Had a virus and computer takesd awhile to shutdown.

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

« on: October 02, 2011, 11:18:52 AM »

I was downloading a trainer for a game from gameburnworld.com which I know is a questionable site. The next day AVG keeps blocking a virus that keeps coming up. I have followed all the steps listed in the forum and have posted the logs above.

Also my computer takes forever to shut down or restart for some reason. It has been doing this for awhile even before I ever had a virus. Maybe it is a program I have installed that takes forever to close?

Any help would be greatly appreciated. Thank you.

[regaining space - attachment deleted by admin]


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #1 on: October 02, 2011, 12:23:22 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
One or more of the identified infections is a backdoor trojan.

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

Read this article: Danger: Remote Access Trojans.

If your computer was used for online banking, has credit card information or other sensitive data on it, all passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one! If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I would counsel you to disconnect this PC from the Internet immediately.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

When Should I Format, How Should I Reinstall?

We can attempt to clean this machine but i can't guarantee that it will be 100% secure afterwards.

Should you have any questions, please feel free to ask.

Please let us know what you have decided to do in your next post


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #2 on: October 02, 2011, 12:30:16 PM »

I would like to attempt to clean it instead of doing a format. Question, is the backdoor trojan a file or a program on my pc?


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #3 on: October 02, 2011, 12:35:41 PM »

Quote

Question, is the backdoor trojan a file or a program on my pc?

Hopefully, your AV program caught all of it but it's impossible to say without doing some scans.

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Unzip SecurityCheck.zip and a folder named Security Check should appear.
* Open the Security Check folder and double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.
*********************************************************
Download DDS from HERE or HERE and save it to your desktop.

Vista users right click on dds and select Run as administrator (you will receive a UAC prompt, please allow it)

* XP users Double click on dds to run it.
* If your antivirus or firewall try to block DDS then please allow it to run.
* When finished DDS will open two (2) logs.
* Save both reports to your desktop.
* The instructions here ask you to attach the Attach.txt.

1) DDS.txt
2) Attach.txt
Instead of attaching, please copy/past both logs into your Thread

Note: DDS will instruct you to post the Attach.txt log as an attachment.
Please just post it as you would any other log by copying and pasting it into the reply.

•Close the program window, and delete the program from your desktop.

Please note: You may have to disable any script protection running if the scan fails to run.
After downloading the tool, disconnect from the internet and disable all antivirus protection.
Run the scan, enable your A/V and reconnect to the internet.
Information on A/V control HERE .Then post your DDS logs. (DDS.txt and Attach.txt )


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takes awhile to shutdown.

« Reply #4 on: October 02, 2011, 05:54:38 PM »

Ok I downloaded security check. I disconnected internet and disabled my firewall and a/v. I ran the program and it went through all the steps but NO notepad document came up when it was done so I have no log for it . The DDS worked fine. The logs are below:

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 10.0.0
Run by JAY at 19:43:13 on 2011-10-02
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2689 [GMT -4:00]
.
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: COMODO Firewall *Enabled*
FW: AVG Firewall *Disabled*
.
============== Running Processes ===============
.
C:\PROGRA~1\AVG\AVG10\avgchsvx.exe
C:\PROGRA~1\AVG\AVG10\avgrsx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AVG\AVG10\avgfws.exe
C:\Program Files\AVG\AVG10\avgwdsvc.exe
C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
C:\Program Files\AVG\AVG10\avgam.exe
C:\Program Files\AVG\AVG10\avgnsx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\AVG\AVG10\avgtray.exe
C:\Program Files\AVG\AVG10\avgemcx.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\PeerBlock\peerblock.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\OSK.exe
C:\WINDOWS\system32\MSSWCHX.EXE
C:\Program Files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
C:\WINDOWS\system32\wuauclt.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = my.daemon-search.com
uURLSearchHooks: DeviceVM Url Search Hook: {0063bf63-bfff-4b8f-9d26-4267df7f17dd} - c:\windows\system32\dvmurl.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg10\avgssie.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [PeerBlock] c:\program files\peerblock\peerblock.exe
uRun: [Steam] "c:\program files\steam\Steam.exe" -silent
uRun: [Comrade.exe] c:\program files\gamespy\comrade\Comrade.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SoundMan] SOUNDMAN.EXE
mRun: [AlcWzrd] ALCWZRD.EXE
mRun: [AVG_TRAY] c:\program files\avg\avg10\avgtray.exe
mRun: [COMODO Internet Security] "c:\program files\comodo\comodo internet security\cfp.exe" -h
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [nwiz] c:\program files\nvidia corporation\nview\nwiz.exe /installquiet
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
TCP: Interfaces\{81299952-8656-45EC-99E7-3351FE80D0D0} : NameServer = 156.154.70.22,156.154.71.22
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg10\avgpp.dll
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.DLL
AppInit_DLLs: c:\windows\system32\guard32.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\jay\application data\mozilla\firefox\profiles\wzku8r84.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://by152w.bay152.mail.live.com/?rru=inbox
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
.
============= SERVICES / DRIVERS ===============
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [2010-9-13 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [2010-9-7 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [2010-9-7 248656]
R1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\drivers\avgmfx86.sys [2010-9-7 34896]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [2010-9-7 297168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [2011-5-2 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [2011-5-2 29400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2011-6-8 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-7-18 116608]
R2 avgfws;AVG Firewall;c:\program files\avg\avg10\avgfws.exe [2011-3-9 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\avg\avg10\identity protection\agent\bin\AVGIDSAgent.exe [2011-8-18 7390560]
R2 avgwd;AVG WatchDog;c:\program files\avg\avg10\avgwdsvc.exe [2011-2-8 269520]
R2 cmdAgent;COMODO Internet Security Helper Service;c:\program files\comodo\comodo internet security\cmdagent.exe [2011-5-9 1793712]
R2 GEST Service;GEST Service for program management.;c:\program files\gigabyte\energysaver\GSvr.exe [2011-6-8 68136]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [2010-8-19 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [2010-8-19 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [2010-8-19 27216]
R3 pbfilter;pbfilter;c:\program files\peerblock\pbfilter.sys [2011-6-8 19056]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [2010-7-12 30432]
S3 DYDBQSNcccCcGCc;DYDBQSNcccCcGCc;\??\c:\documents and settings\all users\application data\12d17480_s_drv --> c:\documents and settings\all users\application data\12D17480_S_drv [?]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
=============== Created Last 30 ================
.
2011-10-01 15:02:03   --------   d-----w-   c:\documents and settings\jay\local settings\application data\GameSpy
2011-10-01 15:00:52   --------   d-----w-   c:\documents and settings\jay\local settings\application data\ApplicationHistory
2011-09-29 20:22:52   --------   d-----w-   c:\windows\system32\URTTEMP
2011-09-29 20:20:30   22328   ----a-w-   c:\documents and settings\jay\application data\PnkBstrK.sys
2011-09-29 20:20:12   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2011-09-29 20:20:12   --------   d-----w-   c:\windows\system32\LogFiles
2011-09-29 18:31:26   --------   d-----w-   c:\program files\THQ
2011-09-23 11:24:57   --------   d-----w-   c:\program files\MSECache
2011-09-19 03:30:43   --------   d-----w-   c:\documents and settings\jay\local settings\application data\storage
2011-09-19 00:13:09   1   ----a-w-   c:\documents and settings\jay\SI.bin
2011-09-13 01:43:45   --------   d-----w-   c:\documents and settings\jay\local settings\application data\Ubisoft
2011-09-05 21:43:38   115016   ----a-r-   c:\windows\system32\MSINET.OCX
2011-09-05 21:43:22   35840   ----a-r-   c:\windows\system32\comdlg32.oca
2011-09-05 21:43:22   140488   ----a-r-   c:\windows\system32\comdlg32.ocx
2011-09-05 21:43:21   69632   ----a-r-   c:\windows\system32\xmltok.dll
2011-09-05 21:43:21   36864   ----a-r-   c:\windows\system32\xmlparse.dll
2011-09-05 21:43:21   26096   ----a-r-   c:\windows\system32\xmlinst.exe
2011-09-05 21:43:21   24576   ----a-r-   c:\windows\system32\msxml3a.dll
2011-09-05 21:43:20   89360   ----a-r-   c:\windows\system32\VB5DB.DLL
2011-09-05 21:43:20   29184   ----a-r-   c:\windows\system32\MSINET.oca
2011-09-05 21:40:50   --------   d-----w-   c:\program files\Ubi Soft
2011-09-05 18:51:50   --------   d-----w-   c:\documents and settings\jay\local settings\application data\dxhr
2011-09-05 18:51:02   --------   d-----w-   c:\documents and settings\jay\local settings\application data\28050
2011-09-03 01:02:49   --------   d-----w-   c:\documents and settings\jay\local settings\application data\DOSBox
.
==================== Find3M ====================
.
2011-10-02 23:41:10   16608   ----a-w-   c:\windows\gdrv.sys
2011-09-30 01:54:48   1169   ----a-w-   c:\documents and settings\all users\application data\~12D17480_Snj4(c~c_src020.tmp
2011-09-29 18:53:57   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 18:25:29   444952   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-09-29 18:25:29   109080   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-08-31 21:00:50   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-08 22:27:25   273344   ----a-w-   c:\windows\system32\nvdrsdb0.bin
2011-08-08 22:27:25   1   ----a-w-   c:\windows\system32\nvdrssel.bin
2011-08-08 22:27:22   273344   ----a-w-   c:\windows\system32\nvdrsdb1.bin
2011-08-05 14:12:31   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-05 14:12:31   128000   ----a-w-   c:\windows\system32\javacpl.cpl
2011-07-28 13:18:47   5120   ----a-w-   c:\windows\system32\BReWErS.dll
.
============= FINISH: 19:43:38.84 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 6/8/2011 3:08:07 AM
System Uptime: 10/2/2011 7:40:48 PM (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | EP45-UD3L
Processor: Intel Pentium III Xeon processor | Socket 775 | 2800/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 233 GiB total, 141.136 GiB free.
D: is CDROM (CDFS)
E: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP51: 7/5/2011 1:30:30 PM - System Checkpoint
RP52: 7/5/2011 11:56:53 PM - Removed Dead Space™
RP53: 7/6/2011 9:28:32 AM - Installed Dead Space™ 2
RP54: 7/7/2011 5:11:26 PM - System Checkpoint
RP55: 7/7/2011 7:31:59 PM - Removed Dead Space™ 2
RP56: 7/7/2011 8:29:45 PM - Installed Quantum of Solace(TM)
RP57: 7/9/2011 10:00:36 AM - Removed Quantum of Solace(TM)
RP58: 7/9/2011 10:15:36 AM - Installed James Bond 007(TM) - Blood Stone
RP59: 7/10/2011 11:05:00 AM - System Checkpoint
RP60: 7/11/2011 11:24:33 AM - System Checkpoint
RP61: 7/12/2011 11:31:47 AM - System Checkpoint
RP62: 7/13/2011 1:07:47 PM - System Checkpoint
RP63: 7/13/2011 11:31:47 PM - Installed X-Men Origins - Wolverine(TM)
RP64: 7/14/2011 7:55:02 PM - Removed X-Men Origins - Wolverine(TM)
RP65: 7/14/2011 8:33:25 PM - Installed Wanted: Weapons of Fate
RP66: 7/14/2011 9:19:14 PM - Removed Wanted: Weapons of Fate
RP67: 7/14/2011 9:19:46 PM - Installed Wanted: Weapons of Fate
RP68: 7/14/2011 9:39:47 PM - Removed Wanted: Weapons of Fate
RP69: 7/14/2011 11:51:19 PM - Installed Ghostbusters (TM): The Video Game
RP70: 7/16/2011 4:42:15 AM - System Checkpoint
RP71: 7/17/2011 5:04:07 AM - System Checkpoint
RP72: 7/18/2011 7:33:46 AM - System Checkpoint
RP73: 7/19/2011 10:07:57 AM - System Checkpoint
RP74: 7/21/2011 12:24:54 AM - System Checkpoint
RP75: 7/22/2011 7:24:51 PM - Configured Ghostbusters (TM): The Video Game
RP76: 7/22/2011 7:33:40 PM - Hitman 2 Silent Assassin
RP77: 7/25/2011 12:11:06 AM - Installed Adobe Reader X (10.1.0).
RP78: 7/25/2011 10:47:35 AM - Uninstall Hitman 2 Silent Assassin
RP79: 7/25/2011 10:51:38 AM - Hitman: Contracts
RP80: 7/25/2011 10:54:32 AM - Hitman: Contracts
RP81: 7/25/2011 3:14:59 PM - Hitman: Contracts patch
RP82: 7/25/2011 3:24:18 PM - Uninstall Hitman: Contracts
RP83: 7/25/2011 3:40:28 PM - Installed Hitman Blood Money
RP84: 7/25/2011 4:43:21 PM - Removed Hitman Blood Money
RP85: 7/25/2011 4:43:53 PM - Installed Hitman Blood Money
RP86: 7/25/2011 4:55:03 PM - Removed Hitman Blood Money
RP87: 7/25/2011 4:55:28 PM - Installed Hitman Blood Money
RP88: 7/26/2011 10:59:52 PM - System Checkpoint
RP89: 7/27/2011 12:34:13 PM - Removed Hitman Blood Money
RP90: 7/27/2011 1:31:13 PM - Installed Steam
RP91: 7/27/2011 1:33:40 PM - Removed Steam
RP92: 7/27/2011 1:33:59 PM - Installed Steam
RP93: 7/27/2011 11:41:08 PM - Installed Stranglehold
RP94: 7/27/2011 11:59:29 PM - Installed DirectX 9.0
RP95: 7/31/2011 1:19:45 AM - System Checkpoint
RP96: 7/31/2011 6:08:30 PM - Removed Stranglehold
RP97: 8/1/2011 6:13:45 PM - System Checkpoint
RP98: 8/2/2011 10:18:49 PM - System Checkpoint
RP99: 8/4/2011 12:46:11 PM - System Checkpoint
RP100: 8/5/2011 10:12:23 AM - Installed Java(TM) 7
RP101: 8/5/2011 10:23:07 AM - Installed HiJackThis
RP102: 8/6/2011 6:41:10 PM - System Checkpoint
RP103: 8/7/2011 6:57:04 PM - System Checkpoint
RP104: 8/9/2011 12:47:50 AM - System Checkpoint
RP105: 8/11/2011 1:50:22 AM - System Checkpoint
RP106: 8/12/2011 2:13:56 AM - System Checkpoint
RP107: 8/13/2011 3:25:08 AM - System Checkpoint
RP108: 8/14/2011 3:37:08 AM - System Checkpoint
RP109: 8/15/2011 4:04:32 AM - System Checkpoint
RP110: 8/16/2011 5:04:32 AM - System Checkpoint
RP111: 8/16/2011 8:46:40 PM - Installed BloodRayne 2
RP112: 8/18/2011 12:34:44 AM - System Checkpoint
RP113: 8/18/2011 9:35:53 PM - Removed BloodRayne 2
RP114: 8/19/2011 10:13:35 PM - System Checkpoint
RP115: 8/20/2011 10:41:43 PM - System Checkpoint
RP116: 8/21/2011 11:10:18 PM - System Checkpoint
RP117: 8/22/2011 11:39:40 PM - System Checkpoint
RP118: 8/24/2011 12:33:36 AM - System Checkpoint
RP119: 8/25/2011 1:22:07 AM - System Checkpoint
RP120: 8/26/2011 2:10:05 AM - System Checkpoint
RP121: 8/27/2011 2:52:09 AM - System Checkpoint
RP122: 8/28/2011 3:04:10 AM - System Checkpoint
RP123: 8/29/2011 4:04:10 AM - System Checkpoint
RP124: 8/30/2011 5:04:09 AM - System Checkpoint
RP125: 8/31/2011 6:04:09 AM - System Checkpoint
RP126: 9/1/2011 7:23:12 AM - System Checkpoint
RP127: 9/1/2011 11:26:23 PM - Installed From Dust
RP128: 9/1/2011 11:42:07 PM - Removed From Dust
RP129: 9/1/2011 11:42:45 PM - Installed From Dust
RP130: 9/1/2011 11:51:05 PM - Removed From Dust
RP131: 9/2/2011 12:03:39 AM - Installed DirectX
RP132: 9/3/2011 9:37:26 AM - System Checkpoint
RP133: 9/4/2011 10:05:40 AM - System Checkpoint
RP134: 9/5/2011 1:47:23 PM - System Checkpoint
RP135: 9/5/2011 5:40:50 PM - Installed Tom Clancy's Splinter Cell
RP136: 9/6/2011 7:07:38 PM - System Checkpoint
RP137: 9/7/2011 7:19:38 PM - System Checkpoint
RP138: 9/9/2011 11:28:28 AM - System Checkpoint
RP139: 9/10/2011 7:59:35 PM - System Checkpoint
RP140: 9/10/2011 11:46:48 PM - Removed Tom Clancy's Splinter Cell
RP141: 9/10/2011 11:53:40 PM - Installed Splinter Cell Pandora Tomorrow
RP142: 9/12/2011 1:57:09 AM - System Checkpoint
RP143: 9/12/2011 9:24:35 PM - Removed Splinter Cell Pandora Tomorrow
RP144: 9/12/2011 9:28:34 PM - Installed Tom Clancy's Splinter Cell Chaos Theory
RP145: 9/14/2011 1:49:11 AM - System Checkpoint
RP146: 9/15/2011 1:54:05 PM - System Checkpoint
RP147: 9/15/2011 10:13:50 PM - Removed Tom Clancy's Splinter Cell Chaos Theory
RP148: 9/15/2011 10:20:07 PM - Installed Tom Clancy's Splinter Cell Double Agent
RP149: 9/15/2011 10:43:31 PM - Installed Tom Clancy's Splinter Cell Double Agent
RP150: 9/15/2011 10:45:20 PM - Installed DirectX
RP151: 9/18/2011 1:29:12 AM - System Checkpoint
RP152: 9/18/2011 8:13:14 PM - Removed Tom Clancy's Splinter Cell Double Agent
RP153: 9/18/2011 8:17:05 PM - Installed Tom Clancy's Splinter Cell Conviction
RP154: 9/18/2011 8:26:19 PM - Installed DirectX
RP155: 9/18/2011 8:27:22 PM - Configured Ubisoft Game Launcher
RP156: 9/19/2011 8:44:03 PM - System Checkpoint
RP157: 9/20/2011 8:57:09 PM - System Checkpoint
RP158: 9/21/2011 9:37:14 PM - System Checkpoint
RP159: 9/22/2011 10:37:33 PM - System Checkpoint
RP160: 9/23/2011 7:25:20 AM - Installed Microsoft Office Excel Viewer
RP161: 9/24/2011 7:59:01 AM - System Checkpoint
RP162: 9/25/2011 8:56:04 AM - System Checkpoint
RP163: 9/26/2011 9:35:50 AM - System Checkpoint
RP164: 9/27/2011 1:08:58 PM - Removed Tom Clancy's Splinter Cell Conviction
RP165: 9/27/2011 6:25:10 PM - Installed Dead Rising 2
RP166: 9/28/2011 8:20:35 PM - System Checkpoint
RP167: 9/29/2011 2:07:58 PM - Installed Stubbs The Zombie
RP168: 9/29/2011 2:11:07 PM - Installed StubbsPatchInstaller
RP169: 9/29/2011 2:26:41 PM - Removed Stubbs The Zombie
RP170: 9/29/2011 2:31:25 PM - Installed Evil Dead Regeneration
RP171: 9/29/2011 3:30:35 PM - Removed Evil Dead Regeneration
RP172: 9/29/2011 4:12:44 PM - Installed Crysis(R).
RP173: 9/29/2011 4:19:57 PM - Installed DirectX
RP174: 9/29/2011 4:23:56 PM - Installed GameSpy Comrade.
RP175: 9/30/2011 4:30:03 PM - System Checkpoint
RP176: 10/1/2011 10:37:01 AM - Removed StubbsPatchInstaller
RP177: 10/2/2011 11:27:09 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.0)
Auslogics BoostSpeed
AVG 2011
Browser Configuration Utility
CCleaner
Combined Community Codec Pack 2010-10-10
COMODO Internet Security
ConvertXtoDVD 3.0.0.9
Crysis(R)
DAEMON Tools Lite
DivX Setup
EAX4 Unified Redist
Energy Saver Advance B8.1015.1
GameSpy Comrade
High Definition Audio Driver Package - KB888111
HiJackThis
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Windows XP (KB942288-v3)
ImgBurn
Java(TM) 6 Update 26
Java(TM) 7
Malwarebytes' Anti-Malware version 1.51.2.1300
Media Player Codec Pack 4.0.0
Microsoft .NET Framework 1.1
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Games for Windows - LIVE
Microsoft Games for Windows - LIVE Redistributable
Microsoft Office Excel Viewer
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Mozilla Firefox 7.0.1 (x86 en-US)
NVIDIA Control Panel 275.33
NVIDIA Graphics Driver 275.33
NVIDIA Install Application
NVIDIA nView 135.85
NVIDIA nView Desktop Manager
NVIDIA PhysX
NVIDIA PhysX System Software 9.10.0514
OpenAL
PeerBlock 1.1 (r518)
Project64 1.7.0.49
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Realtek High Definition Audio Driver
SIW version 2011.05.26
Software Update for Web Folders
Steam
SUPERAntiSpyware
Ubisoft Game Launcher
VC80CRTRedist - 8.0.50727.4053
VLC media player 1.1.11
WebFldrs XP
Windows XP Service Pack 3
WinRAR 4.00 (32-bit)
WordBiz version 1.8
.
==== End Of File ===========================


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #5 on: October 02, 2011, 07:30:35 PM »

P2P - I see you have P2P software installed on your machine. (uTorrent) We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections. It is certainly contributing to your current situation.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall them, however that choice is up to you. If you choose to remove these programs, you can do so via Control Panel >> Add or Remove Programs.
******************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
*********************************************************
Please download ComboFix

from BleepingComputer.com

Alternate link: GeeksToGo.com

and save it to your Desktop.
It would be easiest to download using Internet Explorer.
If you insist on using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools A guide to do this can be found here
Double click ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console

Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the contents of C:\ComboFix.txt in your next reply.

If you have problems with ComboFix usage, see How to use ComboFix


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #6 on: October 02, 2011, 08:07:22 PM »

ComboFix 11-10-02.03 - JAY 10/02/2011 21:58:58.2.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2350 [GMT -4:00]
Running from: c:\documents and settings\JAY\My Documents\Downloads\ComboFix.exe
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\~12D17480_Snj4(c~c_src020.tmp
c:\documents and settings\JAY\Application Data\vso_ts_preview.xml
c:\documents and settings\JAY\WINDOWS
c:\windows\kb913800.exe
c:\windows\system32\BReWErS.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-09-03 to 2011-10-03 )))))))))))))))))))))))))))))))
.
.
2011-10-01 15:02 . 2011-10-01 15:02   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\GameSpy
2011-10-01 15:00 . 2011-10-02 23:42   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\ApplicationHistory
2011-09-29 20:24 . 2011-09-29 20:24   --------   d-----w-   c:\program files\GameSpy
2011-09-29 20:22 . 2011-09-29 20:22   --------   d-----w-   c:\windows\system32\URTTEMP
2011-09-29 20:20 . 2011-09-29 20:20   22328   ----a-w-   c:\documents and settings\JAY\Application Data\PnkBstrK.sys
2011-09-29 20:20 . 2011-09-29 20:20   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2011-09-29 20:20 . 2011-09-29 20:20   --------   d-----w-   c:\windows\system32\LogFiles
2011-09-29 20:12 . 2011-09-29 20:12   --------   d-----w-   c:\program files\Electronic Arts
2011-09-29 18:31 . 2011-09-29 18:31   --------   d-----w-   c:\program files\THQ
2011-09-23 11:24 . 2011-09-23 11:24   --------   d-----w-   c:\program files\MSECache
2011-09-22 12:01 . 2011-09-22 12:01   --------   d-----w-   c:\documents and settings\JAY\Application Data\ImgBurn
2011-09-19 03:30 . 2011-09-19 03:30   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\storage
2011-09-19 00:13 . 2011-09-19 00:13   1   ----a-w-   c:\documents and settings\JAY\SI.bin
2011-09-16 02:20 . 2011-09-19 00:17   --------   d-----w-   c:\program files\Ubisoft
2011-09-13 01:43 . 2011-09-27 17:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ubisoft
2011-09-13 01:43 . 2011-09-13 01:43   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\Ubisoft
2011-09-05 21:43 . 2002-12-18 10:23   115016   ----a-r-   c:\windows\system32\MSINET.OCX
2011-09-05 21:43 . 2002-12-18 10:23   35840   ----a-r-   c:\windows\system32\comdlg32.oca
2011-09-05 21:43 . 2002-12-18 10:23   140488   ----a-r-   c:\windows\system32\comdlg32.ocx
2011-09-05 21:43 . 2002-12-18 23:20   26096   ----a-r-   c:\windows\system32\xmlinst.exe
2011-09-05 21:43 . 2002-12-18 10:23   69632   ----a-r-   c:\windows\system32\xmltok.dll
2011-09-05 21:43 . 2002-12-18 10:23   36864   ----a-r-   c:\windows\system32\xmlparse.dll
2011-09-05 21:43 . 2002-12-18 10:23   24576   ----a-r-   c:\windows\system32\msxml3a.dll
2011-09-05 21:43 . 2002-12-18 10:23   89360   ----a-r-   c:\windows\system32\VB5DB.DLL
2011-09-05 21:43 . 2002-12-18 10:23   29184   ----a-r-   c:\windows\system32\MSINET.oca
2011-09-05 21:40 . 2011-09-05 21:43   --------   d-----w-   c:\program files\Ubi Soft
2011-09-05 18:51 . 2011-09-05 21:27   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\dxhr
2011-09-05 18:51 . 2011-09-05 18:51   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\28050
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-02 23:41 . 2011-06-08 07:11   16608   ----a-w-   c:\windows\gdrv.sys
2011-09-29 18:53 . 2011-06-08 18:23   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 18:25 . 2011-07-15 00:38   444952   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-09-29 18:25 . 2011-07-15 00:38   109080   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-08-31 21:00 . 2011-08-05 12:57   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-05 14:23 . 2011-08-05 14:23   388096   ----a-r-   c:\documents and settings\JAY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-05 14:12 . 2011-06-29 23:20   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-05 14:12 . 2011-06-29 23:20   128000   ----a-w-   c:\windows\system32\javacpl.cpl
2011-10-01 06:47 . 2011-06-08 18:10   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-08-05_13.29.58 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-02 23:41 . 2011-10-02 23:41   16384 c:\windows\Temp\Perflib_Perfdata_d8.dat
+ 2011-10-02 23:41 . 2011-10-02 23:41   16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2003-02-21 09:16 . 2003-02-21 09:16   49152 c:\windows\system32\URTTEMP\regtlib.exe
+ 2011-06-08 22:01 . 2007-11-30 09:39   17272 c:\windows\system32\spmsg.dll
- 2011-06-08 22:01 . 2007-11-30 12:39   17272 c:\windows\system32\spmsg.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   61440 c:\windows\system32\ReinstallBackups\0016\DriverFiles\OpenCL.dll
+ 2001-08-23 12:00 . 2011-10-02 23:45   71206 c:\windows\system32\perfc009.dat
- 2011-06-08 18:19 . 2010-10-16 18:55   61440 c:\windows\system32\OpenCL.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   61440 c:\windows\system32\OpenCL.dll
+ 2010-10-16 19:04 . 2011-05-25 06:09   54272 c:\windows\system32\nvwddi.dll
+ 2007-05-23 21:11 . 2008-05-19 10:33   18944 c:\windows\system32\msisip.dll
+ 2007-05-23 21:11 . 2008-05-19 05:57   95744 c:\windows\system32\msiexec.exe
+ 2011-08-06 17:14 . 2008-04-14 09:41   21504 c:\windows\system32\hidserv.dll
+ 2011-08-06 17:14 . 2008-04-14 04:15   32128 c:\windows\system32\drivers\usbccgp.sys
+ 2011-08-06 17:14 . 2008-04-14 04:15   32128 c:\windows\system32\dllcache\usbccgp.sys
+ 2008-05-19 10:33 . 2008-05-19 10:33   18944 c:\windows\system32\dllcache\msisip.dll
+ 2008-05-19 05:57 . 2008-05-19 05:57   95744 c:\windows\system32\dllcache\msiexec.exe
+ 2011-08-06 17:14 . 2008-04-14 09:41   21504 c:\windows\system32\dllcache\hidserv.dll
+ 2003-02-21 00:10 . 2003-02-21 00:10   31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   64000 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2003-02-21 11:26 . 2003-02-21 11:26   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2003-02-20 23:09 . 2003-02-20 23:09   90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2003-02-20 22:43 . 2003-02-20 22:43   22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-20 23:18 . 2003-02-20 23:18   20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06   65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2003-02-21 11:25 . 2003-02-21 11:25   49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 11:25 . 2003-02-21 11:25   11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24   26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-20 23:22 . 2003-02-20 23:22   40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-02-21 08:12 . 2003-02-21 08:12   28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24   33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2003-02-21 14:20 . 2003-02-21 14:20   49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2003-02-20 23:09 . 2003-02-20 23:09   77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24   94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19   32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19   20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-20 23:19 . 2003-02-20 23:19   40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-20 23:19 . 2003-02-20 23:19   24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 09:00 . 2003-02-21 09:00   98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 07:55 . 2003-02-21 07:55   94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 06:59 . 2003-02-21 06:59   16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2011-09-23 11:25 . 2011-09-23 11:25   58368 c:\windows\Installer\{95120000-003F-0409-0000-0000000FF1CE}\xlvwicon.exe
+ 2011-09-29 20:24 . 2011-09-29 20:24   57344 c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut8_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2011-09-29 20:24 . 2011-09-29 20:24   57344 c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\NewShortcut7_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2011-09-29 20:24 . 2011-09-29 20:24   57344 c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\Comrade.exe_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2011-09-29 20:24 . 2011-09-29 20:24   57344 c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\ARPPRODUCTICON.exe
+ 2011-09-29 20:19 . 2011-09-29 20:28   10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\visitWebsite_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2011-09-29 20:19 . 2011-09-29 20:28   10134 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\checkForUpdatesSC_000E79B7E7254F01870AC12942B7F8E4.exe
+ 2003-12-13 12:30 . 2003-12-13 12:30   70656 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\zlib1.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   13024 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\shallocator.dll
+ 2007-10-25 04:11 . 2007-10-25 04:11   17120 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysisdedicatedserver.exe
+ 2011-09-29 20:23 . 2011-09-29 20:23   90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_9482957f\System.Drawing.Design.dll
+ 2011-09-29 20:23 . 2011-09-29 20:23   61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_041a066f\CustomMarshalers.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   64000 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   86016 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2011-09-02 03:28 . 2008-04-14 09:42   15360 c:\windows\$NtUninstallKB942288-v3$\msisip.dll
+ 2011-09-02 03:28 . 2008-04-14 09:42   78848 c:\windows\$NtUninstallKB942288-v3$\msiexec.exe
+ 2003-02-20 22:43 . 2003-02-20 22:43   4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2007-05-23 21:11 . 2008-04-17 05:43   2560 c:\windows\system32\msimsg.dll
+ 2008-04-17 05:43 . 2008-04-17 05:43   2560 c:\windows\system32\dllcache\msimsg.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   7168 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 11:24 . 2003-02-21 11:24   7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 11:24 . 2003-02-21 11:24   7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2011-09-29 20:24 . 2011-09-29 20:24   8854 c:\windows\Installer\{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}\UNINST_Uninstall_Com_CD7D16AA9DCA4A66A4ABF9C1BE60B1B5.exe
+ 2011-09-29 20:19 . 2011-09-29 20:28   9662 c:\windows\Installer\{000E79B7-E725-4F01-870A-C12942B7F8E4}\ARPPRODUCTICON.exe
+ 2011-09-29 20:22 . 2011-09-29 20:22   6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   7168 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   813672 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvgenco32.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   240592 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdrsdb.bin
+ 2011-08-08 22:27 . 2010-10-16 18:55   888424 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdispco32.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   145408 c:\windows\system32\ReinstallBackups\0016\DriverFiles\dbInstaller.exe
+ 2001-08-23 12:00 . 2011-10-02 23:45   441014 c:\windows\system32\perfh009.dat
+ 2010-10-16 19:04 . 2011-05-25 06:09   154728 c:\windows\system32\nvsvc32.exe
+ 2010-10-16 19:04 . 2011-05-25 06:09   111208 c:\windows\system32\nvmctray.dll
+ 2011-08-08 22:27 . 2011-05-25 06:09   865896 c:\windows\system32\nvgenco322090.dll
+ 2011-06-08 18:19 . 2011-08-08 22:27   273344 c:\windows\system32\nvdrsdb1.bin
+ 2011-06-08 18:19 . 2011-08-08 22:27   273344 c:\windows\system32\nvdrsdb0.bin
+ 2011-08-08 22:27 . 2011-05-25 06:09   899688 c:\windows\system32\nvdispco3220150.dll
- 2010-10-16 19:04 . 2010-10-16 19:04   145000 c:\windows\system32\nvcolor.exe
+ 2010-10-16 19:04 . 2011-05-25 06:09   145000 c:\windows\system32\nvcolor.exe
+ 2007-05-23 21:11 . 2008-05-19 10:33   332800 c:\windows\system32\msihnd.dll
+ 2011-09-29 18:53 . 2011-09-29 18:53   243360 c:\windows\system32\Macromed\Flash\FlashUtil10x_Plugin.exe
+ 2011-08-05 14:12 . 2011-08-05 14:12   214408 c:\windows\system32\javaws.exe
+ 2011-08-05 14:12 . 2011-08-05 14:12   173960 c:\windows\system32\javaw.exe
+ 2011-08-05 14:12 . 2011-08-05 14:12   173960 c:\windows\system32\java.exe
+ 2011-06-07 23:49 . 2011-10-01 14:59   120544 c:\windows\system32\FNTCACHE.DAT
+ 2004-01-06 14:43 . 2004-01-06 14:43   188416 c:\windows\system32\eax.dll
+ 2011-08-08 22:27 . 2011-05-25 06:09   543336 c:\windows\system32\easyupdatusapiu.dll
+ 2010-08-20 01:42 . 2011-05-27 23:05   134480 c:\windows\system32\drivers\AVGIDSDriver.sys
- 2010-08-20 01:42 . 2011-04-15 01:28   134480 c:\windows\system32\drivers\AVGIDSDriver.sys
+ 2008-05-19 10:33 . 2008-05-19 10:33   332800 c:\windows\system32\dllcache\msihnd.dll
+ 2003-02-21 14:20 . 2003-02-21 14:20   737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2003-02-21 11:27 . 2003-02-21 11:27   569344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27   819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27   126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   368640 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 08:42 . 2003-02-21 08:42   348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 22:43 . 2003-02-20 22:43   131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2003-02-20 23:06 . 2003-02-20 23:06   311296 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   716800 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2003-02-20 23:09 . 2003-02-20 23:09   196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2003-02-20 23:06 . 2003-02-20 23:06   282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-20 23:16 . 2003-02-20 23:16   798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 14:21 . 2003-02-21 14:21   524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2003-02-21 14:21 . 2003-02-21 14:21   626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 15:11 . 2002-07-29 15:11   219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2003-02-20 23:19 . 2003-02-20 23:19   253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 09:04 . 2003-02-21 09:04   155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 07:02 . 2003-02-21 07:02   131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2011-08-08 16:40 . 1998-10-29 20:45   306688 c:\windows\IsUninst.exe
+ 2011-09-16 02:46 . 2011-09-16 02:46   254464 c:\windows\Installer\67efa.msi
+ 2011-08-05 14:13 . 2011-08-05 14:13   176640 c:\windows\Installer\24d42e8.msi
+ 2011-08-05 14:12 . 2011-08-05 14:12   937984 c:\windows\Installer\24d42da.msi
+ 2011-09-23 11:25 . 2011-09-23 11:25   442880 c:\windows\Installer\17564e80.msi
+ 2007-09-19 20:29 . 2007-09-19 20:29   294912 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\pbsv.dll
+ 2004-01-14 00:16 . 2004-01-14 00:16   153966 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\jpeg62.dll
+ 2007-06-14 14:20 . 2007-06-14 14:20   118784 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\intellaptopgaming.dll
+ 2004-06-16 14:57 . 2004-06-16 14:57   372736 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\ijl15.dll
+ 2007-05-16 20:45 . 2007-05-16 20:45   118104 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fxc.exe
+ 2007-10-14 19:30 . 2007-10-14 19:30   794624 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmodex.dll
+ 2007-10-14 19:25 . 2007-10-14 19:25   237568 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event_net.dll
+ 2007-10-14 19:26 . 2007-10-14 19:26   208896 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\fmod_event.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   644320 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysoundsystem.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   660704 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryscriptsystem.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   885984 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrendernull.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   943328 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crynetwork.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   386272 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crymovie.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   197856 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryinput.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   394464 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryfont.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   840928 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryentitysystem.dll
+ 2007-09-24 15:55 . 2007-09-24 15:55   159744 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\atimgpud.dll
+ 2006-10-27 18:09 . 2006-10-27 18:09   983376 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\FPWEC.DLL
+ 2011-09-29 20:23 . 2011-09-29 20:23   835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_8416db2c\System.Drawing.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   569344 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   368640 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   299008 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   716800 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2011-09-02 03:28 . 2007-11-30 09:39   382840 c:\windows\$NtUninstallKB942288-v3$\spuninst\updspapi.dll
+ 2011-09-02 03:28 . 2007-11-30 09:39   231288 c:\windows\$NtUninstallKB942288-v3$\spuninst\spuninst.exe
+ 2011-09-02 03:28 . 2008-04-14 01:09   884736 c:\windows\$NtUninstallKB942288-v3$\msimsg.dll
+ 2011-09-02 03:28 . 2008-04-14 09:42   271360 c:\windows\$NtUninstallKB942288-v3$\msihnd.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   2293194 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvdata.bin
+ 2011-08-08 22:27 . 2010-10-16 18:55   2932840 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuvid.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   2666600 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuvenc.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   4882432 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcuda.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   1462272 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvapi.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   9623680 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_mini.sys
+ 2011-08-08 22:27 . 2010-10-16 18:55   6359552 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nv4_disp.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   2808936 c:\windows\system32\nvcuvid.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   2082408 c:\windows\system32\nvcuvenc.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   5332992 c:\windows\system32\nvcuda.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   2328576 c:\windows\system32\nvapi.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   4198272 c:\windows\system32\nv4_disp.dll
+ 2007-05-23 21:11 . 2008-05-19 10:33   4445184 c:\windows\system32\msi.dll
+ 2011-06-08 22:57 . 2011-09-29 18:53   6277280 c:\windows\system32\Macromed\Flash\NPSWF32.dll
+ 2008-05-19 10:33 . 2008-05-19 10:33   4445184 c:\windows\system32\dllcache\msi.dll
+ 2003-02-21 09:04 . 2003-02-21 09:04   1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27   1335296 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27   2039808 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2003-02-21 11:27 . 2003-02-21 11:27   1245184 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   1216512 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   1699840 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   1290240 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2003-02-20 23:08 . 2003-02-20 23:08   2482176 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2003-02-20 23:07 . 2003-02-20 23:07   2494464 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2003-02-21 11:26 . 2003-02-21 11:26   2088960 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 11:25 . 2003-02-21 11:25   1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2011-09-29 20:24 . 2011-09-29 20:24   3378176 c:\windows\Installer\354009.msi
+ 2011-09-29 20:23 . 2011-09-29 20:23   3443712 c:\windows\Installer\3431a9.msi
+ 2011-09-29 20:19 . 2011-09-29 20:19   5521920 c:\windows\Installer\2b0a63.msi
+ 2011-08-06 07:22 . 2011-08-06 07:22   1611776 c:\windows\Installer\28189c.msi
+ 2011-08-05 14:23 . 2011-08-05 14:23   1094656 c:\windows\Installer\24d42ec.msi
+ 2011-09-15 13:46 . 2011-09-15 13:46   3504640 c:\windows\Installer\11fd5bb2.msi
+ 2007-10-25 01:13 . 2007-10-25 01:13   2098400 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysystem.dll
+ 2007-10-25 04:11 . 2007-10-25 04:11   4674784 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crysis.exe
+ 2007-10-25 01:13 . 2007-10-25 01:13   3024096 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrenderd3d9.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   3036384 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryrenderd3d10.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   1991904 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryphysics.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   2823392 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\crygame.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   1574112 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryanimation.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   1942752 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryaisystem.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   2942176 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cryaction.dll
+ 2007-10-25 01:13 . 2007-10-25 01:13   1778912 c:\windows\Installer\$PatchCache$\Managed\7B97E000527E10F478A01C92247B8F4E\1.0.0\cry3dengine.dll
+ 2006-10-27 18:18 . 2006-10-27 18:18   1658152 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\OGL.DLL
+ 2006-10-26 23:00 . 2006-10-26 23:00   6635320 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\MSORES.DLL
+ 2006-10-26 22:21 . 2006-10-26 22:21   1682232 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\FPSRVUTL.DLL
+ 2011-09-29 20:23 . 2011-09-29 20:23   1929216 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_12e86e2d\System.dll
+ 2011-09-29 20:23 . 2011-09-29 20:23   2076672 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_10584bd6\System.Xml.dll
+ 2011-09-29 20:23 . 2011-09-29 20:23   2994176 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_7a7339b1\System.Windows.Forms.dll
+ 2011-09-29 20:23 . 2011-09-29 20:23   1462272 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_a74f9a8e\System.Design.dll
+ 2011-09-29 20:23 . 2011-09-29 20:23   3289088 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_e95903b3\mscorlib.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1216512 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1335296 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.Xml.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   2039808 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1245184 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1699840 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1290240 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2011-09-29 20:22 . 2011-09-29 20:22   1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:27 . 2011-07-15 01:27   2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-19 00:26 . 2011-09-19 00:26   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2011-07-15 01:26 . 2011-07-15 01:26   2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2011-09-02 03:28 . 2008-04-14 09:42   2843136 c:\windows\$NtUninstallKB942288-v3$\msi.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   14532608 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvoglnt.dll
+ 2011-08-08 22:27 . 2010-10-16 18:55   13012992 c:\windows\system32\ReinstallBackups\0016\DriverFiles\nvcompiler.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   16068608 c:\windows\system32\nvoglnt.dll
+ 2010-10-16 19:04 . 2011-05-25 06:09   13895272 c:\windows\system32\nvcpl.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   13004800 c:\windows\system32\nvcompiler.dll
+ 2011-06-08 18:19 . 2011-05-25 06:09   12753664 c:\windows\system32\drivers\nv4_mini.sys
+ 2011-06-08 18:19 . 2011-05-25 06:09   12753664 c:\windows\system32\dllcache\nv4_mini.sys
+ 2007-12-17 13:57 . 2007-12-17 13:57   38085120 c:\windows\Installer\17564e81.msp
+ 2007-11-20 14:41 . 2007-11-20 14:41   12841512 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\XLVIEW.EXE
+ 2006-10-27 18:14 . 2006-10-27 18:14   14151456 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\OART.DLL
+ 2007-09-14 06:30 . 2007-09-14 06:30   16878984 c:\windows\Installer\$PatchCache$\Managed\00002159F30090400000000000F01FEC\12.0.4518\MSO.DLL
+ 2011-09-29 20:25 . 2011-09-29 20:25   378156544 c:\windows\Installer\354035.msp
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-08 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-05 1242448]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\cookiemonsterlovescookies\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/8/2011 5:46 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [6/8/2011 3:12 AM 68136]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
R3 DYDBQSNcccCcGCc;DYDBQSNcccCcGCc;\??\c:\documents and settings\All Users\Application Data\12D17480_S_drv --> c:\documents and settings\All Users\Application Data\12D17480_S_drv [?]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/8/2011 5:36 PM 19056]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/23/2011 7:49 PM 47360]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - DYDBQSNCCCCCGCC
*NewlyCreated* - PBFILTER
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
TCP: DhcpNameServer = 68.87.77.134 68.87.72.134
TCP: Interfaces\{81299952-8656-45EC-99E7-3351FE80D0D0}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\JAY\Application Data\Mozilla\Firefox\Profiles\wzku8r84.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://by152w.bay152.mail.live.com/?rru=inbox
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-02 22:03
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Se


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #7 on: October 03, 2011, 01:26:06 PM »

I noticed that you have two Firewalls; AVG Firewall and COMODO Firewall. Just be sure that only one is activated at any time.

ComboFix is running from the wrong location. Please uninstall/delete it, download and install a new one on your desktop. Then, please run this script.

Re-running ComboFix to remove infections:

Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Open notepad and copy/paste the text in the quotebox below into it:
Quote
KillAll::

File::
c:\documents and settings\All Users\Application Data\12D17480_S_drv

Driver::
DYDBQSNcccCcGCc
Save this as CFScript.txt, in the same location as ComboFix.exe
Referring to the picture above, drag CFScript into ComboFix.exe
When finished, it shall produce a log for you at C:\ComboFix.txt
Please post the contents of the log in your next reply.

********************************************************
SysProt Antirootkit

Download
SysProt Antirootkit from the link below (you will find it at the bottom
of the page under attachments, or you can get it from one of the
mirrors).

http://sites.google.com/site/sysprotantirootkit/

Unzip it into a folder on your desktop.

Double click Sysprot.exe to start the program.
Click on the Log tab.
In the Write to log box select the following items.

Process << Selected
Kernel Modules << Selected
SSDT << Selected
Kernel Hooks << Selected
IRP Hooks << NOT Selected
Ports << NOT Selected
Hidden Files << Selected

At the bottom of the page

Hidden Objects Only << Selected

Click on the Create Log button on the bottom right.
After a few seconds a new window should appear.
Select Scan Root Drive. Click on the Start button.
When it is complete a new window will appear to indicate that the scan is finished.
The log will be saved automatically in the same folder Sysprot.exe was extracted to. Open the text file and copy/paste the log here.


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #8 on: October 03, 2011, 09:24:14 PM »

ComboFix 11-10-02.03 - JAY 10/03/2011 23:00:46.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3326.2689 [GMT -4:00]
Running from: c:\documents and settings\JAY\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\JAY\Desktop\CFScript.txt
AV: AVG Internet Security 2011 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
FW: AVG Firewall *Disabled* {8decf618-9569-4340-b34a-d78d28969b66}
FW: COMODO Firewall *Enabled* {043803A3-4F86-4ef6-AFC5-F6E02A79969B}
.
FILE ::
"c:\documents and settings\All Users\Application Data\12D17480_S_drv"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_DYDBQSNCCCCCGCC
-------\Service_DYDBQSNcccCcGCc
.
.
((((((((((((((((((((((((( Files Created from 2011-09-04 to 2011-10-04 )))))))))))))))))))))))))))))))
.
.
2011-10-01 15:02 . 2011-10-03 03:09   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\GameSpy
2011-10-01 15:00 . 2011-10-03 03:07   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\ApplicationHistory
2011-09-29 20:22 . 2011-09-29 20:22   --------   d-----w-   c:\windows\system32\URTTEMP
2011-09-29 20:20 . 2011-09-29 20:20   22328   ----a-w-   c:\documents and settings\JAY\Application Data\PnkBstrK.sys
2011-09-29 20:20 . 2011-09-29 20:20   66872   ----a-w-   c:\windows\system32\PnkBstrA.exe
2011-09-29 20:20 . 2011-09-29 20:20   --------   d-----w-   c:\windows\system32\LogFiles
2011-09-29 20:12 . 2011-09-29 20:12   --------   d-----w-   c:\program files\Electronic Arts
2011-09-29 18:31 . 2011-09-29 18:31   --------   d-----w-   c:\program files\THQ
2011-09-23 11:24 . 2011-09-23 11:24   --------   d-----w-   c:\program files\MSECache
2011-09-22 12:01 . 2011-09-22 12:01   --------   d-----w-   c:\documents and settings\JAY\Application Data\ImgBurn
2011-09-19 03:30 . 2011-09-19 03:30   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\storage
2011-09-19 00:13 . 2011-09-19 00:13   1   ----a-w-   c:\documents and settings\JAY\SI.bin
2011-09-16 02:20 . 2011-09-19 00:17   --------   d-----w-   c:\program files\Ubisoft
2011-09-13 01:43 . 2011-09-27 17:08   --------   d-----w-   c:\documents and settings\All Users\Application Data\Ubisoft
2011-09-13 01:43 . 2011-09-13 01:43   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\Ubisoft
2011-09-05 21:43 . 2002-12-18 10:23   115016   ----a-r-   c:\windows\system32\MSINET.OCX
2011-09-05 21:43 . 2002-12-18 10:23   35840   ----a-r-   c:\windows\system32\comdlg32.oca
2011-09-05 21:43 . 2002-12-18 10:23   140488   ----a-r-   c:\windows\system32\comdlg32.ocx
2011-09-05 21:43 . 2002-12-18 23:20   26096   ----a-r-   c:\windows\system32\xmlinst.exe
2011-09-05 21:43 . 2002-12-18 10:23   69632   ----a-r-   c:\windows\system32\xmltok.dll
2011-09-05 21:43 . 2002-12-18 10:23   36864   ----a-r-   c:\windows\system32\xmlparse.dll
2011-09-05 21:43 . 2002-12-18 10:23   24576   ----a-r-   c:\windows\system32\msxml3a.dll
2011-09-05 21:43 . 2002-12-18 10:23   89360   ----a-r-   c:\windows\system32\VB5DB.DLL
2011-09-05 21:43 . 2002-12-18 10:23   29184   ----a-r-   c:\windows\system32\MSINET.oca
2011-09-05 21:40 . 2011-09-05 21:43   --------   d-----w-   c:\program files\Ubi Soft
2011-09-05 18:51 . 2011-09-05 21:27   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\dxhr
2011-09-05 18:51 . 2011-09-05 18:51   --------   d-----w-   c:\documents and settings\JAY\Local Settings\Application Data\28050
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-04 03:05 . 2011-06-08 07:11   16608   ----a-w-   c:\windows\gdrv.sys
2011-09-29 18:53 . 2011-06-08 18:23   404640   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2011-09-29 18:25 . 2011-07-15 00:38   444952   ----a-w-   c:\windows\system32\wrap_oal.dll
2011-09-29 18:25 . 2011-07-15 00:38   109080   ----a-w-   c:\windows\system32\OpenAL32.dll
2011-08-31 21:00 . 2011-08-05 12:57   22216   ----a-w-   c:\windows\system32\drivers\mbam.sys
2011-08-05 14:23 . 2011-08-05 14:23   388096   ----a-r-   c:\documents and settings\JAY\Application Data\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2011-08-05 14:12 . 2011-06-29 23:20   544656   ----a-w-   c:\windows\system32\deployJava1.dll
2011-08-05 14:12 . 2011-06-29 23:20   128000   ----a-w-   c:\windows\system32\javacpl.cpl
2011-10-01 06:47 . 2011-06-08 18:10   134104   ----a-w-   c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot_2011-10-03_02.03.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-10-04 03:05 . 2011-10-04 03:05   16384 c:\windows\temp\Perflib_Perfdata_e4.dat
- 2011-10-02 23:41 . 2011-10-02 23:41   16384 c:\windows\Temp\Perflib_Perfdata_c0.dat
+ 2011-10-04 03:05 . 2011-10-04 03:05   16384 c:\windows\temp\Perflib_Perfdata_c0.dat
+ 2001-08-23 12:00 . 2011-10-04 02:54   71206 c:\windows\system32\perfc009.dat
- 2001-08-23 12:00 . 2011-10-02 23:45   71206 c:\windows\system32\perfc009.dat
+ 2001-08-23 12:00 . 2011-10-04 02:54   441014 c:\windows\system32\perfh009.dat
- 2001-08-23 12:00 . 2011-10-02 23:45   441014 c:\windows\system32\perfh009.dat
+ 2011-06-07 23:49 . 2011-10-04 02:50   116560 c:\windows\system32\FNTCACHE.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-08 399736]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"PeerBlock"="c:\program files\PeerBlock\peerblock.exe" [2010-11-07 1867888]
"Steam"="c:\program files\Steam\Steam.exe" [2011-08-05 1242448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2008-07-23 16804864]
"SoundMan"="SOUNDMAN.EXE" [2008-06-18 77824]
"AlcWzrd"="ALCWZRD.EXE" [2008-06-19 2808832]
"AVG_TRAY"="c:\program files\AVG\AVG10\avgtray.exe" [2011-09-10 2338656]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2011-06-30 2554696]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-05-25 13895272]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-05-25 111208]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2011-05-05 1632360]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54   551296   ----a-w-   c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\guard32.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0c:\progra~1\AVG\AVG10\avgchsvx.exe /sync\0c:\progra~1\AVG\AVG10\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgmfapx.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgam.exe"=
"c:\\Program Files\\AVG\\AVG10\\avgemcx.exe"=
"c:\\Program Files\\Steam\\steamapps\\cookiemonsterlovescookies\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
.
R0 AVGIDSEH;AVGIDSEH;c:\windows\system32\drivers\AVGIDSEH.sys [9/13/2010 4:27 PM 22992]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [9/7/2010 3:48 AM 32592]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [9/7/2010 3:48 AM 248656]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [9/7/2010 3:49 AM 297168]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdGuard.sys [5/2/2011 8:36 PM 242600]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/2/2011 8:36 PM 29400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [6/8/2011 5:46 PM 218688]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [7/22/2011 12:27 PM 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [7/12/2011 5:55 PM 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [7/18/2011 8:02 PM 116608]
R2 avgfws;AVG Firewall;c:\program files\AVG\AVG10\avgfws.exe [3/9/2011 7:24 PM 2708024]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG10\avgwdsvc.exe [2/8/2011 5:33 AM 269520]
R2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [6/8/2011 3:12 AM 68136]
R3 Avgfwdx;Avgfwdx;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
R3 pbfilter;pbfilter;c:\program files\PeerBlock\pbfilter.sys [6/8/2011 5:36 PM 19056]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [6/23/2011 7:49 PM 47360]
S3 Avgfwfd;AVG network filter service;c:\windows\system32\drivers\avgfwdx.sys [7/12/2010 4:33 AM 30432]
S3 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [8/18/2011 1:33 AM 7390560]
S3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\AVGIDSDriver.sys [8/19/2010 9:42 PM 134480]
S3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\AVGIDSFilter.sys [8/19/2010 9:42 PM 24144]
S3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\AVGIDSShim.sys [8/19/2010 9:42 PM 27216]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
.
.
------- Supplementary Scan -------
.
uStart Page = my.daemon-search.com
TCP: Interfaces\{81299952-8656-45EC-99E7-3351FE80D0D0}: NameServer = 156.154.70.22,156.154.71.22
FF - ProfilePath - c:\documents and settings\JAY\Application Data\Mozilla\Firefox\Profiles\wzku8r84.default\
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - prefs.js: browser.startup.homepage - hxxp://by152w.bay152.mail.live.com/?rru=inbox
FF - prefs.js: network.proxy.type - 0
.
.***********************************************

.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-10-03 23:06
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwClose
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
***********************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1188)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(1244)
c:\windows\system32\guard32.dll
.
- - - - - - - > 'explorer.exe'(3912)
c:\windows\system32\guard32.dll
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\AVG\AVG10\avgchsvx.exe
c:\progra~1\AVG\AVG10\avgrsx.exe
c:\program files\COMODO\COMODO Internet Security\cmdagent.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\windows\system32\nvsvc32.exe
c:\program files\AVG\AVG10\avgam.exe
c:\program files\AVG\AVG10\avgnsx.exe
c:\program files\AVG\AVG10\avgemcx.exe
c:\windows\system32\wscntfy.exe
c:\windows\RTHDCPL.EXE
c:\windows\SOUNDMAN.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe
.
************************************************************
.
Completion time: 2011-10-03 23:08:48 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-04 03:08
ComboFix2.txt 2011-10-04 02:53
ComboFix3.txt 2011-10-03 02:04
ComboFix4.txt 2011-08-05 13:35
.
Pre-Run: 151,854,379,008 bytes free
Post-Run: 151,783,407,616 bytes free
.
- - End Of File - - 2122E74068292392576641509B6A33D2

SysProt AntiRootkit v1.0.1.0
by swatkat

*****************************************************************
************************************************

Process:
Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 4
Hidden: Yes
Window Visible: No

Name: C:\Program Files\Mozilla Firefox\firefox.exe
PID: 4
Hidden: Yes
Window Visible: No

***************************************************
***************************************************
Kernel Modules:
Module Name: Combo-Fix.sys
Service Name: ---
Module Base: B8108000
Module End: B8117000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_atapi.sys
Service Name: ---
Module Base: B157D000
Module End: B1595000
Hidden: Yes

Module Name: \SystemRoot\System32\Drivers\dump_WMILIB.SYS
Service Name: ---
Module Base: B85EE000
Module End: B85F0000
Hidden: Yes

Module Name: \??\C:\ComboFix\catchme.sys
Service Name: catchme
Module Base: B007B000
Module End: B0083000
Hidden: Yes

Module Name: \??\C:\WINDOWS\system32\Drivers\PROCEXP113.SYS
Service Name: ---
Module Base: B8648000
Module End: B864A000
Hidden: Yes

***********************************************************
***********************************************************
SSDT:
Function Name: ZwAdjustPrivilegesToken
Address: B191B8B2
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwConnectPort
Address: B191AE48
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateFile
Address: B191B518
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateKey
Address: B191C126
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreatePort
Address: B191AD28
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSection
Address: B191E1E0
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateSymbolicLinkObject
Address: B191E568
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwCreateThread
Address: B191A714
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteKey
Address: B191BA9E
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDeleteValueKey
Address: B191BC9E
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwDuplicateObject
Address: B191A51A
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateKey
Address: B191C864
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwEnumerateValueKey
Address: B191CABA
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwLoadDriver
Address: B191DBF0
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwMakeTemporaryObject
Address: B191B110
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenFile
Address: B191B6F4
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenKey
Address: B191C116
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenProcess
Address: B83B9738
Driver Base: B83B8000
Driver End: B83BD000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwOpenSection
Address: B191B3B4
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwOpenThread
Address: B191A34C
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryKey
Address: B191CCC8
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryMultipleValueKey
Address: B191D11C
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwQueryValueKey
Address: B191CEDA
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRenameKey
Address: B191C67C
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwRequestWaitReplyPort
Address: B191D68C
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSecureConnectPort
Address: B191D940
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSecurityObject
Address: B191BEEE
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetSystemInformation
Address: B191DEE8
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSetValueKey
Address: B191C3F4
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwShutdownSystem
Address: B191B07A
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwSystemDebugControl
Address: B191B2A0
Driver Base: B1911000
Driver End: B194A000
Driver Name: \SystemRoot\System32\DRIVERS\cmdguard.sys

Function Name: ZwTerminateProcess
Address: B83B97DC
Driver Base: B83B8000
Driver End: B83BD000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwTerminateThread
Address: B83B9878
Driver Base: B83B8000
Driver End: B83BD000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

Function Name: ZwWriteVirtualMemory
Address: B83B9914
Driver Base: B83B8000
Driver End: B83BD000
Driver Name: \SystemRoot\system32\DRIVERS\AVGIDSShim.Sys

******************************************************
******************************************************
No Kernel Hooks found

*********************************************************
*********************************************************
Hidden files/folders:
Object: C:\Qoobox\BackEnv\AppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cache.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Cookies.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Desktop.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Favorites.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\History.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalAppData.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\LocalSettings.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Music.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\NetHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Personal.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Pictures.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\PrintHood.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Profiles.Folder.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Programs.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Recent.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SendTo.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SetPath.bat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartMenu.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\StartUp.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\SysPath.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\Templates.folder.dat
Status: Access denied

Object: C:\Qoobox\BackEnv\VikPev00
Status: Access denied


« Last Edit: October 05, 2011, 12:29:43 PM by SuperDave »	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #9 on: October 04, 2011, 01:22:42 PM »

Is the computer running any better?

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.
•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #10 on: October 04, 2011, 08:21:57 PM »

Yes my computer is running fine and shutting down alot quicker. I haven't had any thing pop up on avg or comodo at all lately. The only problem I have now is that when I restart the computer it doesn't automatically log on to windows anymore and start up.

Heres is the scan of eset:

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4403ab8d23624b4f90e2151c50fd12a2
# end=stopped
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 12:22:42
# local_time=2011-10-04 08:22:42 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 4296165 4296165 0 0
# compatibility_mode=1032 16777173 100 97 0 60831697 0 0
# compatibility_mode=3073 16777213 80 75 6891567 19144731 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=6454
# found=0
# cleaned=0
# scan_time=2209
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6528
# api_version=3.0.2
# EOSSerial=4403ab8d23624b4f90e2151c50fd12a2
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-10-05 02:15:29
# local_time=2011-10-04 10:15:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=512 16777215 100 0 4298497 4298497 0 0
# compatibility_mode=1032 16777173 100 97 0 60834029 0 0
# compatibility_mode=3073 16777213 80 75 6893899 19147063 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=59056
# found=1
# cleaned=0
# scan_time=6644
C:\Program Files\Ubisoft\Tom Clancy's Splinter Cell Conviction\src\system\
ubiorbitapi_r2.dll a variant of Win32/Packed.VMProtect.AAA trojan (unable to clean) 00000000
000000000000000000000000 I


« Last Edit: October 05, 2011, 12:32:48 PM by SuperDave »	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #11 on: October 05, 2011, 12:33:45 PM »

Quote

when I restart the computer it doesn't automatically log on to windows anymore and start up.

What exactyly does it do?

Save these instructions so you can have access to them while in Safe Mode.

Please click here to download AVP Tool by Kaspersky.

Save it to your desktop.
Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
Double click the setup file to run it.
Click Next to continue.
Accept the License agreement and click on next.
It will, by default, install it to your desktop folder. Click Next.
It will then open a box There will be a tab that says Automatic scan.
Under Automatic scan make sure these are checked.
Hidden Startup Objects
System Memory
Disk Boot Sectors.
My Computer.
Also any other drives (Removable that you may have)

Leave the rest of the settings as they appear as default.
•Then click on Scan at the to right hand Corner.
•It will automatically Neutralize any objects found.
•If some objects are left un-neutralized then click the button that says Neutralize all
•If it says it cannot be neutralized then choose the delete option when prompted.
•After that is done click on the reports button at the bottom and save it to file name it Kas.
•Save it somewhere convenient like your desktop and just post only the detected Virus\malware in the report it will be at the very top under Detected post those results in your next reply.

Note: This tool will self uninstall when you close it so please save the log before closing it.


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #12 on: October 06, 2011, 10:26:38 PM »

Well when It starts up an error message pops up saying windows could not log you in. Then the password becomes blank and I just press enter and it logs on and starts up. It used to just automatically log in and startup.

The kapersky scan took 7 1/2 hours. It found no threats at all.

Am I cured?


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #13 on: October 07, 2011, 01:22:34 PM »

Quote

Am I cured?

Besides the startup password thing are you having any other problems?


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #14 on: October 08, 2011, 12:42:01 PM »


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #15 on: October 08, 2011, 12:47:52 PM »

Ok. We can do some cleanup.

To uninstall ComboFix

Click the Start button. Click Run. For Vista: type in Run in the Start search, and click on Run in the results pane.
In the field, type in ComboFix /uninstall

(Note: Make sure there's a space between the word ComboFix and the forward-slash.)

Then, press Enter, or click OK.
This will uninstall ComboFix, delete its folders and files, hides System files and folders, and resets System Restore.

*************************************************
Clean out your temporary internet files and temp files.

Download TFC by OldTimer to your desktop.

Double-click TFC.exe to run it.

Note: If you are running on Vista, right-click on the file and choose Run As Administrator

TFC will close all programs when run, so make sure you have saved all your work before you begin.

* Click the Start button to begin the cleaning process.
* Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two.
* Please let TFC run uninterrupted until it is finished.

Once TFC is finished it should restart your computer. If it does not, please manually restart the computer yourself to ensure a complete cleaning.
********************************************************
Go to Microsoft Windows Update and get all critical updates.
----------
I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

execpro22
Topic Starter

Beginner

Posts: 52

Computer: Specs
Experience: Beginner
OS: Unknown

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #16 on: October 10, 2011, 02:52:09 PM »

I uninstaled combofix and then ran TFC. I then restarted my computer, but a problem occurred. After the restart my sound wouldn't work. My speakers worked fine but the volume icon was gone from my taskbar and anything I played on youtube no sound would come out. I did a system restore to the day before which fixed the problem. Also i'm still having the issue with windows not automatically logging me in.


	IP logged

SuperDave
Malware Removal Specialist
Moderator

Prodigy

Thanked: 617
Posts: 6,998

Certifications: List
Experience: Experienced
OS: Windows XP

Re: Had a virus and computer takesd awhile to shutdown.

« Reply #17 on: October 11, 2011, 01:43:06 PM »

Quote

Also i'm still having the issue with windows not automatically logging me in.

You should start a thread in another one of our forums to get help with that.
I will lock this thread. If you need it re-opened, please send me a pm.


	IP logged

AMD Athlon XP 1900+ 1.47 GHz 3 GB Ram Windows XP Home with SP3, MicroSoft Security Essentials, Spybot S&D. SuperAntiSpyware and Threatfire with Comodo Firewall & Windows Defender

Pages: 1 2 [All] - (Top)

Home / Software / Computer viruses and spyware / Had a virus and computer takesd awhile to shutdown.	« previous next »