WiredWX Hobby Weather ToolsLog in

 


unknown virus

2 posters

descriptionunknown virus Emptyunknown virus

more_horiz
Hey im pretty sure i have a virus i get pop ups and it takes ages opening mycomputer.
my hard ware is only months old so im pretty sure its not that.
i had an error on one hard drive so i wiped all the data of that drive and installed vista agian on another drive.now i get the same error messages when i try to run combofix.exe. in the error message it says that the file contents have been comprimised and that i should download a new copy. i tryed to format the old hard drive but it wont let me.it says windows couldnt complete the format and i cant do it under safe mode either.
please help
ill post my highjackthis scan below
thanks

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:13:49 PM, on 4/30/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\runonce.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Windows\system32\Taskmgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\Explorer.exe
C:\Windows\System32\rundll32.exe
C:\Users\Medel\Documents\JavaRa\JavaRa.exe
C:\Windows\explorer.exe
C:\Users\Medel\Downloads\jdk-6u13-windows-i586-p.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\MsiExec.exe
C:\Windows\Explorer.exe
C:\Program Files\Trend Micro\HijackThis\hijackthis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: C:\Windows\system32\jksahfo93wjfkd.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\jksahfo93wjfkd.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [DAEMON Tools Lite 4.30.1 Setup] "C:\OLD downloads\daemon4301-lite.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [] C:\Windows\TEMP\qa5khfe.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [] C:\Windows\TEMP\qa5khfe.exe (User 'Default user')
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\jksahfo93wjfkd.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe

--
End of file - 4293 bytes

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Hello.

  • Open HijackThis
  • Choose "Do a system scan only"
  • Check the boxes in front of these lines:


    O2 - BHO: C:\Windows\system32\jksahfo93wjfkd.dll - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\jksahfo93wjfkd.dll
    O4 - HKUS\S-1-5-18\..\Run: [] C:\Windows\TEMP\qa5khfe.exe (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [] C:\Windows\TEMP\qa5khfe.exe (User 'Default user')
    O22 - SharedTaskScheduler: jso8joigm409gopgmrlgd - {B2BA40A2-74F0-42BD-F434-12345A2C8953} - C:\Windows\system32\jksahfo93wjfkd.dll


  • Press "Fix Checked"
  • Close Hijack This.

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
hey i tryed to update malwarebytes but i got an error saying it couldn't connect to the net , i even manually added it to the firewall exceptions.
i also get a initialization error with daemon tools, when i try to run the program.the error msg reads, this program error requires windows 2000 with sptd 1.53 or higher.
kernal debugger must be deactivated.

???

i did the malwarebytes scan anyways and i got this:

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.0.6001 Service Pack 1

4/30/2009 9:39:10 PM
mbam-log-2009-04-30 (21-39-10).txt

Scan type: Quick Scan
Objects scanned: 55471
Time elapsed: 1 minute(s), 41 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{b2ba40a2-74f0-42bd-f434-12345a2c8953} (Trojan.Zlob.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\jksahfo93wjfkd.dll (Trojan.Zlob.H) -> Delete on reboot.
C:\Windows\System32\dpcxool64.sys (Spyware.OnlineGames) -> Quarantined and deleted successfully.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
im also getting this error allot
MUi language pack cleanup has stopped working

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Hello.
Please manually download the MBAM database from here:
http://www.gt500.org/malwarebytes/database.jsp

Install it and re-run MBAM scan again, it has an updated database now.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
hey i tryed the link you gave me and i get a "500 servlet exception" when i click on the link.i can get in the forums ok, but thats not where i download the update from is it?

any other idea's?
im pretty sure the virus is blocking me from these sites.its not the only website i cant access.a few other anti virus links are blocked aswell.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
i think i still got a trojan because even after i find and delete viruses avg free keeps detecting new ones about once every hour
i get a heap of win32 heur

descriptionunknown virus EmptyRe: unknown virus

more_horiz
1. Please download The Avenger by Swandog46 to your Desktop
Link: HERE or HERE.

  • Click on Avenger.zip to open the file
  • Extract avenger.exe to your desktop

Note: This tool was posted specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.


2. Now, start The Avenger program by clicking on its icon on your desktop.

  • Leave the script box empty.
  • Leave the ticked box "Scan for rootkit" ticked.
  • Then tick "Disable any rootkits found"
  • Now click on the Execute to begin execution of the script.
  • Answer "Yes" twice when prompted.

    The Avenger will automatically do the following:

  • It will Restart your computer.
  • On reboot, it will briefly open a black command window on your desktop, this is normal.
  • After the restart, it creates a log file that should open with the results of Avenger’s actions. This log file will be located at C:\avenger.txt
  • The Avenger will also have backed up all the files, etc., that you asked it to delete, and will have zipped them and moved the zip archives to C:\avenger\backup.zip.
3. Please copy/paste the content of c:\avenger.txt into your reply.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows Vista

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Completed script processing.

*******************

Finished! Terminate.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
there was no black command window during start up, just a bunch of error pop ups saying, no disk and something about parameters.
also when i extracted the avenger program avg detected like 20 virus's straight away.whats the deal with that?

descriptionunknown virus EmptyRe: unknown virus

more_horiz
Hmm, we need to go deeper.

  • Please download DDS by sUBs to your Desktop (Important!!) from one of these locations:
    Link 1
    Link 2
  • Double click DDS.scr to run
  • When complete, DDS.txt will open.
  • Save the report to your Desktop.
  • Copy and paste DDS.txt back here, I don't need to see attach.txt.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
hey i opened dds, and ran it and i got access denied twice.ran it again, same thing, each time avg detected win32/heur when the dds failed.then third time lucky got it running heres what i got.

descriptionunknown virus EmptyRe: unknown virus

more_horiz
DDS (Ver_09-03-16.01) - NTFSx86
Run by Medel at 9:31:44.18 on Sat 05/02/2009
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_13

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.daemon-search.com/startpage
BHO: {B2BA40A2-74F0-42BD-F434-12345A2C8953} - No File
TB: AVG Security Toolbar: {a057a204-bacc-4d26-9990-79a187e2698e} - c:\progra~1\avg\avg8\AVGTOO~1.DLL
TB: DAEMON Tools Toolbar: {32099aac-c132-4136-9e9a-4e364a424e17} - c:\program files\daemon tools toolbar\DTToolbar.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\daemon.exe" -autorun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Eraser] c:\program files\eraser\Eraser.exe -hide
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
dRun: [svc] c:\program files\thunmail\testabd.exe
mPolicies-system: EnableLUA = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

================= FIREFOX ===================

FF - ProfilePath - c:\users\medel\appdata\roaming\mozilla\firefox\profiles\2nbsvf82.default\
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official

============= SERVICES / DRIVERS ===============


=============== Created Last 30 ================

2009-05-01 15:01 --d----- c:\users\medel\Shared
2009-05-01 15:01 --d----- c:\users\medel\Incomplete
2009-05-01 13:05 --d----- c:\programdata\NVIDIA
2009-05-01 13:01 --d----- c:\windows\system32\AGEIA
2009-05-01 13:01 --d----- c:\program files\common files\Wise Installation Wizard
2009-05-01 13:01 801,312 a------- c:\windows\system32\nvcplui.exe
2009-05-01 13:01 420,384 a------- c:\windows\system32\nvcpl.cpl
2009-05-01 13:00 453,152 a------- c:\windows\system32\NVUNINST.EXE
2009-05-01 13:00 --d----- C:\NVIDIA
2009-05-01 03:10 --d-h--- c:\programdata\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-01 03:10 --d-h--- c:\progra~2\{A25FEDC1-F6D7-440C-BCE2-B71F595F6646}
2009-05-01 03:10 --d----- c:\program files\Eraser
2009-04-30 21:30 --d----- c:\users\medel\appdata\roaming\Malwarebytes
2009-04-30 21:30 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-04-30 21:30 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-30 21:30 --d----- c:\programdata\Malwarebytes
2009-04-30 21:30 --d----- c:\program files\Malwarebytes' Anti-Malware
2009-04-30 21:30 --d----- c:\progra~2\Malwarebytes
2009-04-30 21:24 --d----- c:\program files\DAEMON Tools Toolbar
2009-04-30 21:21 --d----- c:\program files\DAEMON Tools Lite
2009-04-30 14:09 --d----- c:\program files\Trend Micro
2009-04-30 14:06 --d----- c:\program files\Sun
2009-04-30 14:05 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-30 13:19 721,904 a------- c:\windows\system32\drivers\sptd.sys
2009-04-30 13:14 107,272 a------- c:\windows\system32\drivers\avgtdix.sys
2009-04-30 13:13 --d-h--- C:\$AVG8.VAULT$
2009-04-30 12:57 10,520 a------- c:\windows\system32\avgrsstx.dll
2009-04-30 12:57 325,128 a------- c:\windows\system32\drivers\avgldx86.sys
2009-04-30 12:57 --d----- c:\windows\system32\drivers\Avg
2009-04-30 12:57 --d----- c:\program files\AVG
2009-04-30 12:57 --d----- c:\programdata\avg8
2009-04-30 12:57 --d----- c:\progra~2\avg8
2009-04-30 12:56 --dsh--- c:\windows\Installer
2009-04-30 12:56 --d----- c:\programdata\Spybot - Search & Destroy
2009-04-30 12:56 --d----- c:\program files\Spybot - Search & Destroy
2009-04-30 12:56 --d----- c:\progra~2\Spybot - Search & Destroy
2009-04-30 12:30 246,272 a------- c:\windows\system32\tpsaxyd.exe
2009-04-30 12:30 --dshr-- c:\program files\ThunMail
2009-04-30 12:29 106,496 a------- c:\windows\system32\drivers\Rtlh86.sys
2009-04-30 12:25 553 -----r-- c:\windows\USetup.iss
2009-04-30 12:24 118,784 a------- c:\windows\RTKAUDIOSERVICE.EXE
2009-04-30 12:24 --d----- c:\windows\system32\RTCOM
2009-04-30 12:23 --d----- c:\program files\Realtek
2009-04-30 12:09 53,248 a----r-- c:\windows\system32\CSVer.dll
2009-04-30 12:09 --d----- C:\Intel
2009-04-30 12:08 10 a------- c:\windows\GSetup.ini
2009-04-30 12:08 16,608 a------- c:\windows\gdrv.sys
2009-04-28 21:50 0 a---h--- c:\windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2009-04-28 15:05 --d----- C:\PerfLogs
2009-04-28 14:30 152,576 a------- c:\windows\system32\SPWizUI.dll
2009-04-28 14:30 47,560 a------- c:\windows\system32\SPReview.exe
2009-04-28 14:21 213,504 a------- c:\windows\system32\recdisc.exe
2009-04-28 14:21 6,656 a------- c:\windows\system32\sdspres.dll
2009-04-28 14:19 3,104,768 a------- c:\windows\system32\NlsData0047.dll
2009-04-28 14:18 505,344 a------- c:\windows\system32\qedit.dll
2009-04-28 14:17 1,689,600 a------- c:\windows\system32\wscui.cpl
2009-04-28 14:15 6,656 a------- c:\windows\system32\kbd106n.dll
2009-04-28 14:14 64,512 a------- c:\windows\system32\cbsra.exe
2009-04-28 14:12 327,680 a------- c:\windows\SPInstall.etl
2009-04-28 14:04 --d----- C:\Codemasters
2009-04-28 13:27 855 a------- C:\2349-BattleTanksII.lnk
2009-04-28 13:27 --d----- C:\Mercenaries 2
2009-04-28 13:27 --d----- C:\Far Cry 2
2009-04-28 13:27 --d----- C:\Fallout3
2009-04-28 13:27 --d----- C:\Crysis_WARHEAD
2009-04-28 13:26 --d----- C:\Crysis
2009-04-28 13:26 --d----- C:\Company of Heroes
2009-04-28 13:26 --d----- C:\Age of Empires 3
2009-04-28 13:26 --d----- C:\STALKER-STCS
2009-04-28 13:26 --d----- C:\STALKER-SHOC
2009-04-28 13:19 --d----- C:\patches
2009-04-28 13:17 a-d----- C:\Projects
2009-04-28 13:00 --d----- c:\users\Medel
2009-04-28 12:52 --d----- c:\windows\Panther
2009-04-28 12:51 --d----- c:\windows\system32\OEM
2009-04-28 12:51 59 a----r-- c:\windows\DELL_VERSION
2009-04-28 12:38 --d----- C:\Windows.old.000
2009-04-27 05:00 --d----- C:\deadspace sav
2009-04-27 04:41 --d----- C:\Dead Space
2009-04-27 04:39 --d----- C:\Rockstar Games
2009-04-27 04:38 --d----- C:\pics old
2009-04-27 04:29 --d----- C:\iTunes
2009-04-26 17:11 --d----- C:\old documents
2009-04-26 17:11 --d----- C:\OLD downloads
2009-04-19 02:25 --d----- C:\MOVIES
2009-04-19 02:16 --d----- C:\GAMES
2009-04-08 18:41 --d----- C:\Red Alert 3
2009-04-03 16:51 --d----- C:\Left 4 Dead
2009-04-02 20:50 --d----- C:\Grid

==================== Find3M ====================

2009-05-01 13:00 51,200 a------- c:\windows\inf\infpub.dat
2009-05-01 13:00 86,016 a------- c:\windows\inf\infstrng.dat
2009-05-01 13:00 86,016 a------- c:\windows\inf\infstor.dat
2009-04-30 12:23 319,456 a------- c:\windows\DIFxAPI.dll
2009-04-30 12:23 335,872 a------- c:\windows\HideWin.exe
2009-04-28 15:16 174 a--sh--- c:\program files\desktop.ini
2009-04-28 15:05 665,600 a------- c:\windows\inf\drvindex.dat
2009-04-28 14:53 101,888 a------- c:\windows\system32\ifxcardm.dll
2009-04-28 14:52 82,432 a------- c:\windows\system32\axaltocm.dll
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 05:40 287,440 a------- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 05:40 30,674 a------- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 02:20 287,440 a------- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 02:20 30,674 a------- c:\windows\inf\perflib\0000\perfc.dat
2007-07-11 08:27 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 9:32:34.81 ===============

descriptionunknown virus EmptyRe: unknown virus

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum