127 replies to this topic

[ken545]

That would be a good idea. I know I posted about reformatting and doing a clean install of windows, sometimes that's a good option to go with, its like having a brand new computer. If you back up all your data like photos and documents you wont lose anything. You can back them up to one of the new external hard drives that have come out, I believe there under $50 at Costco, but this is your choice to do this, if this was my computer I would. Link me to the thread when you start it so I can see what there doing. Good Luck, Ken

[ems88]

I'm gonna see how it runs for the next couple of days. Today, everything is running very smoothly. If I do a clean install of Windows, will that help with the suspected bad RAM (because of the blue screen)? I haven't been able to do a memory test on my computer. Here's the thread I already started on it: http://forums.whatth...nd_t109752.html

[ken545]

Hi

bad RAM (because of the blue screen)? <--Bad ram is a hardware issue, nothing to do with malware.

I am linked to your other thread

[ems88]

So doing a clean install of Windows would have no effect on my computer freezing all the time right?

[ken545]

Good Morning, We don't know whats causing your computer to freeze, it could be bad ram and if a memory module is bad it can be replaced, it could go deeper than that , it could be something on your motherboard is not working and if it is some sort of issue like this then a clean install of windows will have no effect. On the other side of the coin, if everything hardware wise is ok, it could be some programs conflicting causing it. How old is this computer ?

[ems88]

My laptop is almost 4 years old. Is it normal that one day it's working fine and then the next it's freezing constantly? Because that's exactly what happened. It didn't start getting slower gradually, more like overnight and I didn't do any installations or anything around the time this problem started.

[ken545]

Sometimes when you turn on your computer everything works fine, but as you use it for awhile it could be getting hot. After its running for say 10 or 15 min, lift it up and feel the air coming out of the fans on the bottom, is the air real hot ? The word Laptop is really named wrong because your not supposed to use it on your lap, you may be blocking the cooling vents, it should be used say on a desk where air can get to it from the bottom and not be blocked. Also, when memory goes bad, its sometimes interment, what I mean is if its failing sometimes its a slow death, work ok for awhile and then it starts in giving you problems. You really need to stick with the WTT Windows board and have them run you though some tests. This forum is not set up for that, we just do malware removal on this one. You know , if this was me and with new computers selling so cheap, I would back up all my files and pics and just buy a new one, but I don't know if its an option with you. Just my thoughts. By the time you take it to a shop to analyze it, replace memory or a failing hard drive , for a few bucks more you can buy a new one. Something to think about Ken

[ems88]

There's no air coming out from the bottom...? It does get hot though. It rests on a chair most of the time. Thanks for the advice but unfortunately getting a new laptop isn't an option right now. I'll start up my other thread and see what happens.

[ken545]

Good Morning,

I have had other helpers looking into this and you may have one of the newer infections going around.

Do this

Open Notepad and copy and paste the bolded text into Notepad

net user HelpAssistant>%temp%\temp0
start notepad %temp%\temp0
exit
cls

Save it as Help.bat
In the drop down window select ALL FILES
Save it to your deskop,
Double click it to run ( takes a sec ) and post the resulting log into this thread for me to see

[ems88]

User name HelpAssistant Full Name Remote Desktop Help Assistant Account Comment Account for Providing Remote Assistance User's comment Country code 000 (System Default) Account active Yes Account expires Never Password last set 2/26/2010 1:19 PM Password expires Never Password changeable 2/26/2010 1:19 PM Password required Yes User may change password Yes Workstations allowed All Logon script User profile Home directory Last logon 2/26/2010 1:19 PM Logon hours allowed All Local Group Memberships *Administrators Global Group memberships *None The command completed successfully.

[ken545]

Your infection is fairly new, its called Help Assistant. Hang on, be back in a bit

[ken545]

Download and save HelpAsst_mebroot_fix.exe
Double click to run the tool.
When its done Go to Start > Run and copy and paste this in
c:\mbr.exe -f "%userprofile%\desktop\mbr.exe" -f
Click OK

The reboot, Post the log it produces


Then run this tool
Download DDS by sUBs from one of the following links. Save it to your desktop.

• DDS.com
• DDS.scr
• DDS.pif
  
• Double click on the DDS icon, allow it to run.
• A small box will open, with an explaination about the tool. No input is needed, the scan is running.
• Notepad will open with the results, click no to the Optional_Scan
• Follow the instructions that pop up for posting the results.
• Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control Here

[ems88]

I tried running the HelpAsst and the first two times it just said "please wait" and then my computer froze. I tried it again and it says "Help account does not exist. Press any key to continue"

[ken545]

Your doing fine, Help asst removed a large amount of data

Go to Start >run and copy and paste this in and click on OK
c:\mbr.exe -f

Reboot your computer

Then run DDS and post the logs

[ems88]

DDS (Ver_09-09-29.01) - NTFSx86 Run by Elaine Sang at 22:56:27.25 on Fri 02/26/2010 Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.2038.1445 [GMT -5:00] AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\Program Files\Intel\Wireless\Bin\EvtEng.exe C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe svchost.exe svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\Program Files\Canon\CAL\CALMAIN.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\WINDOWS\stsystra.exe C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\system32\igfxsrvc.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Dell\Media Experience\DMXLauncher.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe C:\Program Files\Google\Google Desktop Search\GoogleDesktopDisplay.exe C:\Program Files\NetWaiting\netWaiting.exe C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\Elaine Sang\Desktop\dds.com ============== Pseudo HJT Report =============== uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/ymj/*http://www.yahoo.com/ext/search/search.html uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us uSearchURL,(Default) = hxxp://www.google.com/search?q=%s uURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 2.0\aoltb.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: AIM Toolbar Loader: {b0cda128-b425-4eef-a174-61a11ac5dbf8} - c:\program files\aim toolbar\aimtb.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_219B3E1547538286.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll TB: &Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background uRun: [ModemOnHold] c:\program files\netwaiting\netWaiting.exe uRun: [DellTransferAgent] "c:\documents and settings\all users\application data\dell\transferagent\TransferAgent.exe" uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe mRun: [SigmatelSysTrayApp] stsystra.exe mRun: [McAfeeUpdaterUI] "c:\program files\network associates\common framework\UpdaterUI.exe" /StartedFromRunKey mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start mRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\isuspm.exe" -startup mRun: [IntelZeroConfig] "c:\program files\intel\wireless\bin\ZCfgSvc.exe" mRun: [IntelWireless] "c:\program files\intel\wireless\bin\ifrmewrk.exe" /tf Intel PROSet/Wireless mRun: [igfxtray] c:\windows\system32\igfxtray.exe mRun: [igfxpers] c:\windows\system32\igfxpers.exe mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup mRun: [DVDLauncher] "c:\program files\cyberlink\powerdvd\DVDLauncher.exe" mRun: [DMXLauncher] c:\program files\dell\media experience\DMXLauncher.exe mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe" mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe" StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\ymetray.lnk - c:\program files\yahoo!\yahoo! music jukebox\ymetray.exe IE: &AIM Toolbar Search - c:\documents and settings\all users\application data\aim toolbar\ietoolbar\resources\en-us\local\search.html IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-us\local\search.html IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000 IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll IE: {3369AF0D-62E9-4bda-8103-B4C75499B578} - {DE9C389F-3316-41A7-809B-AA305ED9D922} - c:\program files\aol\aol toolbar 2.0\aoltb.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL Trusted Zone: musicmatch.com\online DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://pcpitstop.com/betapit/PCPitStop.CAB DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} - hxxp://mvnet.xlontech.net/qm/fox/06071909/qsp2ie06071909.cab Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL AppInit_DLLs: c:\progra~1\google\google~1\GOEC62~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\elaine~1\applic~1\mozilla\firefox\profiles\lsvyk9hr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?invocationType=bu10aiminstabie7&sredir=2706&query= FF - component: c:\documents and settings\elaine sang\application data\mozilla\firefox\profiles\lsvyk9hr.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\frozen.dll FF - plugin: c:\documents and settings\elaine sang\application data\move networks\plugins\npqmp071505000010.dll FF - plugin: c:\documents and settings\elaine sang\application data\move networks\plugins\npqmp071505000011.dll FF - plugin: c:\program files\google\google updater\2.4.1601.7122\npCIDetect13.dll FF - plugin: c:\program files\mozilla firefox\plugins\npCouponPrinter.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ---- FIREFOX POLICIES ---- c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true); c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32); c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600); c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false); c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false); c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25); c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5); c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false); c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com"); c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com"); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20); c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20); ============= SERVICES / DRIVERS =============== R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-12-4 12872] R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-4 66632] R2 aawservice;Ad-Aware 2007 Service;c:\program files\lavasoft\ad-aware 2007\aawservice.exe [2007-7-6 561152] R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\avira\antivir desktop\sched.exe [2009-8-18 108289] R2 AntiVirService;Avira AntiVir Guard;c:\program files\avira\antivir desktop\avguard.exe [2009-8-18 185089] R3 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2009-8-18 56816] R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-4 12872] S1 avgio;avgio; [x] S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter;c:\windows\system32\drivers\NSDriver.sys [2007-6-4 9344] =============== Created Last 30 ================ 2010-02-26 13:22 74 a------- C:\Help.bat 2010-02-22 19:07 1,089,601 -------- c:\windows\system32\dllcache\ntprint.cat 2010-02-21 22:26 597,504 -------- c:\windows\system32\dllcache\printfilterpipelinesvc.exe 2010-02-21 22:26 575,488 -------- c:\windows\system32\xpsshhdr.dll 2010-02-21 22:26 575,488 -------- c:\windows\system32\dllcache\xpsshhdr.dll 2010-02-21 22:26 117,760 -------- c:\windows\system32\prntvpt.dll 2010-02-21 22:26 89,088 -------- c:\windows\system32\dllcache\filterpipelineprintproc.dll 2010-02-21 22:26 1,676,288 -------- c:\windows\system32\xpssvcs.dll 2010-02-21 22:26 1,676,288 -------- c:\windows\system32\dllcache\xpssvcs.dll 2010-02-21 22:26 <DIR> --d----- C:\c9dd8fb36ae916687a81 2010-02-21 21:27 <DIR> --d----- C:\13de777289c97c3fe79615a3 2010-02-21 21:26 <DIR> --d----- C:\9bad38aca9b84e45826f30d2 2010-02-21 00:07 153,088 a------- c:\windows\system32\dllcache\triedit.dll 2010-02-21 00:06 470,528 -------- c:\windows\system32\dllcache\aclayers.dll 2010-02-20 20:55 261,632 a------- c:\windows\PEV.exe 2010-02-20 20:55 161,792 a------- c:\windows\SWREG.exe 2010-02-20 20:55 98,816 a------- c:\windows\sed.exe 2010-02-20 20:55 77,312 a------- c:\windows\MBR.exe 2010-02-18 20:02 95,360 a------- c:\windows\system32\ATAPI.SYS 2010-02-18 20:02 95,360 a------- C:\atapi.sys 2010-02-18 20:02 95,360 -------- c:\windows\system32\drivers\atapi.sys 2010-02-13 00:44 77,312 a------- C:\mbr.exe 2010-02-11 22:39 <DIR> --d----- c:\program files\common files\Software Update Utility 2010-02-11 22:39 <DIR> --d----- c:\program files\AIM Toolbar 2010-02-11 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar 2010-02-11 22:39 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore ==================== Find3M ==================== 2009-12-31 11:14 352,640 a------- c:\windows\system32\drivers\srv.sys 2009-12-31 11:14 352,640 -------- c:\windows\system32\dllcache\srv.sys 2009-12-31 10:33 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe 2009-12-31 10:33 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe 2009-12-18 08:05 634,648 -------- c:\windows\system32\dllcache\iexplore.exe 2009-12-18 08:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll 2009-12-16 07:58 343,040 a------- c:\windows\system32\mspaint.exe 2009-12-16 07:58 343,040 -------- c:\windows\system32\dllcache\mspaint.exe 2009-12-14 02:35 33,280 a------- c:\windows\system32\csrsrv.dll 2009-12-14 02:35 33,280 -------- c:\windows\system32\dllcache\csrsrv.dll 2009-12-08 03:59 474,112 -------- c:\windows\system32\dllcache\shlwapi.dll 2009-12-04 09:41 453,760 -------- c:\windows\system32\dllcache\mrxsmb.sys 2009-03-13 22:01 88 ---shr-- c:\windows\system32\D0E5FBB671.sys 2009-03-13 22:01 4,704 a--sh--- c:\windows\system32\KGyGaAvL.sys ============= FINISH: 22:56:38.54 ===============

Attached Files

•  Attach.txt   18.47KB   300 downloads