10 13:18 13824 c:windowssystem32dllcacheieudinit.exe
- 2007-05-09 16:28 . 2009-08-28 10:28 13824 c:windowssystem32dllcacheieudinit.exe
- 2004-08-10 18:51 . 2009-08-29 07:36 44544 c:windowssystem32dllcacheiernonce.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 44544 c:windowssystem32dllcacheiernonce.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 78336 c:windowssystem32dllcacheieencode.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 78336 c:windowssystem32dllcacheieencode.dll
- 2004-08-10 18:51 . 2009-08-28 10:28 70656 c:windowssystem32dllcacheie4uinit.exe
+ 2004-08-10 18:51 . 2010-03-10 13:18 70656 c:windowssystem32dllcacheie4uinit.exe
- 2007-08-20 10:04 . 2009-08-29 07:36 63488 c:windowssystem32dllcacheicardie.dll
+ 2007-08-20 10:04 . 2010-03-11 12:38 63488 c:windowssystem32dllcacheicardie.dll
+ 2004-08-10 18:51 . 2009-10-21 05:38 25088 c:windowssystem32dllcachehttpapi.dll
+ 2004-08-10 18:51 . 2009-10-15 16:28 81920 c:windowssystem32dllcachefontsub.dll
- 2004-08-10 18:51 . 2009-06-16 14:36 81920 c:windowssystem32dllcachefontsub.dll
+ 2009-12-14 07:08 . 2009-12-14 07:08 33280 c:windowssystem32dllcachecsrsrv.dll
+ 2004-08-10 18:50 . 2010-03-11 12:38 17408 c:windowssystem32dllcachecorpol.dll
- 2004-08-10 18:50 . 2009-08-29 07:36 17408 c:windowssystem32dllcachecorpol.dll
+ 2004-08-10 18:50 . 2010-01-13 14:01 86016 c:windowssystem32dllcachecabview.dll
+ 2004-08-10 18:50 . 2009-11-27 16:07 84992 c:windowssystem32dllcacheavifil32.dll
- 2004-08-10 18:50 . 2009-06-10 14:13 84992 c:windowssystem32dllcacheavifil32.dll
+ 2004-08-10 18:50 . 2009-12-14 07:08 33280 c:windowssystem32csrsrv.dll
+ 2004-08-10 18:50 . 2010-01-13 14:01 86016 c:windowssystem32cabview.dll
+ 2004-08-10 18:50 . 2009-11-27 16:07 84992 c:windowssystem32avifil32.dll
- 2004-08-10 18:50 . 2009-06-10 14:13 84992 c:windowssystem32avifil32.dll
- 2006-12-15 00:29 . 2009-11-11 22:12 23040 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}unbndico.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 23040 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}unbndico.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 61440 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}pubs.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 61440 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}pubs.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 27136 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}oisicon.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 27136 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}oisicon.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 11264 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}mspicons.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 11264 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}mspicons.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 12288 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}cagicon.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 12288 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}cagicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 23040 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}unbndico.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 23040 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}unbndico.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 27136 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}oisicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 27136 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}oisicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 11264 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}mspicons.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 11264 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}mspicons.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 12288 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}cagicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 12288 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}cagicon.exe
+ 2008-08-18 12:19 . 2010-06-07 01:20 40960 c:windowsInstaller{90840409-6000-11D3-8CFE-0150048383C9}xlvicon.exe
- 2008-08-18 12:19 . 2009-11-11 22:13 40960 c:windowsInstaller{90840409-6000-11D3-8CFE-0150048383C9}xlvicon.exe
+ 2010-06-07 01:29 . 2010-06-07 01:29 38240 c:windowsInstaller{90120000-0020-0409-0000-0000000FF1CE}O12ConvIcon.exe
- 2009-11-11 22:11 . 2009-11-11 22:11 38240 c:windowsInstaller{90120000-0020-0409-0000-0000000FF1CE}O12ConvIcon.exe
+ 2010-06-07 01:23 . 2010-06-07 01:23 49152 c:windowsInstaller{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}ConfigIcon.dll
+ 2006-12-15 00:26 . 2010-06-07 01:20 17534 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}gtngstrtd.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 17534 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}gtngstrtd.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_B8B1511D9331_467C_9B1B_E8204012E95B.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_630CEEA9B210_4765_A2B1_FC24596048D7.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_630CEEA9B210_4765_A2B1_FC24596048D7.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 65536 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_4E403E143BE9_4CD1_B8DF_8012EBBE9E82.exe
+ 2010-06-07 01:18 . 2009-08-29 07:36 44544 c:windowsie7updatesKB980182-IE7pngfilt.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 52224 c:windowsie7updatesKB980182-IE7msfeedsbs.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 27648 c:windowsie7updatesKB980182-IE7jsproxy.dll
+ 2010-06-07 01:18 . 2009-08-28 10:28 13824 c:windowsie7updatesKB980182-IE7ieudinit.exe
+ 2010-06-07 01:18 . 2009-08-29 07:36 44544 c:windowsie7updatesKB980182-IE7iernonce.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 78336 c:windowsie7updatesKB980182-IE7ieencode.dll
+ 2010-06-07 01:18 . 2009-08-28 10:28 70656 c:windowsie7updatesKB980182-IE7ie4uinit.exe
+ 2010-06-07 01:18 . 2009-08-29 07:36 63488 c:windowsie7updatesKB980182-IE7icardie.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 17408 c:windowsie7updatesKB980182-IE7corpol.dll
+ 2009-11-27 17:11 . 2009-11-27 17:11 17920 c:windowsDriver Cachei386msyuv.dll
+ 2009-11-27 16:07 . 2009-11-27 16:07 48128 c:windowsDriver Cachei386iyuv_32.dll
+ 2001-08-18 04:36 . 2009-11-27 16:07 8704 c:windowssystem32tsbyuv.dll
+ 2001-08-18 04:36 . 2009-11-27 16:07 8704 c:windowssystem32dllcachetsbyuv.dll
- 2006-12-15 00:29 . 2009-11-11 22:12 4096 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}opwicon.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 4096 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}opwicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 4096 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}opwicon.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 4096 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}opwicon.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 4710 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}WSBico.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 4710 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}WSBico.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 4710 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}Win2Kico.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 4710 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}Win2Kico.exe
+ 2009-11-27 16:07 . 2009-11-27 16:07 8704 c:windowsDriver Cachei386tsbyuv.dll
+ 2004-08-10 18:51 . 2009-12-24 06:59 177664 c:windowssystem32wintrust.dll
+ 2004-08-10 18:51 . 2009-08-25 09:17 354816 c:windowssystem32winhttp.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 233472 c:windowssystem32webcheck.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 233472 c:windowssystem32webcheck.dll
+ 2004-08-10 18:51 . 2010-03-09 11:09 430080 c:windowssystem32vbscript.dll
- 2004-08-10 18:51 . 2008-05-09 10:53 430080 c:windowssystem32vbscript.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 105984 c:windowssystem32url.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 105984 c:windowssystem32url.dll
+ 2004-08-10 18:51 . 2009-10-15 16:28 119808 c:windowssystem32t2embed.dll
- 2004-08-10 18:51 . 2009-06-16 14:36 119808 c:windowssystem32t2embed.dll
+ 2004-08-10 18:51 . 2009-12-08 09:23 474112 c:windowssystem32shlwapi.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 474112 c:windowssystem32shlwapi.dll
+ 2004-08-10 18:51 . 2009-10-12 13:38 149504 c:windowssystem32rastls.dll
- 2004-08-10 18:51 . 2010-06-06 15:33 384926 c:windowssystem32perfh009.dat
+ 2004-08-10 18:51 . 2010-06-07 15:16 384926 c:windowssystem32perfh009.dat
+ 2004-08-10 18:51 . 2010-03-11 12:38 102912 c:windowssystem32occache.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 102912 c:windowssystem32occache.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 270336 c:windowssystem32oakley.dll
+ 2004-08-10 18:51 . 2009-10-13 10:30 270336 c:windowssystem32oakley.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 671232 c:windowssystem32mstime.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 671232 c:windowssystem32mstime.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 193024 c:windowssystem32msrating.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 193024 c:windowssystem32msrating.dll
+ 2004-08-10 19:01 . 2009-12-16 18:43 343040 c:windowssystem32mspaint.exe
- 2004-08-10 19:01 . 2008-04-14 10:42 343040 c:windowssystem32mspaint.exe
- 2004-08-10 18:51 . 2009-08-29 07:36 477696 c:windowssystem32mshtmled.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 477696 c:windowssystem32mshtmled.dll
- 2006-11-08 01:03 . 2009-08-29 07:36 459264 c:windowssystem32msfeeds.dll
+ 2006-11-08 01:03 . 2010-03-11 12:38 459264 c:windowssystem32msfeeds.dll
+ 2004-08-10 19:02 . 2010-01-29 15:01 691712 c:windowssystem32inetcomm.dll
- 2004-08-10 19:02 . 2008-04-11 19:04 691712 c:windowssystem32inetcomm.dll
+ 2006-10-17 15:57 . 2010-03-11 12:38 268288 c:windowssystem32iertutil.dll
- 2006-10-17 15:57 . 2009-08-29 07:36 268288 c:windowssystem32iertutil.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 192512 c:windowssystem32iepeers.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 385024 c:windowssystem32iedkcs32.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 385024 c:windowssystem32iedkcs32.dll
+ 2006-10-17 15:27 . 2010-03-11 12:38 380928 c:windowssystem32ieapfltr.dll
- 2006-10-17 15:27 . 2009-08-29 07:36 380928 c:windowssystem32ieapfltr.dll
- 2004-08-10 18:51 . 2009-08-27 05:18 161792 c:windowssystem32ieakui.dll
+ 2004-08-10 18:51 . 2010-02-23 05:18 161792 c:windowssystem32ieakui.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 230400 c:windowssystem32ieaksie.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 230400 c:windowssystem32ieaksie.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 153088 c:windowssystem32ieakeng.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 153088 c:windowssystem32ieakeng.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 133120 c:windowssystem32extmgr.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 133120 c:windowssystem32extmgr.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 214528 c:windowssystem32dxtrans.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 214528 c:windowssystem32dxtrans.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 347136 c:windowssystem32dxtmsft.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 347136 c:windowssystem32dxtmsft.dll
+ 2004-08-10 18:51 . 2010-02-11 12:02 226880 c:windowssystem32driverstcpip6.sys
+ 2004-08-10 18:51 . 2009-12-31 16:50 353792 c:windowssystem32driverssrv.sys
+ 2004-08-10 18:51 . 2010-02-24 13:11 455680 c:windowssystem32driversmrxsmb.sys
+ 2009-06-18 23:48 . 2009-12-02 19:23 149040 c:windowssystem32driversMpFilter.sys
+ 2004-08-04 05:00 . 2009-10-20 16:20 265728 c:windowssystem32drivershttp.sys
+ 2009-12-24 06:59 . 2009-12-24 06:59 177664 c:windowssystem32dllcachewintrust.dll
+ 2006-12-15 00:11 . 2010-03-11 12:38 832512 c:windowssystem32dllcachewininet.dll
- 2006-12-15 00:11 . 2009-08-29 07:36 832512 c:windowssystem32dllcachewininet.dll
+ 2008-12-16 12:30 . 2009-08-25 09:17 354816 c:windowssystem32dllcachewinhttp.dll
+ 2006-11-08 01:03 . 2010-03-11 12:38 233472 c:windowssystem32dllcachewebcheck.dll
- 2006-11-08 01:03 . 2009-08-29 07:36 233472 c:windowssystem32dllcachewebcheck.dll
+ 2008-05-09 10:53 . 2010-03-09 11:09 430080 c:windowssystem32dllcachevbscript.dll
- 2008-05-09 10:53 . 2008-05-09 10:53 430080 c:windowssystem32dllcachevbscript.dll
- 2006-10-17 16:05 . 2009-08-29 07:36 105984 c:windowssystem32dllcacheurl.dll
+ 2006-10-17 16:05 . 2010-03-11 12:38 105984 c:windowssystem32dllcacheurl.dll
+ 2004-08-10 18:51 . 2010-02-11 12:02 226880 c:windowssystem32dllcachetcpip6.sys
+ 2004-08-10 18:51 . 2009-10-15 16:28 119808 c:windowssystem32dllcachet2embed.dll
- 2004-08-10 18:51 . 2009-06-16 14:36 119808 c:windowssystem32dllcachet2embed.dll
+ 2008-10-15 23:59 . 2009-12-31 16:50 353792 c:windowssystem32dllcachesrv.sys
+ 2009-12-08 09:23 . 2009-12-08 09:23 474112 c:windowssystem32dllcacheshlwapi.dll
+ 2009-10-12 13:38 . 2009-10-12 13:38 149504 c:windowssystem32dllcacherastls.dll
+ 2006-10-17 16:04 . 2010-03-11 12:38 102912 c:windowssystem32dllcacheoccache.dll
- 2006-10-17 16:04 . 2009-08-29 07:36 102912 c:windowssystem32dllcacheoccache.dll
- 2004-08-10 18:51 . 2008-04-14 10:42 270336 c:windowssystem32dllcacheoakley.dll
+ 2004-08-10 18:51 . 2009-10-13 10:30 270336 c:windowssystem32dllcacheoakley.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 671232 c:windowssystem32dllcachemstime.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 671232 c:windowssystem32dllcachemstime.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 193024 c:windowssystem32dllcachemsrating.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 193024 c:windowssystem32dllcachemsrating.dll
+ 2004-08-10 19:01 . 2009-12-16 18:43 343040 c:windowssystem32dllcachemspaint.exe
- 2004-08-10 19:01 . 2008-04-14 10:42 343040 c:windowssystem32dllcachemspaint.exe
+ 2006-12-15 00:11 . 2010-03-11 12:38 477696 c:windowssystem32dllcachemshtmled.dll
- 2006-12-15 00:11 . 2009-08-29 07:36 477696 c:windowssystem32dllcachemshtmled.dll
- 2007-05-09 16:28 . 2009-08-29 07:36 459264 c:windowssystem32dllcachemsfeeds.dll
+ 2007-05-09 16:28 . 2010-03-11 12:38 459264 c:windowssystem32dllcachemsfeeds.dll
+ 2008-11-12 22:45 . 2010-02-24 13:11 455680 c:windowssystem32dllcachemrxsmb.sys
+ 2004-08-10 19:02 . 2010-01-29 15:01 691712 c:windowssystem32dllcacheinetcomm.dll
- 2004-08-10 19:02 . 2008-04-11 19:04 691712 c:windowssystem32dllcacheinetcomm.dll
- 2006-10-17 16:04 . 2009-08-27 05:18 634648 c:windowssystem32dllcacheiexplore.exe
+ 2006-10-17 16:04 . 2010-02-23 05:20 634648 c:windowssystem32dllcacheiexplore.exe
+ 2007-05-09 16:28 . 2010-03-11 12:38 268288 c:windowssystem32dllcacheiertutil.dll
- 2007-05-09 16:28 . 2009-08-29 07:36 268288 c:windowssystem32dllcacheiertutil.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 192512 c:windowssystem32dllcacheiepeers.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 385024 c:windowssystem32dllcacheiedkcs32.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 385024 c:windowssystem32dllcacheiedkcs32.dll
+ 2007-05-09 16:28 . 2010-03-11 12:38 380928 c:windowssystem32dllcacheieapfltr.dll
- 2007-05-09 16:28 . 2009-08-29 07:36 380928 c:windowssystem32dllcacheieapfltr.dll
+ 2004-08-10 18:51 . 2010-02-23 05:18 161792 c:windowssystem32dllcacheieakui.dll
- 2004-08-10 18:51 . 2009-08-27 05:18 161792 c:windowssystem32dllcacheieakui.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 230400 c:windowssystem32dllcacheieaksie.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 230400 c:windowssystem32dllcacheieaksie.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 153088 c:windowssystem32dllcacheieakeng.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 153088 c:windowssystem32dllcacheieakeng.dll
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:windowssystem32dllcachehttp.sys
+ 2004-08-10 18:51 . 2010-03-11 12:38 133120 c:windowssystem32dllcacheextmgr.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 133120 c:windowssystem32dllcacheextmgr.dll
- 2006-12-15 00:11 . 2009-08-29 07:36 214528 c:windowssystem32dllcachedxtrans.dll
+ 2006-12-15 00:11 . 2010-03-11 12:38 214528 c:windowssystem32dllcachedxtrans.dll
- 2006-12-15 00:11 . 2009-08-29 07:36 347136 c:windowssystem32dllcachedxtmsft.dll
+ 2006-12-15 00:11 . 2010-03-11 12:38 347136 c:windowssystem32dllcachedxtmsft.dll
+ 2006-11-07 07:26 . 2010-03-11 12:38 124928 c:windowssystem32dllcacheadvpack.dll
- 2006-11-07 07:26 . 2009-08-29 07:36 124928 c:windowssystem32dllcacheadvpack.dll
+ 2004-08-10 18:50 . 2009-11-21 15:51 471552 c:windowssystem32dllcacheaclayers.dll
+ 2004-08-10 18:50 . 2010-02-12 04:33 100864 c:windowssystem32dllcache6to4svc.dll
- 2004-08-10 18:50 . 2009-08-29 07:36 124928 c:windowssystem32advpack.dll
+ 2004-08-10 18:50 . 2010-03-11 12:38 124928 c:windowssystem32advpack.dll
+ 2004-08-10 18:50 . 2010-02-12 04:33 100864 c:windowssystem326to4svc.dll
+ 2009-09-09 19:40 . 2009-09-09 19:40 632320 c:windowsInstaller4de6b0.msp
+ 2010-06-07 01:22 . 2010-06-07 01:22 272384 c:windowsInstaller4de652.msi
+ 2010-06-07 01:21 . 2010-06-07 01:21 254976 c:windowsInstaller4de632.msi
- 2006-12-15 00:29 . 2009-11-11 22:12 409600 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}xlicons.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 409600 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}xlicons.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 286720 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}wordicon.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 286720 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}wordicon.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 249856 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}pptico.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 249856 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}pptico.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 794624 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}outicon.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 794624 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}outicon.exe
