Phrige

So I've tried reformatting my PC 4 times, and each time the virus returns. It seems to 'switch on' whenever I install my modem/turn on my wireless internet. When I do spyware scan right after I find im continually deleting the same spyware that the computer will re-install whenever i go online.

When i try to do a virus scan the scan will run maybe 3/4 of the way through then the computer will just restart on its own accord.

If i leave it hooked up online instead of just leaving it offline like i do now, it will reach a point, Usually in the matter of an hour where it will reboot itself and completely corrupt Windows (I believe) for it will never load again, it will reach the windows logo with loading bar underneath then restart.. and continue in a loop like that.


Any help would be extremely Appreciated. I need to get my work computer back online.

Thanks,
Peter

Ried

Hello Peter,

For any of us to attempt to provide assistance with this, we need more information.

What is being detected and where, and by what tool?

We also need for you to begin here --> New Instructions - Read This Before Posting for Malware Removal Help and post the requested logs in your next reply.

Phrige

OK great, thanks for the info. Im a first timer

So heres the required texts, I just reformatted my computer again after it crashed when I installed the latest SpySweeper hoping it would be able to remove this virus. after sweeping about 3/4's of the way through i guess it found the virus because the computer instantly rebooted and would not load to desktop any more.


I'm currently running off of my D:/ Drive.. C:/ is 'blank' or at least supposed to be.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Peter at 12:56:47.54 on Fri 11/06/2009
Internet Explorer: 6.0.2800.1106
Microsoft Windows XP Professional 5.1.2600.1.1252.1.1033.18.3583.3303 [GMT -8:00]


============== Running Processes ===============

D:\WINDOWS\system32\svchost -k rpcss
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\ATI Multimedia\RemCtrl\ATIRW.exe
D:\WINDOWS\System32\rundll32.exe
D:\WINDOWS\System32\wpabaln.exe
D:\Program Files\Intel\PROSetWired\NCS\PROSet\PRONoMgr.exe
D:\Documents and Settings\Peter\Desktop\dds.scr

============== Pseudo HJT Report ===============

BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - d:\program files\adobe\acrobat 5.0\reader\activex\AcroIEHelper.ocx
EB: Media Band: {32683183-48a0-441b-a342-7c2a440a9478} - %SystemRoot%\System32\browseui.dll
uRun: [<NO NAME>]
uRun: [ATI Launchpad] "d:\program files\ati multimedia\main\launchpd.exe"
uRun: [ATI Remote Control] d:\program files\ati multimedia\remctrl\ATIRW.exe
mRun: [ATI DeviceDetect] d:\program files\ati multimedia\\program files\ati multimedia\main\ATIDtct.EXE
mRun: [<NO NAME>]
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [PRONoMgrWired] d:\program files\intel\prosetwired\ncs\proset\PRONoMgr.exe
mRun: [D-Link AirPlus Xtreme G] d:\program files\d-link\airplus xtreme g\AirPlusCFG.exe
mRun: [ANIWZCSService] d:\program files\alpha networks\aniwzcs service\WZCSLDR.exe
StartupFolder: d:\docume~1\alluse~1\startm~1\programs\startup\sataraid.lnk - d:\program files\silicon image\siisataraid\SATARaid.exe
IE: {c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm

============= SERVICES / DRIVERS ===============

R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;d:\windows\system32\drivers\SI3112r.sys [2009-11-6 85265]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);d:\windows\system32\drivers\A3AB.sys [2003-10-22 344800]

=============== Created Last 30 ================

2009-11-06 20:56:22 21760 -c--a-w- d:\windows\system32\dllcache\usbstor.sys
2009-11-06 20:22:25 0 d-----w- d:\windows\Profiles
2009-11-06 20:22:24 0 d-----w- d:\windows\system32\Adobe
2009-11-06 20:22:18 306688 ----a-w- d:\windows\IsUninst.exe
2009-11-06 20:21:24 36864 ----a-w- d:\windows\system32\ANIOApi.dll
2009-11-06 20:21:24 28205 ----a-w- d:\windows\system32\ANIO.sys
2009-11-06 20:21:24 15973 ----a-w- d:\windows\system32\ANIO.VXD
2009-11-06 20:21:24 11904 ----a-w- d:\windows\system32\anio4.sys
2009-11-06 20:21:24 0 d-----w- d:\program files\Alpha Networks
2009-11-06 20:21:21 0 d-----w- d:\program files\D-Link
2009-11-06 20:19:35 0 d-----w- d:\program files\Silicon Image
2009-11-06 20:19:07 9600 ----a-w- d:\windows\system32\SIWinAcc.sys
2009-11-06 20:19:07 9446 ----a-w- d:\windows\system32\Si3112r.inf
2009-11-06 20:19:07 85265 ----a-w- d:\windows\system32\Si3112r.sys
2009-11-06 20:19:07 85265 ----a-w- d:\windows\system32\Si3112r.mpd
2009-11-06 20:19:07 3063 ----a-w- d:\windows\system32\TxtSetup.oem
2009-11-06 20:19:07 20560 ----a-w- d:\windows\system32\Siisupp.vxd
2009-11-06 20:19:07 110592 ----a-w- d:\windows\system32\Instdll.dll
2009-11-06 20:19:04 9600 ----a-r- d:\windows\system32\drivers\SiWinAcc.sys
2009-11-06 20:19:04 85265 ----a-r- d:\windows\system32\drivers\SI3112r.sys
2009-11-06 20:17:59 56832 -c--a-w- d:\windows\system32\dllcache\sysaudio.sys
2009-11-06 20:17:39 0 d-----w- d:\program files\Realtek Sound Manager
2009-11-06 20:17:36 0 d-----w- d:\program files\AvRack
2009-11-06 20:16:40 0 d-----w- d:\docume~1\alluse~1\applic~1\ATI MMC
2009-11-06 20:15:39 0 d-s---w- d:\windows\system32\Microsoft
2009-11-06 20:14:54 0 d-----w- d:\windows\system32\ReinstallBackups
2009-11-06 20:13:14 9091 ------w- d:\windows\system32\drivers\atirwrf.sys
2009-11-06 20:13:14 258044 ------w- d:\windows\system32\drivers\atirwvd.sys
2009-11-06 20:12:40 0 d-----w- d:\program files\ATI Multimedia
2009-11-06 20:11:57 0 d-----w- d:\program files\msaccrt
2009-11-06 20:11:31 0 d-----w- d:\program files\Windows Media Components
2009-11-06 20:10:57 0 d-----w- d:\program files\common files\CyberLink
2009-11-06 20:10:57 0 d-----w- d:\program files\common files\ATI
2009-11-06 20:10:03 0 d-----w- d:\program files\ATI Technologies
2009-11-06 19:43:30 0 d-sh--w- d:\documents and settings\all users\DRM
2009-11-06 19:42:25 0 d-----w- d:\program files\common files\MSSoap
2009-11-06 19:41:35 0 d--h--w- d:\program files\WindowsUpdate
2009-11-06 19:41:35 0 d-----w- d:\program files\Online Services
2009-11-06 19:41:30 0 d-----w- d:\program files\Messenger
2009-11-06 19:41:26 0 d-----w- d:\program files\MSN Gaming Zone
2009-11-06 19:40:55 0 d-----w- d:\program files\Windows NT
2009-11-06 11:35:48 0 d-----w- d:\program files\common files\ODBC
2009-11-06 11:35:45 0 d-----w- d:\program files\common files\SpeechEngines
2009-11-06 11:35:18 0 d-----r- d:\documents and settings\all users\Documents

Attached Files

Attach.zip (1.6 KB, 1 views)

Ried

Please - what is it finding? What is the name of this virus?

Phrige

It didn't have a chance to display. It just reboots the computer before I have the possibility to do or see anything. The same thing happened with CA anti virus I used before. Always 3/4 into completion and the computer reboots never to start right again.

Ried

Set SpySweeper or CA to only notify you/alert you when a virus or malware is detected. Don't let it automatically fix. Tell me what it finds.

Phrige

Spysweeper doesnt have an Alert only mode. after searching through the program, all it says is its default mode is search, auto quarentine then gives user option to delete/maintain quarentine etc.

CA the problem is I have to downloaded it onto the perticular PC, I have that available through my Cable Internet Provider. But if I go online my computer will begin to re-download all kinds of nasties so thats not an option.


Is there any scanning tool I can download that you recommend? I can just throw it on a flash drive and install it on the other P.C.


Peter

Ried

Sure, we can use a stand alone scanner. This tool tends to be quite aggressive, so please be sure to configure it exactly as listed below. I do not want it to clean, I only want to see a Report of what it finds.

Download Dr.Web CureIt to the desktop:
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Doubleclick the drweb-cureit.exe file and Allow to run the express scan. This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.

• Once the short scan has finished, we need to change the default settings.
• In the Menu Bar, Go to Options>Change Settings.
• Click on the Actions tab
• Using the drop down menus, change each item under Objects and Malware to Report
• Next, mark the drives that you want to scan.
• Select all drives. A red dot shows which drives have been chosen.
• Click the green arrow at the right, and the scan will start.
• Click 'No to All' if it asks if you want to cure/move the file.
• After the scan has completed, in the Dr.Web CureIt menu on top, click File and choose Save Report List
• Save the report to your desktop. The report will be called DrWeb.csv
• Close Dr.Web Cureit.
• Post the contents of the log from Dr.Web you saved previously in your next reply.

I'm hoping I do not see Virut in any of the detections.

Phrige

Sorry for the break inbetween posts. I was having so much trouble keeping it running long enough to do anything. Having to keep reformatting it because it would get stuck in a loop of rebooting.

I sent it off to get a Low Level format with a nearby repair place. that seems to have done the trick on the reboot virus problem. The computer just seems to run slow now with a lot of processes going at all times.

I ran the Dr. Web Scan both express and full scan, no virus' came up. And I was unable to save a log. The' Save Report List' under the file menu was greyed out.

Ried

Hi Phrige,

I'd like to see a fresh set of logs please. Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

• When done, DDS will open two (2) logs
  1. DDS.txt
  2. Attach.txt
• Save both reports to your desktop.

Download GMER Rootkit Scanner from here or here.

Ensure you have uninstalled any CD Emulation programs before you run GMER as outlined above and here

• Extract the contents of the zipped file to desktop.
• Double click GMER.exe.
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
  
  
  Click the image to enlarge it
  
  
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  • Sections
  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically C:\)
  • Show All (don't miss this one)
• Then click the Scan button & wait for it to finish.
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  
• Save it where you can easily find it, such as your desktop

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries




Copy/Paste the contents of 'DDS.txt' to be posted as text to your post
The other two logs ...

* attach.txt
* ark.txt

... should be zipped/archived before attaching to the post

Phrige

Thank you for the fast reply.. heres the DDS Scan log, and the attach.zip


-Peter
DDS (Ver_09-11-29.01) - NTFSx86
Run by Administrator at 22:02:01.21 on Sat 11/28/2009
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3583.2837 [GMT -5:00]

AV: CA Anti-Virus *On-access scanning disabled* (Outdated) {17CFD1EA-56CF-40B5-A06B-BD3A27397C93}
FW: CA Personal Firewall *disabled* {14CB4B80-8E52-45EA-905E-67C1267B4160}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe
C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\ISafe.exe
C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\VetMsg.exe
C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Virus\CAVRID.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-6.0.1.33\QOELoader.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [SoundMan] "SOUNDMAN.EXE"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [NeroCheck] "c:\windows\system32\NeroCheck.exe"
mRun: [cctray] "c:\program files\ca\ca internet security suite\cctray\cctray.exe"
mRun: [CAVRID] "c:\program files\ca\ca internet security suite\ca anti-virus\CAVRID.exe"
mRun: [QOELOADER] "c:\program files\ca\ca internet security suite\ca anti-spam\qsp-6.0.1.33\QOELoader.exe"
mRun: [cafw] c:\program files\ca\ca internet security suite\ca personal firewall\cafw.exe -cl
mRun: [capfasem] c:\program files\ca\ca internet security suite\ca personal firewall\capfasem.exe
mRun: [capfupgrade] c:\program files\ca\ca internet security suite\ca personal firewall\capfupgrade.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\web2~1\office12\REFIEBAR.DLL
LSP: c:\windows\system32\VetRedir.dll
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1259045490656
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll
Notify: PFW - UmxWnp.Dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R0 KmxStart;KmxStart;c:\windows\system32\drivers\KmxStart.sys [2008-3-19 93712]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;c:\windows\system32\drivers\SI3112r.sys [2007-8-29 116264]
R1 KmxAgent;KmxAgent;c:\windows\system32\drivers\KmxAgent.sys [2008-3-21 63504]
R1 KmxFile;KmxFile;c:\windows\system32\drivers\KmxFile.sys [2008-3-21 45584]
R1 KmxFw;KmxFw;c:\windows\system32\drivers\KmxFw.sys [2008-3-19 115216]
R1 VET-FILT;VET File System Filter;c:\windows\system32\drivers\vet-filt.sys [2009-11-27 26352]
R1 VET-REC;VET File System Recognizer;c:\windows\system32\drivers\vet-rec.sys [2009-11-27 21104]
R1 VETEFILE;VET File Scan Engine;c:\windows\system32\drivers\vetefile.sys [2009-11-27 739696]
R1 VETFDDNT;VET Floppy Boot Sector Monitor;c:\windows\system32\drivers\vetfddnt.sys [2009-11-27 21488]
R1 VETMONNT;VET File Monitor;c:\windows\system32\drivers\vetmonnt.sys [2009-11-27 161008]
R2 CAISafe;CAISafe;c:\program files\ca\ca internet security suite\ca anti-virus\isafe.exe [2009-11-27 144696]
R2 KmxCF;KmxCF;c:\windows\system32\drivers\KmxCF.sys [2008-6-4 134648]
R2 KmxSbx;KmxSbx;c:\windows\system32\drivers\KmxSbx.sys [2008-3-21 66576]
R2 UmxAgent;HIPS Event Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxAgent.exe [2007-10-18 1010192]
R2 UmxCfg;HIPS Configuration Interpreter;c:\program files\ca\sharedcomponents\hipsengine\UmxCfg.exe [2007-10-18 801296]
R2 UmxPol;HIPS Policy Manager;c:\program files\ca\sharedcomponents\hipsengine\UmxPol.exe [2008-4-15 281104]
R2 VETMSGNT;VET Message Service;c:\program files\ca\ca internet security suite\ca anti-virus\vetmsg.exe [2009-11-27 255216]
R3 A3AB;D-Link AirPro 802.11a/b Wireless Adapter Service(A3AB);c:\windows\system32\drivers\A3AB.sys [2007-5-23 547744]
R3 KmxCfg;KmxCfg;c:\windows\system32\drivers\KmxCfg.sys [2008-5-30 88816]
R3 PPCtlPriv;PPCtlPriv;c:\program files\ca\ca internet security suite\ca anti-spyware\PPCtlPriv.exe [2009-11-27 185584]
R3 VETEBOOT;VET Boot Scan Engine;c:\windows\system32\drivers\veteboot.sys [2009-11-27 133520]
S2 gupdate1ca6d59bb2a8b88;Google Update Service (gupdate1ca6d59bb2a8b88);c:\program files\google\update\GoogleUpdate.exe [2009-11-24 133104]

=============== Created Last 30 ================

2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k7
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k6
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k5
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k4
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k3
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k2
2009-11-28 06:11:10 64 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k1
2009-11-28 06:11:10 50840 ----a-w- c:\windows\system32\drivers\kmxcfg.u2k0
2009-11-28 03:43:40 0 d--h--w- C:\BJPrinter
2009-11-28 03:43:38 7680 ----a-w- c:\windows\system32\CNMVS6s.DLL
2009-11-28 03:43:38 116736 ----a-w- c:\windows\system32\CNMLM6s.DLL
2009-11-28 03:43:28 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2009-11-28 03:43:28 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2009-11-28 03:42:42 0 d-----w- c:\program files\Canon
2009-11-28 03:42:35 94208 ----a-w- c:\windows\system32\CNCL130.DLL
2009-11-28 03:42:35 90112 ----a-w- c:\windows\system32\CNCI130.DLL
2009-11-28 03:42:35 557056 ----a-w- c:\windows\system32\CNCC130.DLL
2009-11-28 03:42:35 49152 ----a-w- c:\windows\system32\cncisco.dll
2009-11-28 03:42:35 389180 ----a-w- c:\windows\system32\UCS32P.DLL
2009-11-28 03:42:34 0 d--h--w- C:\CanonMP
2009-11-28 03:35:51 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-11-28 03:35:51 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-11-28 03:35:04 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-11-28 03:35:04 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-11-27 18:31:17 0 d-----w- c:\documents and settings\administrator\DoctorWeb
2009-11-27 17:43:36 0 d-----w- c:\windows\CAVTemp
2009-11-27 17:32:23 0 d-----w- c:\windows\Downloaded Installations
2009-11-27 17:32:22 250544 ----a-w- c:\windows\system32\KeyHelp.ocx
2009-11-27 17:32:22 0 d-----w- c:\program files\common files\Scanner
2009-11-27 17:32:20 99568 ----a-w- c:\windows\system32\isafeif.dll
2009-11-27 17:32:20 91376 ----a-w- c:\windows\system32\isafprod.dll
2009-11-27 17:32:20 83256 ----a-w- c:\windows\system32\vetredir.dll
2009-11-27 17:32:20 739696 ----a-w- c:\windows\system32\drivers\vetefile.sys
2009-11-27 17:32:20 26352 ----a-w- c:\windows\system32\drivers\vet-filt.sys
2009-11-27 17:32:20 21488 ----a-w- c:\windows\system32\drivers\vetfddnt.sys
2009-11-27 17:32:20 21104 ----a-w- c:\windows\system32\drivers\vet-rec.sys
2009-11-27 17:32:20 161008 ----a-w- c:\windows\system32\drivers\vetmonnt.sys
2009-11-27 17:32:20 133520 ----a-w- c:\windows\system32\drivers\veteboot.sys
2009-11-27 17:32:14 0 d-----w- c:\docume~1\alluse~1\applic~1\CA
2009-11-27 17:32:13 0 d-----w- c:\program files\CA
2009-11-27 17:24:10 0 d-----w- c:\windows\system32\appmgmt
2009-11-27 00:17:23 306688 ----a-w- c:\windows\IsUninst.exe
2009-11-26 19:54:49 169 ----a-w- c:\windows\RtlRack.ini
2009-11-26 00:15:29 89184 ----a-r- c:\windows\system32\drivers\imagedrv.sys
2009-11-26 00:15:29 57344 ----a-r- c:\windows\system32\ImageDrive.cpl
2009-11-26 00:14:52 38912 ----a-r- c:\windows\system32\picn20.dll
2009-11-26 00:14:49 544768 ----a-r- c:\windows\system32\imagx5.dll
2009-11-26 00:14:48 569344 ----a-r- c:\windows\system32\imagr5.dll
2009-11-26 00:14:48 283920 ----a-r- c:\windows\system32\ImagXpr5.dll
2009-11-26 00:14:44 155648 ----a-r- c:\windows\system32\NeroCheck.exe
2009-11-25 20:42:52 0 d-----w- c:\docume~1\admini~1\applic~1\NetMedia Providers
2009-11-25 20:37:35 0 d-----w- c:\windows\system32\URTTEMP
2009-11-25 20:30:50 0 d-----w- c:\program files\Combined Community Codec Pack
2009-11-25 20:28:15 815104 ----a-w- c:\windows\system32\xvidcore.dll
2009-11-25 20:28:15 77824 ----a-w- c:\windows\system32\xvid.ax
2009-11-25 20:28:08 180224 ----a-w- c:\windows\system32\xvidvfw.dll
2009-11-25 20:28:07 0 d-----w- c:\program files\Xvid
2009-11-25 20:12:07 0 d-----w- c:\docume~1\admini~1\applic~1\Sonic Foundry
2009-11-25 19:57:07 0 d-----w- c:\program files\Windows Media Connect 2
2009-11-25 19:50:00 0 d-----w- c:\windows\system32\LogFiles
2009-11-25 19:31:38 215920 ----a-w- c:\windows\system32\muweb.dll
2009-11-25 19:31:38 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-11-25 19:31:37 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-11-25 08:01:53 0 d-----w- c:\program files\MSXML 4.0
2009-11-25 06:25:17 0 d-----w- c:\program files\Microsoft Visual Studio 8
2009-11-25 06:00:01 0 d-----w- c:\docume~1\admini~1\applic~1\GetRightToGo
2009-11-25 0038 0 d-----w- c:\program files\YouTube Downloader
2009-11-25 00:01:32 0 d-----w- c:\windows\system32\XPSViewer
2009-11-24 23:59:28 14048 ------w- c:\windows\system32\spmsg2.dll
2009-11-24 23:44:28 0 d-----w- c:\program files\MagicDVDRipper
2009-11-24 23:01:02 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-11-24 23:01:02 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2009-11-24 23:01:01 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-11-24 23:01:01 120056 ------w- c:\windows\system32\pxcpyi64.exe
2009-11-24 23:01:01 118520 ------w- c:\windows\system32\pxinsi64.exe
2009-11-24 23:01:00 129784 ------w- c:\windows\system32\pxafs.dll
2009-11-24 22:58:24 0 d-----w- c:\program files\common files\DivX Shared
2009-11-24 22:58:22 0 d-----w- c:\program files\DivX
2009-11-24 22:29:42 26600 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-11-24 22:29:42 107368 ----a-w- c:\windows\system32\GEARAspi.dll
2009-11-24 22:28:12 0 d-----w- c:\program files\iPod
2009-11-24 22:28:06 0 d-----w- c:\program files\iTunes
2009-11-24 22:28:06 0 d-----w- c:\docume~1\alluse~1\applic~1\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-11-24 21:36:38 0 d-----w- c:\docume~1\admini~1\applic~1\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2009-11-24 19:09:30 0 d-----w- c:\program files\MSSOAP
2009-11-24 19:08:56 0 d-----w- c:\program files\Webroot
2009-11-24 18:57:24 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-11-24 18:57:24 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-11-24 18:57:20 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-11-24 18:57:20 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-11-24 17:14:58 7552 -c--a-w- c:\windows\system32\dllcache\mskssrv.sys
2009-11-24 17:14:48 0 d-----w- c:\program files\Realtek Sound Manager
2009-11-24 17:14:45 0 d-----w- c:\program files\AvRack
2009-11-24 07:33:51 0 d-sh--w- c:\documents and settings\administrator\IECompatCache
2009-11-24 07:22:41 0 d-sh--w- c:\documents and settings\administrator\PrivacIE
2009-11-24 07:07:02 0 d-sh--w- c:\documents and settings\administrator\IETldCache
2009-11-24 07:03:58 0 d-----w- c:\windows\ie8updates
2009-11-24 07:03:55 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-11-24 07:03:54 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-11-24 07:03:54 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-11-24 07:03:54 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-11-24 07:03:54 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-11-24 07:03:54 11069440 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-11-24 07:03:15 0 dc-h--w- c:\windows\ie8
2009-11-24 06:55:14 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2009-11-24 06:54:36 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-11-24 06:54:30 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2009-11-24 06:52:49 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-11-24 06:52:37 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-11-24 06:52:35 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-11-24 06:44:28 0 d-----w- c:\windows\system32\wbem\AutoRecover
2009-11-24 06:44:20 316640 ----a-w- c:\windows\WMSysPr9.prx
2009-11-24 06:37:22 0 d-----w- c:\windows\ServicePackFiles
2009-11-24 06:37:21 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2009-11-24 06:35:45 19569 ----a-w- c:\windows\002682_.tmp
2009-11-24 06:34:16 0 d-----w- c:\windows\EHome
2009-11-24 06:22:06 0 d-----w- c:\windows\system32\bits
2009-11-24 06:21:35 0 d-----w- c:\windows\system32\PreInstall
2009-11-24 06:21:34 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-11-24 06:21:33 0 d--h--w- c:\windows\$hf_mig$
2009-11-24 06:20:28 8192 ------w- c:\windows\system32\bitsprx2.dll
2009-11-24 06:20:28 7168 ------w- c:\windows\system32\bitsprx3.dll
2009-11-24 06:20:28 438784 ------w- c:\windows\system32\xpob2res.dll
2009-11-24 06:20:28 354304 ----a-w- c:\windows\system32\winhttp.dll
2009-11-24 06:20:28 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2009-11-24 06:16:21 1902 ------w- c:\windows\system32\SetupBD.din
2009-11-24 06:16:09 24064 ----a-r- c:\windows\system32\IntelNic.dll
2009-11-24 06:16:09 131072 ----a-r- c:\windows\system32\e1000msg.dll
2009-11-24 06:16:08 2725 ----a-r- c:\windows\system32\e1000325.din
2009-11-24 06:16:08 125952 ----a-r- c:\windows\system32\drivers\e1000325.sys
2009-11-24 06:16:08 118784 ----a-r- c:\windows\system32\Prounstl.exe
2009-11-24 05:37:46 0 d-s---w- c:\windows\system32\Microsoft
2009-11-24 02:13:19 0 d-sh--w- c:\documents and settings\all users\DRM
2009-11-24 02:12:14 0 d-----w- c:\program files\common files\MSSoap
2009-11-24 02:11:24 0 d--h--w- c:\program files\WindowsUpdate
2009-11-24 02:11:24 0 d-----w- c:\program files\Online Services
2009-11-24 02:11:20 0 d-----w- c:\program files\Messenger
2009-11-24 02:11:15 0 d-----w- c:\program files\MSN Gaming Zone
2009-11-24 02:10:44 0 d-----w- c:\program files\Windows NT
2009-11-23 18:00:53 0 d-----w- c:\program files\common files\ODBC
2009-11-23 18:00:49 0 d-----w- c:\program files\common files\SpeechEngines
2009-11-23 18:00:22 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-11-24 02:11:38 21640 ----a-w- c:\windows\system32\emptyregdb.dat
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-09-25 05:37:09 81920 ------w- c:\windows\system32\ieencode.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll

============= FINISH: 22:02:27.03 ===============

Attached Files

Attach.zip (4.4 KB, 1 views)