+ 2006-12-15 00:29 . 2010-06-07 01:32 135168 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}misc.exe
- 2006-12-15 00:29 . 2009-11-11 22:12 135168 c:windowsInstaller{91CA0409-6000-11D3-8CFE-0150048383C9}misc.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 409600 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}xlicons.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 409600 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}xlicons.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 286720 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}wordicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 286720 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}wordicon.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 249856 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}pptico.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 249856 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}pptico.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 794624 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}outicon.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 794624 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}outicon.exe
+ 2007-03-14 00:56 . 2010-06-07 01:32 135168 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}misc.exe
- 2007-03-14 00:56 . 2009-11-11 22:13 135168 c:windowsInstaller{91120409-6000-11D3-8CFE-0150048383C9}misc.exe
+ 2008-08-18 12:19 . 2010-06-07 01:20 135168 c:windowsInstaller{90840409-6000-11D3-8CFE-0150048383C9}misc.exe
- 2008-08-18 12:19 . 2009-11-11 22:13 135168 c:windowsInstaller{90840409-6000-11D3-8CFE-0150048383C9}misc.exe
- 2006-12-15 00:26 . 2009-11-06 03:27 184320 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2006-12-15 00:26 . 2010-06-07 01:20 184320 c:windowsInstaller{6D52C408-B09A-4520-9B18-475B81D393F1}_9FA356B1395F_4530_8CB3_946ED0B3291E.exe
+ 2007-05-10 19:35 . 2007-05-10 19:35 120160 c:windowsInstaller$PatchCache$Managed9040AC1900063D11C8EF10054038389C11.0.8173MSCONV97.DLL
+ 2010-06-07 01:18 . 2009-08-29 07:36 832512 c:windowsie7updatesKB980182-IE7wininet.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 233472 c:windowsie7updatesKB980182-IE7webcheck.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 105984 c:windowsie7updatesKB980182-IE7url.dll
+ 2010-06-07 01:18 . 2009-05-26 11:40 382840 c:windowsie7updatesKB980182-IE7spuninstupdspapi.dll
+ 2010-06-07 01:18 . 2009-05-26 11:40 231288 c:windowsie7updatesKB980182-IE7spuninstspuninst.exe
+ 2010-06-07 01:18 . 2009-08-29 07:36 102912 c:windowsie7updatesKB980182-IE7occache.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 671232 c:windowsie7updatesKB980182-IE7mstime.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 193024 c:windowsie7updatesKB980182-IE7msrating.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 477696 c:windowsie7updatesKB980182-IE7mshtmled.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 459264 c:windowsie7updatesKB980182-IE7msfeeds.dll
+ 2010-06-07 01:18 . 2009-08-27 05:18 634648 c:windowsie7updatesKB980182-IE7iexplore.exe
+ 2010-06-07 01:18 . 2009-08-29 07:36 268288 c:windowsie7updatesKB980182-IE7iertutil.dll
+ 2010-06-07 01:18 . 2006-11-08 01:03 191488 c:windowsie7updatesKB980182-IE7iepeers.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 385024 c:windowsie7updatesKB980182-IE7iedkcs32.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 380928 c:windowsie7updatesKB980182-IE7ieapfltr.dll
+ 2010-06-07 01:18 . 2009-08-27 05:18 161792 c:windowsie7updatesKB980182-IE7ieakui.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 230400 c:windowsie7updatesKB980182-IE7ieaksie.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 153088 c:windowsie7updatesKB980182-IE7ieakeng.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 133120 c:windowsie7updatesKB980182-IE7extmgr.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 214528 c:windowsie7updatesKB980182-IE7dxtrans.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 347136 c:windowsie7updatesKB980182-IE7dxtmsft.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 124928 c:windowsie7updatesKB980182-IE7advpack.dll
+ 2008-11-12 22:45 . 2010-02-24 13:11 455680 c:windowsDriver Cachei386mrxsmb.sys
+ 2009-10-20 16:20 . 2009-10-20 16:20 265728 c:windowsDriver Cachei386http.sys
+ 2004-08-10 18:50 . 2009-11-21 15:51 471552 c:windowsAppPatchaclayers.dll
+ 2004-08-10 18:51 . 2010-03-11 12:38 1168384 c:windowssystem32urlmon.dll
- 2004-08-10 18:51 . 2009-08-29 07:36 1168384 c:windowssystem32urlmon.dll
+ 2004-08-10 18:51 . 2009-11-27 17:11 1291776 c:windowssystem32quartz.dll
+ 2004-08-10 18:51 . 2010-02-16 14:08 2146304 c:windowssystem32ntoskrnl.exe
+ 2004-08-04 04:59 . 2010-02-16 13:25 2024448 c:windowssystem32ntkrnlpa.exe
+ 2004-08-10 18:51 . 2010-03-11 12:38 3599872 c:windowssystem32mshtml.dll
- 2006-11-08 01:03 . 2009-08-29 07:36 6067200 c:windowssystem32ieframe.dll
+ 2006-11-08 01:03 . 2010-03-11 12:38 6067200 c:windowssystem32ieframe.dll
+ 2006-12-15 00:11 . 2010-03-11 12:38 1168384 c:windowssystem32dllcacheurlmon.dll
- 2006-12-15 00:11 . 2009-08-29 07:36 1168384 c:windowssystem32dllcacheurlmon.dll
+ 2004-08-10 18:51 . 2009-11-27 17:11 1291776 c:windowssystem32dllcachequartz.dll
+ 2008-10-15 23:57 . 2010-02-17 13:10 2189952 c:windowssystem32dllcachentoskrnl.exe
+ 2008-10-15 23:57 . 2010-02-16 13:25 2024448 c:windowssystem32dllcachentkrpamp.exe
+ 2008-10-15 23:57 . 2010-02-16 13:25 2066816 c:windowssystem32dllcachentkrnlpa.exe
+ 2008-10-15 23:57 . 2010-02-16 14:08 2146304 c:windowssystem32dllcachentkrnlmp.exe
+ 2004-08-10 19:02 . 2010-01-29 15:01 1315328 c:windowssystem32dllcachemsoe.dll
- 2004-08-10 19:02 . 2009-07-10 13:27 1315328 c:windowssystem32dllcachemsoe.dll
+ 2006-07-28 10:28 . 2010-03-11 12:38 3599872 c:windowssystem32dllcachemshtml.dll
+ 2004-08-10 19:02 . 2009-10-23 15:28 3558912 c:windowssystem32dllcachemoviemk.exe
- 2004-08-10 19:02 . 2008-04-14 10:42 3558912 c:windowssystem32dllcachemoviemk.exe
- 2007-05-09 16:28 . 2009-08-29 07:36 6067200 c:windowssystem32dllcacheieframe.dll
+ 2007-05-09 16:28 . 2010-03-11 12:38 6067200 c:windowssystem32dllcacheieframe.dll
+ 2009-10-16 22:07 . 2009-10-16 22:07 6115328 c:windowsInstaller4de6da.msp
+ 2010-04-21 21:46 . 2010-04-21 21:46 5522432 c:windowsInstaller4de68e.msp
+ 2010-01-27 21:53 . 2010-01-27 21:53 6820864 c:windowsInstaller4de66c.msp
+ 2009-12-17 02:58 . 2009-12-17 02:58 5382144 c:windowsInstaller4de611.msp
+ 2009-12-12 02:00 . 2009-12-12 02:00 2705920 c:windowsInstaller4de5fb.msp
+ 2010-02-21 05:00 . 2010-02-21 05:00 8480768 c:windowsInstaller4de5f2.msp
+ 2009-11-17 22:29 . 2009-11-17 22:29 4870656 c:windowsInstaller4de5eb.msp
+ 2010-01-19 22:29 . 2010-01-19 22:29 5050368 c:windowsInstaller4de5cb.msp
+ 2010-03-12 01:16 . 2010-03-12 01:16 4148224 c:windowsInstaller4de5b7.msp
+ 2007-05-09 21:19 . 2007-05-09 21:19 2585936 c:windowsInstaller$PatchCache$Managed9040AC1900063D11C8EF10054038389C11.0.8173VBE6.DLL
+ 2007-04-19 18:49 . 2007-04-19 18:49 1661280 c:windowsInstaller$PatchCache$Managed9040AC1900063D11C8EF10054038389C11.0.8173PPTVIEW.EXE
+ 2010-06-07 01:18 . 2009-08-29 07:36 1168384 c:windowsie7updatesKB980182-IE7urlmon.dll
+ 2010-06-07 01:18 . 2009-10-21 04:08 3598336 c:windowsie7updatesKB980182-IE7mshtml.dll
+ 2010-06-07 01:18 . 2009-08-29 07:36 6067200 c:windowsie7updatesKB980182-IE7ieframe.dll
+ 2008-10-15 23:57 . 2010-02-17 13:10 2189952 c:windowsDriver Cachei386ntoskrnl.exe
+ 2008-10-15 23:57 . 2010-02-16 13:25 2024448 c:windowsDriver Cachei386ntkrpamp.exe
+ 2008-10-15 23:57 . 2010-02-16 13:25 2066816 c:windowsDriver Cachei386ntkrnlpa.exe
+ 2008-10-15 23:57 . 2010-02-16 14:08 2146304 c:windowsDriver Cachei386ntkrnlmp.exe
+ 2010-06-07 01:29 . 2010-04-30 15:51 32058312 c:windowssystem32MRT.exe
+ 2010-03-22 20:03 . 2010-03-22 20:03 11732992 c:windowsInstaller4de6c7.msp
+ 2010-06-07 01:22 . 2010-06-07 01:22 20242432 c:windowsInstaller4de65a.msp
+ 2009-04-03 23:46 . 2009-04-03 23:46 17314688 c:windowsInstaller$PatchCache$Managed0002109020090400000000000F01FEC12.0.6425MSO.DLL
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"DellSupport"="c:program filesDell SupportDSAgnt.exe" [2006-08-29 395776]
"swg"="c:program filesGoogleGoogleToolbarNotifierGoogleToolbarNotifier.exe" [2007-06-13 68856]
"ctfmon.exe"="c:windowssystem32ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"Motive SmartBridge"="c:progra~1SBCSEL~1SMARTB~1MotiveSB.exe" [2005-08-24 442455]
"HP Software Update"="c:program filesHPHP Software UpdateHPWuSchd2.exe" [2004-09-13 49152]
"DLA"="c:windowsSystem32DLADLACTRLW.EXE" [2005-09-08 122940]
"MSSE"="c:program filesMicrosoft Security Essentialsmsseces.exe" [2010-02-21 1093208]
"QuickTime Task"="c:program filesQuickTimeqttask.exe" [2006-12-15 98304]

[HKEY_USERS.DEFAULTSoftwareMicrosoftWindowsCurrentVersionRun]
"DWQueuedReporting"="c:progra~1COMMON~1MICROS~1DWdwtrig20.exe" [2007-02-26 437160]

c:documents and settingsAll UsersStart MenuProgramsStartup
HP Digital Imaging Monitor.lnk - c:program filesHPDigital Imagingbinhpqtra08.exe [2004-11-4 258048]
HP Image Zone Fast Start.lnk - c:program filesHPDigital Imagingbinhpqthb08.exe [2004-11-4 53248]
SBC Self Support Tool.lnk - c:program filesSBC Self Support Toolbinmatcli.exe [2007-4-9 217088]

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalMsMpSvc]
@="Service"

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupAmerica Online 9.0 Tray Icon.lnk
backup=c:windowspssAmerica Online 9.0 Tray Icon.lnkCommon Startup

[HKLM~startupfolderC:^Documents and Settings^All Users^Start Menu^Programs^Startup^ymetray.lnk]
path=c:documents and settingsAll UsersStart MenuProgramsStartupymetray.lnk
backup=c:windowspssymetray.lnkCommon Startup

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregATICCC]
2006-01-02 23:41 45056 -c--a-w- c:program filesATI TechnologiesATI.ACECLI.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregccleaner]
2008-12-19 18:28 1434864 -c--a-w- c:program filesCCleanerCCleaner.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregctfmon.exe]
2008-04-14 10:42 15360 ----a-w- c:windowssystem32ctfmon.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDellSupport]
2006-08-29 03:57 395776 ----a-w- c:program filesDell SupportDSAgnt.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregDellSupportCenter]
2008-08-13 22:32 206064 -c--a-w- c:program filesDell Support Centerbinsprtcmd.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSPM Startup]
2004-07-27 22:50 221184 -c--a-w- c:progra~1COMMON~1INSTAL~1UPDATE~1ISUSPM.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregISUSScheduler]
2004-07-27 22:50 81920 -c--a-w- c:program filesCommon FilesInstallShieldUpdateServiceissch.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregMSMSGS]
2008-04-14 10:42 1695232 ----a-w- c:program filesMessengermsmsgs.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigstartupregSigmatelSysTrayApp]
2006-08-15 09:00 282624 -c--a-w- c:windowsstsystra.exe

[HKEY_LOCAL_MACHINEsoftwaremicrosoftshared toolsmsconfigservices]
"Symantec Core LC"=3 (0x3)
"sprtsvc_dellsupportcenter"=2 (0x2)
"MDM"=2 (0x2)
"LiveUpdate Notice"=2 (0x2)
"LiveUpdate"=3 (0x3)
"gusvc"=3 (0x3)
"FreezeScreenSaver"=2 (0x2)
"CLTNetCnService"=2 (0x2)
"CD_Proxy"=2 (0x2)
"ccSetMgr"=2 (0x2)
"ccEvtMgr"=2 (0x2)
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"Automatic LiveUpdate Scheduler"=2 (0x2)
"Ati HotKey Poller"=2 (0x2)
"AOL ACS"=2 (0x2)
"$sys$DRMServer"=2 (0x2)

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity center]
"AntiVirusOverride"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINEsoftwaremicrosoftsecurity centerMonitoringSymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM~servicessharedaccessparametersfirewallpolicystandardprofileAuthorizedApplicationsList]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\WINDOWS\system32\wbem\unsecapp.exe"=
"c:\WINDOWS\system32\HPZipm12.exe"=
"c:\WINDOWS\system32\wbem\wmiprvse.exe"=
"c:\WINDOWS\system32\spoolsv.exe"=
"c:\Program Files\Microsoft Security Essentials\msseces.exe"=
"c:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe"=
"c:\Program Files\HP\HP Software Update\hpwuSchd2.exe"=

R0 $sys$cor;$sys$cor;c:windowssystem32drivers$sys$cor.sys [10/6/2004 10:11 AM 18432]
R1 $sys$crater;$sys$crater;c:windowssystem32$sys$filesystemcrater.sys [10/7/2004 3:57 AM 11904]
S0 Lbd;Lbd;c:windowssystem32DRIVERSLbd.sys --> c:windowssystem32DRIVERSLbd.sys [?]
S2 gupdate;Google Update Service (gupdate);c:program filesGoogleUpdateGoogleUpdate.exe [6/6/2010 12:10 PM 136176]
.
Contents of the 'Scheduled Tasks' folder

2010-06-07 c:windowsTasksGoogleUpdateTaskMachineCore.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-06 16:10]

2010-06-07 c:windowsTasksGoogleUpdateTaskMachineUA.job
- c:program filesGoogleUpdateGoogleUpdate.exe [2010-06-06 16:10]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyServer = http=127.0.0.1:5555
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:progra~1MI1933~1OFFICE11EXCEL.EXE/3000
IE: Google Sidewiki... - c:program filesGoogleGoogle ToolbarComponentGoogleToolbarDynamic_mui_en_2EC7709873947E87.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
FF - ProfilePath - c:documents and settingsMarlaApplication DataMozillaFirefoxProfiles7gld5amp.default
FF - prefs.js: browser.startup.homepage - [You must be registered and logged in to see this link.]
FF - plugin: c:program filesGoogleUpdate1.2.183.23npGoogleOneClick8.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnp-mswmp.dll
FF - plugin: c:program filesMozilla FirefoxpluginsNPSFDMGR.dll
FF - plugin: c:program filesMozilla Firefoxpluginsnpunagi2.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-06-07 15:51
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERSS-1-5-21-2353383158-389931355-32074981-1008SoftwareMicrosoftSystemCertificatesAddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2544)
c:windowssystem32WININET.dll
c:progra~1SBCSEL~1SMARTB~1SBHook.dll
c:windowssystem32ieframe.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesMicrosoft Security EssentialsMsMpEng.exe
c:program filesCommon FilesMicrosoft SharedVS7DEBUGMDM.EXE
c:windowssystem32HPZipm12.exe
c:windowssystem32wdfmgr.exe
c:program filesSBC Self Support Toolbinmpbtn.exe
c:program filesHPDigital Imagingbinhpqgalry.exe
.
**************************************************************************
.
Completion time: 2010-06-07 15:54:38 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-07 19:54
ComboFix2.txt 2010-06-07 00:03

Pre-Run: 137,889,366,016 bytes free
Post-Run: 138,348,580,864 bytes free

- - End Of File - - AE1EE1B7022C14E79D76375BBEAD1287

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 8:19 pm

c:windowssystem32815EB9553.sys appears to be a update file

How are things now?

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 8:22 pm

Things are running smoothly, no internet sign on issues or mysterious program blocking.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 8:25 pm

Be sure to use [You must be registered and logged in to see this link.]

Your Computer is Clean
[You must be registered and logged in to see this link.]





Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware


  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  • Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)

  • Please follow the prompts to uninstall Combofix.
  • You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.], both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding [You must be registered and logged in to see this link.] and [You must be registered and logged in to see this link.]

Noscript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.


Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit [You must be registered and logged in to see this link.] regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

[You must be registered and logged in to see this link.]- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

[You must be registered and logged in to see this link.]- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

[You must be registered and logged in to see this link.] Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]

Also, see here for system improvement: [You must be registered and logged in to see this link.]


It was a pleasure working with you.



Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 8:33 pm

actually we have ran into an issue, the Mozilla Firefox as stopped working even though we are connected to the internet.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 8:46 pm

Remove the Proxy setting in Internet Explorer and/or in FireFox.

In Internet Explorer

1.Tools Menu -> Internet Options -> Connections Tab -> Lan Settings > uncheck "use a proxy server" or reconfigure the Proxy server again in case you have set it previously.


In Firefox

1.Tools Menu -> Options... -> Advanced Tab -> Network Tab -> "Settings" under Connection > Choose "No Proxy"

2.Click the apply button and restart that computer in normal mode.

And let me know?

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 8:53 pm

both things were already unchecked, but the browser is working now. It nay have been an internet issue after all. We have a weak server it seems..

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 7th June 2010, 9:01 pm

Lets do a scan to make sure nothing is hiding in my doc folder.

ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however may need to disable your current installed Anti-Virus, how to do so can be read [You must be registered and logged in to see this link.].


  • Please go [You must be registered and logged in to see this link.] then click on:
  • Select the option YES, I accept the Terms of Use then click on:
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:


    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology

  • Now click on:
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on:
  • Use notepad to open the logfile located at C:Program FilesESETEsetOnlineScannerlog.txt.
  • Copy and paste that log as a reply to this topic.

Note: Do not forget to re-enable your Anti-Virus application after running the above scan!

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 7th June 2010, 11:36 pm

I believe these are the logs you wanted.

C:QooboxQuarantineCDocuments and SettingsMarlaLocal SettingsApplication Datacsrttxhaffqhaesotssd.exe.vir a variant of Win32/Injector.BXP trojan
C:QooboxQuarantineCDocuments and SettingsMarlaLocal SettingsApplication Datalslutfghcfidbxgetssd.exe.vir a variant of Win32/Injector.BXP trojan
C:QooboxQuarantineCWINDOWSsystem32gepesiso.dll.vir a variant of Win32/Kryptik.DCQ trojan
C:QooboxQuarantineCWINDOWSsystem32jepazeje.dll.vir a variant of Win32/Kryptik.BGQ trojan
C:QooboxQuarantineCWINDOWSsystem32wamejulu.dll.vir a variant of Win32/Kryptik.DCQ trojan
C:QooboxQuarantineCWINDOWSsystem32wogutopa.dll.vir a variant of Win32/Kryptik.BNX trojan
C:QooboxQuarantineCWINDOWSsystem32yoharaje.dll.vir a variant of Win32/Kryptik.BGQ trojan
C:QooboxQuarantineCWINDOWSsystem32zepepewa.dll.vir a variant of Win32/Kryptik.BBO trojan
C:QooboxQuarantineCWINDOWSsystem32ziluyuda.dll.vir a variant of Win32/Kryptik.BGQ trojan
C:System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}RP408A0189280.exe a variant of Win32/Injector.BXP trojan
C:System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}RP408A0189281.exe a variant of Win32/Injector.BXP trojan
C:System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}RP408A0189287.dll a variant of Win32/Kryptik.BGQ trojan
C:System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}RP408A0189288.dll a variant of Win32/Kryptik.BBO trojan
C:System Volume Information_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}RP408A0189289.dll a variant of Win32/Kryptik.BGQ trojan

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 8th June 2010, 12:19 am

Those are Combofix and the others are in System Restore. You need to Uninstall Combofix and this will take care of those.

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by TheBlackScepter on 8th June 2010, 6:15 pm

Combofix is uninstalled now.

TheBlackScepter
Intermediate
Intermediate

Posts Posts : 117
Joined Joined : 2010-05-15
OS OS : Windows Vista
Points Points : 25827
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Anti Virus Soft on Windows XP

Post by Kenny94 on 9th June 2010, 12:32 am

Your good to go..... Smile

Kenny94
Tech Officer
Tech Officer

Posts Posts : 2019
Joined Joined : 2010-04-22
Gender Gender : Male
OS OS : Windows 7
Protection Protection : Avira/Router and Malwarebytes
Points Points : 33521
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum