Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

2012 xp anit virus

Started by lashom35 , Dec 26 2011 12:35 PM

  • Please log in to reply

#31
lashom35
Posted 14 February 2012 - 03:00 PM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Ron,

I apologize for the late response but i have been out of town for work. Here are the requested reports.


QuickScan 32-bit v0.9.9.105
---------------------------
Scan date: Fri Feb 10 18:40:08 2012
Machine ID: D89193F9

C:\WINDOWS\system32\winlogon.exe - could not be scanned
--> Process winlogon.exe (932)
C:\WINDOWS\explorer.exe - could not be scanned
C:\WINDOWS\system32\svchost.exe - could not be scanned


No infection found.
-------------------



Processes
---------
ArcSoft Connect 1516 C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
ATI External Event Utility for Windows 1548 C:\WINDOWS\system32\ati2evxx.exe
ATI External Event Utility for Windows 1140 C:\WINDOWS\system32\ati2evxx.exe
avast! Antivirus 1980 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
Dell Wireless WLAN Card Wireless Networ 1932 C:\WINDOWS\system32\BCMWLTRY.EXE
explorer.exe 1988 C:\WINDOWS\explorer.exe
MediaServer.exe 2116 C:\Program Files\TVersity\Media Server\MediaServer.exe
Microsoft® Windows® Operating System 24232 C:\WINDOWS\system32\drwtsn32.exe
Microsoft® Windows® Operating System 23552 C:\WINDOWS\system32\drwtsn32.exe
Microsoft® Windows® Operating System 1372 C:\WINDOWS\system32\spoolsv.exe
Microsoft® Windows® Operating System 2900 C:\WINDOWS\system32\wscntfy.exe
NicConfigSvc 1864 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
novacomd Application 1884 C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
Pure Networks Platform 248 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
Pure Networks Platform 2212 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
svchost.exe 1680 C:\WINDOWS\system32\svchost.exe
svchost.exe 1528 C:\WINDOWS\system32\svchost.exe
svchost.exe 1292 C:\WINDOWS\system32\svchost.exe
svchost.exe 1252 C:\WINDOWS\system32\svchost.exe
svchost.exe 1156 C:\WINDOWS\system32\svchost.exe
tcprelay.exe 1912 C:\Program Files\Palm\PDK\tcprelay.exe
WLTRYSVC.EXE 1920 C:\WINDOWS\system32\WLTRYSVC.EXE
(verified) Bonjour 1652 C:\Program Files\Bonjour\mDNSResponder.exe
(verified) Java™ Platform SE 6 U17 1792 C:\Program Files\Java\jre6\bin\jqs.exe
(verified) Microsoft® Windows® Operating System 2156 C:\WINDOWS\network diagnostic\xpnetdiag.exe
(verified) Microsoft® Windows® Operating System 3428 C:\WINDOWS\system32\alg.exe
(verified) Microsoft® Windows® Operating System 904 C:\WINDOWS\system32\csrss.exe
(verified) Microsoft® Windows® Operating System 288 C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System 992 C:\WINDOWS\system32\lsass.exe
(verified) Microsoft® Windows® Operating System 980 C:\WINDOWS\system32\services.exe
(verified) Microsoft® Windows® Operating System 856 C:\WINDOWS\system32\smss.exe
(verified) Microsoft® Windows® Operating System 3460 C:\WINDOWS\system32\wbem\wmiprvse.exe
(verified) Microsoft® Windows® Operating System 101204 C:\WINDOWS\system32\wuauclt.exe
(verified) Windows® Internet Explorer 18600 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 39176 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 41420 C:\Program Files\Internet Explorer\iexplore.exe
(verified) Windows® Internet Explorer 96516 C:\Program Files\Internet Explorer\iexplore.exe


Network activity
----------------
Process AvastSvc.exe (1980) connected on port 80 (HTTP) --> 107.14.38.18
Process AvastSvc.exe (1980) connected on port 80 (HTTP) --> 72.14.204.101
Process AvastSvc.exe (1980) connected on port 80 (HTTP) --> 69.171.228.14
Process AvastSvc.exe (1980) connected on port 80 (HTTP) --> 72.14.204.101

Process svchost.exe (1252) listens on ports: 135 (RPC)
Process svchost.exe (1680) listens on ports: 2869 (SSDP event notification, UPNP)
Process tcprelay.exe (1912) listens on ports: 10022, 12345 (NetBus), 12346
Process MediaServer.exe (2116) listens on ports: 41952
Process nmsrvc.exe (2212) listens on ports: 1196


Autoruns and critical files
---------------------------
ATI External Event Utility for Windows C:\WINDOWS\system32\Ati2evxx.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\CRYPT32.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cryptnet.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\cscdll.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\dimsntfy.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\logon.scr
Microsoft® Windows® Operating System C:\WINDOWS\system32\SHELL32.dll
Microsoft® Windows® Operating System c:\windows\system32\userinit.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\WlNotify.dll
Network Magic C:\Program Files\Pure Networks\Network Magic\nmapp.exe
Pure Networks Platform C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\BROWSEUI.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\ctfmon.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\logonui.exe
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\sclgntfy.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\system32\stobject.dll
(verified) QuickTime C:\Program Files\QuickTime\qttask.exe
(verified) Windows® Internet Explorer C:\WINDOWS\system32\webcheck.dll


Browser plugins
---------------
avast! WebRep C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
BitDefender QuickScan C:\WINDOWS\Downloaded Program Files\qsax.dll
Messenger C:\Program Files\Messenger\msmsgs.exe
Microsoft® Windows® Operating System C:\WINDOWS\system32\mswsock.dll
Microsoft® Windows® Operating System C:\WINDOWS\system32\rsvpsp.dll
Microsoft® Windows® Operating System C:\WINDOWS\System32\winrnr.dll
Mozilla Default Plug-in C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
NPSWF32.dll C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
Windows Presentation Foundation C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
Windows® Internet Explorer C:\WINDOWS\system32\ieframe.dll
(verified) AcroIEHelperShim Library C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
(verified) Adobe Acrobat C:\Program Files\Internet Explorer\plugins\nppdf32.dll
(verified) Adobe Acrobat C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll
(verified) Bonjour C:\Program Files\Bonjour\mdnsNSP.dll
(verified) Java™ Platform SE 6 U17 C:\Program Files\Java\jre6\bin\jp2ssv.dll
(verified) Java™ Platform SE 6 U17 C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
(verified) Microsoft® Windows® Operating System C:\WINDOWS\network diagnostic\xpnetdiag.exe
(verified) npitunes.dll C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Internet Explorer\plugins\npqtplugin7.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
(verified) QuickTime Plug-in 7.6.6 C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll


Scan
----
MD5: ffaa62e671f4604f729063640befd039 C:\Program Files\Alwil Software\Avast5\1033\Base.dll
MD5: 9e9898d12608f8fbbd3ab3b9cde010c6 C:\Program Files\Alwil Software\Avast5\Aavm4h.dll
MD5: b0e0b1b2f651e3c3917d4bec88be57f4 C:\Program Files\Alwil Software\Avast5\AavmRpch.dll
MD5: 082901e36e49bdd5ebe1aceaccfcabae C:\Program Files\Alwil Software\Avast5\AhResBhv.dll
MD5: 7748d2c035541cc6119cbd0676065555 C:\Program Files\Alwil Software\Avast5\AhResJs.dll
MD5: e656b9bb3650fdc261110b5791e15ac9 C:\Program Files\Alwil Software\Avast5\AhResMai.dll
MD5: 9f91b0d0f39c087de9b0eadde33f49ec C:\Program Files\Alwil Software\Avast5\AhResMes.dll
MD5: c58756a546c564f0758fc13bae56fcbf C:\Program Files\Alwil Software\Avast5\AhResNS.dll
MD5: ea1cfd8098399e7ffebc5014c130729b C:\Program Files\Alwil Software\Avast5\AhResP2P.dll
MD5: 3a5e076cbff22e52e5bc29222437e6f2 C:\Program Files\Alwil Software\Avast5\AhResStd.dll
MD5: 852369f350aa2563938ab02f0eb8b431 C:\Program Files\Alwil Software\Avast5\AhResWS.dll
MD5: ca4ddb5cb61b905a4407c5fb76527437 C:\Program Files\Alwil Software\Avast5\ashBase.dll
MD5: 12ccfcb4bfb998647439adc8dd58a8c1 C:\Program Files\Alwil Software\Avast5\ashMaiSv.dll
MD5: a958d494cbbce0dfa989d8bb3d1b1841 C:\Program Files\Alwil Software\Avast5\ashServ.dll
MD5: 7a4a6056b53f36db50bcb8a334bad2b6 C:\Program Files\Alwil Software\Avast5\ashShell.dll
MD5: b821ced9f11f12f5dff8e983fc32aea2 C:\Program Files\Alwil Software\Avast5\ashTask.dll
MD5: bef4f20a11c0fe612d2d521a502cca52 C:\Program Files\Alwil Software\Avast5\ashTaskEx.dll
MD5: cd8e2ba308973659b224631349a2f039 C:\Program Files\Alwil Software\Avast5\ashWebSv.dll
MD5: db542d64f17ce2a804581ad6ae207db6 C:\Program Files\Alwil Software\Avast5\ashWsFtr.dll
MD5: 1d352baff5a4b2e5e163bb6e652daf49 C:\Program Files\Alwil Software\Avast5\aswAux.dll
MD5: 5a996ce86bda5ff1b628b21b9871287a C:\Program Files\Alwil Software\Avast5\aswCmnBS.dll
MD5: 85e7f7d95de30a2008c75726cfc3ad61 C:\Program Files\Alwil Software\Avast5\aswCmnIS.dll
MD5: 928f0fc896d10b099588a1d5aa46b1bf C:\Program Files\Alwil Software\Avast5\aswCmnOS.dll
MD5: 58bc0980941cb7ad218345adf24261d4 C:\Program Files\Alwil Software\Avast5\aswDld.dll
MD5: 09cb9ae8bbc2512d9818987e721abe32 C:\Program Files\Alwil Software\Avast5\aswEngLdr.dll
MD5: c3f2f11d2db6436b638ffb3befe97009 C:\Program Files\Alwil Software\Avast5\aswIdle.dll
MD5: 4f91c0b574919537defdb406ffd94430 C:\Program Files\Alwil Software\Avast5\aswLog.dll
MD5: aee62a34b70cbea34ebe384d529312cb C:\Program Files\Alwil Software\Avast5\aswProperty.dll
MD5: 388d8dd599c04577edff52e79c451bd7 C:\Program Files\Alwil Software\Avast5\aswSqLt.dll
MD5: f9446590f30e954f9ada62dda89dc321 C:\Program Files\Alwil Software\Avast5\aswStrm.dll
MD5: 328bc79bc53ba7a284c818dde88945d7 C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
MD5: 996e6d052438e8d8dfd501f31560b2e0 C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
MD5: 5fc77a3708bd421dfdf32b3f654d4ee6 C:\Program Files\Alwil Software\Avast5\defs\12021001\algo.dll
MD5: ad70d42b7b993b65c3880918d6d7a89e C:\Program Files\Alwil Software\Avast5\defs\12021001\arPot.dll
MD5: 74e2fb99d9310fb73f77905e39c3a60c C:\Program Files\Alwil Software\Avast5\defs\12021001\aswCmnBS.dll
MD5: 1c08931655dd2aaa4e566a9cd07d5447 C:\Program Files\Alwil Software\Avast5\defs\12021001\aswCmnIS.dll
MD5: d43118da873c97716c7d7f279d77f340 C:\Program Files\Alwil Software\Avast5\defs\12021001\aswCmnOS.dll
MD5: a216b10ec97af9016e9716157cb7bf3a C:\Program Files\Alwil Software\Avast5\defs\12021001\aswEngin.dll
MD5: 28501ee17a2e6e49f5d6b91d465b610e C:\Program Files\Alwil Software\Avast5\defs\12021001\aswFiDb.dll
MD5: e80d971b670018c4822f69449b037c0c C:\Program Files\Alwil Software\Avast5\defs\12021001\aswRep.dll
MD5: b813d81697069b221b1db11a8667745e C:\Program Files\Alwil Software\Avast5\defs\12021001\aswScan.dll
MD5: ea5abee342925aa2c959e07fe6a95d5c C:\Program Files\Alwil Software\Avast5\snxhk.dll
MD5: 35f57598f0589feb3c3abc1621bf329f C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
MD5: e9b8dff0c25c3933a1b4216afc3619b0 C:\Program Files\Common Files\Microsoft Shared\VGX\vgx.dll
MD5: cf514ce8a21808abd84ce8f307b02bdd C:\Program Files\Common Files\Pure Networks Shared\Platform\11.2.09195.1.nmctxtPS.dll
MD5: b80933a7e3d63277a23f9882bf839db5 C:\Program Files\Common Files\Pure Networks Shared\Platform\CAntiVirusCOM.dll
MD5: 6bcbed73231f5d30b92dee591b6679e9 C:\Program Files\Common Files\Pure Networks Shared\Platform\CFireWallCOM.dll
MD5: 1444ee8815b6eb99de6937d2e7313df6 C:\Program Files\Common Files\Pure Networks Shared\Platform\Linksys.dll
MD5: 1f174a1bf0b7718ecb8d1821ad1d3166 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmagnt.dll
MD5: 54e18addc60a2054cf99b2e847a6d378 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmcore.dll
MD5: d960ab4131a0568ed12c6bceda95f618 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxt.dll
MD5: 73bfdc88c6ef9715cdf57134a438837a C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe
MD5: 79e76dfb12de84a5dc3f677f6df172e5 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxthl.dll
MD5: de35eff35c9eb0b381709cf979537e2a C:\Program Files\Common Files\Pure Networks Shared\Platform\nmrasv.dll
MD5: cd569fa91ec6f59d045c19d0d3850f44 C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe
MD5: 75c1ca5b61414748ce9bcf3c7a52c39f C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvclb.dll
MD5: 130203d3313a0323dc333b941c3aa87a C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll
MD5: d0aa2987178aaf134d011c4cc7364b8b C:\Program Files\Common Files\Pure Networks Shared\Platform\upnpgw.dll
MD5: 9b38622df6506ac70d4c509acb0e7365 C:\Program Files\Dell\QuickSet\NicConfigSvc.exe
MD5: 751ee920d6811584e5b1f0b153a5a4e2 C:\Program Files\ESET\ESET Online Scanner\OnlineScanner.ocx
MD5: 5c8a29e5a379b27456a506907cc7548f C:\Program Files\Internet Explorer\ieproxy.dll
MD5: 5906643ebc9dac817800908b3ffd99ad C:\Program Files\internet explorer\xpshims.dll
MD5: 3e930c641079443d4de036167a69caa2 C:\Program Files\Messenger\msmsgs.exe
MD5: 0bfe041b7f5230739fb642a08deaa66a C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
MD5: 2da1b57183e890f3225c87eec6e46be6 C:\Program Files\Palm\PDK\tcprelay.exe
MD5: 719bbce1d942991a528f3418ff7b8837 C:\Program Files\Palm\SDK\bin\novacomd\x86\novacomd.exe
MD5: 45d2e47073134976d2f1dd4bf8582b14 C:\Program Files\Pure Networks\Network Magic\nmapp.exe
MD5: 96d7fb081cc326d73d13af7b6c44701e C:\Program Files\TVersity\Media Server\avcodec-52.dll
MD5: a867f717151b529e97c58800900da17b C:\Program Files\TVersity\Media Server\avformat-52.dll
MD5: 6c6c12831b7b612901d2f58ff5936d7f C:\Program Files\TVersity\Media Server\avutil-50.dll
MD5: 62046ec37105a43fdde61f1a156f7ba8 C:\Program Files\TVersity\Media Server\CORE_RL_bzlib_.dll
MD5: 8df84916f757a74b5a1af84c89442001 C:\Program Files\TVersity\Media Server\CORE_RL_jpeg_.dll
MD5: 14cf279495793589c9902497d65e97d5 C:\Program Files\TVersity\Media Server\CORE_RL_lcms_.dll
MD5: a3f85a192676a0a471a75a3e727f2fa4 C:\Program Files\TVersity\Media Server\CORE_RL_magick_.dll
MD5: 09d805c1ede28f6829b94417242e702a C:\Program Files\TVersity\Media Server\CORE_RL_tiff_.dll
MD5: 06188767a3c2360a17c056709b2ee5d6 C:\Program Files\TVersity\Media Server\CORE_RL_ttf_.dll
MD5: f8d89ac9e13ad9ad4d0fbe4be1e8bc44 C:\Program Files\TVersity\Media Server\CORE_RL_zlib_.dll
MD5: 4996ea9048bad33c22044d7147743c51 C:\Program Files\TVersity\Media Server\ImageMagickCoders\IM_MOD_RL_GRAY_.dll
MD5: 6f80db6acefddf61ea37790cdfe90538 C:\Program Files\TVersity\Media Server\libapr.dll
MD5: 242483bc36bd81c92d9fde74f4957d84 C:\Program Files\TVersity\Media Server\libapriconv.dll
MD5: 4ad5ce74994b98bc390aafdf1e2a5a91 C:\Program Files\TVersity\Media Server\libaprutil.dll
MD5: 41946139859baac2b66d154a87319df7 C:\Program Files\TVersity\Media Server\libcurl.dll
MD5: c85189aecaed14a1f0a7625cd5977f6b C:\Program Files\TVersity\Media Server\libmp3lame-0.dll
MD5: 93f88a524ef445134392251a95f5664d C:\Program Files\TVersity\Media Server\log4cxx.dll
MD5: e0a9b5b92097211a57fd16d27f2b3750 C:\Program Files\TVersity\Media Server\MediaServer.exe
MD5: de3a5fb77bbb229814e46b0964d72051 C:\Program Files\TVersity\Media Server\MSVCR71.dll
MD5: ff6aab73b8441bcdfe42178e252cab6d C:\Program Files\TVersity\Media Server\pthreadVC2.dll
MD5: 159e5bd94f243ec06fc5cc1a3660f15e C:\Program Files\TVersity\Media Server\sqlite3.dll
MD5: fe4e5b6f28a13cab95505e2c72fecdca C:\Program Files\TVersity\Media Server\swscale-0.dll
MD5: 04feacb049858139c8439a886586d88f C:\Program Files\TVersity\Media Server\taglib.dll
MD5: c9c31d04825dbac72ea4b9912e2c7e9f C:\Program Files\TVersity\Media Server\X11.dll
MD5: 42ee0091bbc47161e50f8477d7426fc5 C:\Program Files\TVersity\Media Server\zlib1.dll
MD5: 310c15fd8358b2c4cd7a5b98a112883f C:\WINDOWS\AppPatch\AcGenral.DLL
MD5: bb7fcdcd4de287340b5c1bb1949ad3c6 C:\WINDOWS\Downloaded Program Files\qsax.dll
MD5: ab87eeffd18f2baafc274e7075ea6c67 C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
MD5: bd86e02064d60c6b324f3e1ed4183059 C:\WINDOWS\Network Diagnostic\custsat.dll
MD5: 8a2ca6e1663ca343adf0a9d1826529ed C:\WINDOWS\system32\Ati2edxx.dll
MD5: 60ea2cd252034e7857538a67fcd5ac1d C:\WINDOWS\system32\Ati2evxx.dll
MD5: 3de89d7a2bf4e1880df6a7e5ab8f97e1 C:\WINDOWS\system32\ati2evxx.exe
MD5: 6e000ec0096a2a1cf4a31b7393a29ae1 C:\WINDOWS\System32\bcm1xsup.dll
MD5: ee56f213182841bbf333d4ea3db481ef C:\WINDOWS\System32\BCMLogon.dll
MD5: 4df537a09034434ea9481b88ab1d3c25 C:\WINDOWS\System32\bcmwlpkt.dll
MD5: 3118a7345a5c28e8d5c6be7a90aea0a6 C:\WINDOWS\system32\BCMWLTRY.EXE
MD5: 93afb83fbc1f9443cac722fca63d73bf C:\WINDOWS\system32\COMCTL32.dll
MD5: ed0c0df222209e43ad9afbf3fe87dde0 C:\WINDOWS\system32\comsvcs.dll
MD5: 8fcf03e4d7be9b5587ccf11719959006 C:\WINDOWS\system32\corpol.dll
MD5: bdaaf79dd63f194434d31a74b9bb8b77 C:\WINDOWS\system32\CRYPT32.dll
MD5: c14350fc0d47d806699c4f907fc6785b C:\WINDOWS\system32\cryptnet.dll
MD5: 515a7fae2070c2b0242b2353443e2f11 C:\WINDOWS\system32\cscdll.dll
MD5: 56adb11f7d4d0816c0be1e701c1b5e52 C:\WINDOWS\system32\D3DIM700.DLL
MD5: 06848c5a1674fe6c9b7e9ca9b5b4e6e5 C:\WINDOWS\system32\dbgeng.dll
MD5: e2092f0a1d7abc243f9c2362483d150d C:\WINDOWS\System32\dimsntfy.dll
MD5: 5d3fde8fb2801a2041d1b965372c4928 C:\WINDOWS\system32\DNSAPI.dll
MD5: fe3ea6e9afc1a78e6edca121e006afb7 C:\WINDOWS\system32\drivers\Afc.sys
MD5: efbb0956baed786e137351b5ca272aef C:\WINDOWS\system32\DRIVERS\AmdK8.sys
MD5: ec94e05b76d033b74394e7b2175103cf C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
MD5: 9e050c4e49a26ff181b70bec61ae048e C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
MD5: 1842b56b3d3f195c36f62708d266b95e C:\WINDOWS\system32\DRIVERS\atiide.sys
MD5: 6489310d11971f6ba6c7f49be0baf6e0 C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
MD5: 30d20fc98bcfd52e1da778cf19b223d4 C:\WINDOWS\system32\DRIVERS\bcmwl5.sys
MD5: 555e54ac2f601a8821cef58961653991 C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys
MD5: d03d10f7ded688fecf50f8fbf1ea9b8a C:\WINDOWS\system32\DRIVERS\HPZid412.sys
MD5: 89f41658929393487b6b7d13c8528ce3 C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
MD5: ba6b6fb242a6ba4068c8b763063beb63 C:\WINDOWS\system32\DRIVERS\HSX_CNXT.sys
MD5: e8ec1767ea315a39a0dd8989952ca0e9 C:\WINDOWS\system32\DRIVERS\HSX_DPV.sys
MD5: 61478fa42ee04562e7f11f4dca87e9c8 C:\WINDOWS\system32\DRIVERS\HSXHWAZL.sys
MD5: e246a32c445056996074a397da56e815 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
MD5: 36fcac4fa28b462ca867742dea59b0d0 C:\WINDOWS\system32\DRIVERS\pnarp.sys
MD5: d8ac00388262b1a4878a7ee12f31d376 C:\WINDOWS\system32\DRIVERS\purendis.sys
MD5: 24ed7af20651f9fa1f249482e7c1f165 C:\WINDOWS\system32\DRIVERS\rimmptsk.sys
MD5: 0fa803c64df0914b41f807ea276bf2a6 C:\WINDOWS\system32\DRIVERS\sffdisk.sys
MD5: c17c331e435ed8737525c86a7557b3ac C:\WINDOWS\system32\DRIVERS\sffp_sd.sys
MD5: 0f6aefad3641a657e18081f52d0c15af C:\WINDOWS\system32\DRIVERS\srv.sys
MD5: 8990440e4b2a7ca5a56a1833b03741fd C:\WINDOWS\system32\drivers\sthda.sys
MD5: fa2daa32bed908023272a0f77d625dae C:\WINDOWS\system32\DRIVERS\SynTP.sys
MD5: b6cc50279d6cd28e090a5d33244adc9a C:\WINDOWS\system32\DRIVERS\usb8023x.sys
MD5: fd600b032e741eb6aab509fc630f7c42 C:\WINDOWS\system32\DRIVERS\WinUSB.sys
MD5: 6ff66513d372d479ef1810223c8d20ce C:\WINDOWS\system32\DRIVERS\WudfPf.sys
MD5: 2e229c47678c8d275ccba88704659de6 C:\WINDOWS\system32\DRMClien.DLL
MD5: c9f5e1de6da983e89e714ed80c11f000 C:\WINDOWS\system32\drwtsn32.exe
MD5: f5b754cdea20bbb3a31e16a776ede6d6 c:\windows\system32\ESENT.dll
MD5: d7ae907903a6f46384b0f1d618fce822 C:\WINDOWS\system32\exts.dll
MD5: 0bc012900f03605e4b1dc0f152a41624 C:\WINDOWS\system32\hpz3l5mu.dll
MD5: 2ef237a6b7232f45a7df000c54974bf1 C:\WINDOWS\system32\ieframe.dll
MD5: ddac701c984d46209abf35d69998dc4c C:\WINDOWS\system32\iepeers.dll
MD5: b8a72abaca96b56fbe83ac2801586e50 C:\WINDOWS\system32\iertutil.dll
MD5: 9fad7dff67555ff1e06bc4a3893024a7 C:\WINDOWS\system32\logon.scr
MD5: 652401636a8d82d81a99a637a6a49f09 C:\WINDOWS\system32\MFC42u.DLL
MD5: f35a584e947a5b401feb0fe01db4a0d7 C:\WINDOWS\System32\MFC71.DLL
MD5: e377649feeb4ae85028d7b8a862b1831 C:\WINDOWS\system32\msfeeds.dll
MD5: d7cca87057901c87ed8cc40ddcc7fa1b C:\WINDOWS\system32\mshtml.dll
MD5: d3f72d50de53f9f1f55240115af4d42e C:\WINDOWS\system32\msi.dll
MD5: c7e39ea41233e9f5b86c8da3a9f1e4a8 C:\WINDOWS\system32\mspmsnsv.dll
MD5: 832e4dd8964ab7acc880b2837cb1ed20 C:\WINDOWS\system32\mswsock.dll
MD5: 062f837c1fbdb6a0a75f82efc2ee8e74 c:\windows\system32\netshell.dll
MD5: 3225c2bcbcaf3f0d994dadc82112e233 C:\WINDOWS\system32\ntsdexts.dll
MD5: 7a6a7900b5e322763430ba6fd9a31224 C:\WINDOWS\system32\ole32.dll
MD5: d4502f124289a31976130cccb014c9aa C:\WINDOWS\system32\RPCRT4.dll
MD5: 72451fd61ddbb0a1fb071b7c3cde5594 C:\WINDOWS\system32\rsvpsp.dll
MD5: 8bcd11d38fce43a519246a91cc40de6a C:\WINDOWS\system32\security.dll
MD5: 26cb10fa893f940ab09713ff46dcdade C:\WINDOWS\system32\SHDOCVW.dll
MD5: e5edbd51476db5001abf5c82ae5c3dd1 C:\WINDOWS\system32\shgina.dll
MD5: 1fd0e4dcf4f9084df6138bc5fde6610f C:\WINDOWS\System32\spool\PRTPROCS\W32X86\hpzpp5mu.dll
MD5: 60784f891563fb1b767f70117fc2428f C:\WINDOWS\system32\spoolsv.exe
MD5: 3a7c3cbe5d96b8ae96ce81f0b22fb527 c:\windows\system32\srvsvc.dll
MD5: 30ee694430b9bd030858cca88af1875f C:\WINDOWS\system32\urlmon.dll
MD5: a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\system32\userinit.exe
MD5: 9e03dc5ab51cfd0190541ce2038d819d C:\WINDOWS\system32\USP10.dll
MD5: 960f6d3cd9a1ba6435d7aadd102b297f C:\WINDOWS\system32\wbem\wmiprov.dll
MD5: bf67ac2c1f41be892b98e9b8e91c0cb8 C:\WINDOWS\system32\wiashext.dll
MD5: 306a2b05ea9846278113964dc6e2c940 C:\WINDOWS\system32\WININET.dll
MD5: d72b9ec3337b247a666f098f3d6b43de C:\WINDOWS\System32\winrnr.dll
MD5: 42b5427fac23bf6f1f31e466b7feb084 C:\WINDOWS\system32\winsrv.dll
MD5: d73fcf8da5ec0a15a0c00fe87ea8d32b C:\WINDOWS\system32\WINUSB.DLL
MD5: 9eefe69139fdbb4a3c327630f8eb993a C:\WINDOWS\system32\wlanapi.dll
MD5: 2cc34e8bb667eef78899546e12649196 C:\WINDOWS\system32\WlNotify.dll
MD5: 6c2981657e2d424518de66c786eee672 C:\WINDOWS\System32\wltrynt.dll
MD5: 8e12adcd26a2ac8006e52b74463e9dd1 C:\WINDOWS\system32\WLTRYSVC.EXE
MD5: 3406c40e64755cc43919218af12a616d C:\WINDOWS\system32\WMASF.DLL
MD5: 812466cecd47ec365fe51ba23c7cd43b C:\WINDOWS\system32\wmidx.dll
MD5: f92e1076c42fcd6db3d72d8cfe9816d5 C:\WINDOWS\system32\wscntfy.exe
MD5: bea4aee74fef171eb61de1bad8faf427 C:\WINDOWS\system32\xmllite.dll
MD5: 16403217ab6fc5c30c14c6b12098ad4b C:\WINDOWS\system32\xpsp2res.dll
MD5: 1b3b381e1aab46f7b321a46150d890cb C:\WINDOWS\system32\xpsp3res.dll
MD5: 736b12b725aeb2b07f0241a9f680cb10 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


No file uploaded.

Scan finished - communication took 2 sec
Total traffic - 0.01 MB sent, 0.76 KB recvd
Scanned 617 files and modules - 123 seconds

==============================================================================
C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Guest\Application Data\Mozilla\Firefox\Profiles\ulvymcyg.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome.manifest.vir Win32/TrojanDownloader.Tracur.F trojan
C:\Qoobox\Quarantine\C\Documents and Settings\Ryan LaShomb\Application Data\Mozilla\Firefox\Profiles\o2cs5o6u.default\extensions\{a60093af-7dba-414f-b18c-cb84870c6c08}\chrome\xulcache.jar.vir JS/Agent.NDJ trojan
C:\Qoobox\Quarantine\C\WINDOWS\explorer.exe.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD104.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD110.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD11F.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD128.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD134.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD140.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD14C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD159.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD164.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD170.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD17C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD18A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD194.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1A2.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1AE.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1B8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1C4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1D3.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1DC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1EC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD1F4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD204.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD210.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD21A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD226.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD22E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD236.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD23C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD38.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD44.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD50.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD56.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD5A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD5E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD60.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD63.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD68.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD74.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD80.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD8C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLD9A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDA4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDB0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDBC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDCA.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDD4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDE0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDEC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\OLDF8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD100.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD102.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD10C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD10E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD118.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD11A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD124.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD126.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD130.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD132.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD13C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD13E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD148.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD14A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD154.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD157.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD160.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD162.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD16C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD16E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD178.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD17A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD184.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD188.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD190.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD192.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD19C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD19F.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1A8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1AA.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1B4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1B6.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1C0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1C2.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1CC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1CE.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1D8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1DA.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1E4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1E6.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1F0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1F2.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1FC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD1FE.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD206.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD208.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD212.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD214.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD21C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD228.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD230.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD239.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD3F.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD42.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD4C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD4E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD58.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD5A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD64.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD66.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD70.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD72.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD7C.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD7E.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD88.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD8A.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD94.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLD97.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDA0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDA2.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDAC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDAE.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDB8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDBA.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDC4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDC8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDD0.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDD2.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDDC.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDDE.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDE8.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDEA.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDF4.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\OLDF6.tmp.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\svchost.exe.vir Win32/Patched.NBG trojan
C:\Qoobox\Quarantine\C\WINDOWS\system32\winlogon.exe.vir Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015760.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015761.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015762.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015783.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015784.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015785.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015789.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP11\A0015790.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP3\A0003129.exe a variant of Win32/InstallCore.D application
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP6\A0012389.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP6\A0012396.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP6\A0012398.exe Win32/Patched.NBG trojan
C:\System Volume Information\_restore{D93A5301-7318-4AF1-8CD2-23FFEB0BAB3E}\RP6\A0012413.exe Win32/Patched.NBG trojan
C:\WINDOWS\explorer.exe Win32/Patched.NBG trojan
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\16\34e6a250-1ad64524 a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\WINDOWS\system32\config\systemprofile\Application Data\Sun\Java\Deployment\cache\6.0\6\53a79e06-383783de a variant of Java/TrojanDownloader.Agent.NDJ trojan
C:\WINDOWS\system32\dllcache\explorer.exe Win32/Patched.NBG trojan
Operating memory Win32/Patched.NBG trojan

SHA256: 31ae5e6d0f795741a1ca91e252bc44c35f004d6cab6ba98f3c4b58c3e92f86a6
SHA1: 049863915158f5e6b5befcc63915c16bd1c57d80
MD5: e60dd665167cfe2fa7511d1c8eb84a9a
File size: 1.0 MB ( 1058816 bytes )
File name: explorer.exe
File type: Win32 EXE
Detection ratio: 8 / 43
Analysis date: 2012-01-27 00:18:25 UTC ( 2 weeks, 4 days ago )

00Antivirus Result Update
VirusBuster - 20120126
ViRobot - 20120126
VIPRE - 20120127
VBA32 - 20120126
TrendMicro-HouseCall - 20120126
TrendMicro - 20120126
TheHacker - 20120126
Symantec - 20120126
SUPERAntiSpyware - 20120126
Sophos - 20120126
Rising Trojan.Win32.Generic.12ADF86E 20120118
Prevx - 20120127
PCTools - 20120127
Panda Suspicious file 20120126
nProtect - 20120126
Norman - 20120126
NOD32 - 20120126
Microsoft Virus:Win32/Bamital.Q 20120126
McAfee-GW-Edition - 20120126
McAfee - 20120126
Kaspersky - 20120127
K7AntiVirus Virus 20120126
Jiangmin - 20120125
Ikarus Trojan.Patched 20120126
GData - 20120126
Fortinet - 20120126
F-Secure - 20120126
F-Prot - 20120126
eTrust-Vet - 20120126
eSafe - 20120126
Emsisoft Trojan.Patched!IK 20120126
DrWeb - 20120127
Comodo - 20120126
Commtouch - 20120126
ClamAV - 20120126
CAT-QuickHeal - 20120125
ByteHero - 20120126
BitDefender - 20120126
AVG Win32/Patched 20120126
Avast - 20120126
Antiy-AVL - 20120126
AntiVir TR/Patched.Gen 20120126
AhnLab-V3 - 20120126

Comments
Additional information
No commentsMore comments Leave your comment...? Rich Text AreaToolbar Bold (Ctrl+B) Italic (Ctrl+I) Underline (Ctrl+U) Undo (Ctrl+Z) Redo (Ctrl+Y) StylesStyles ?
Remove Formatting


Post comment You have not signed in. Only registered users can leave comments, sign in and have a voice!
Sign in Join the community

An error occurred
ssdeep
12288:MHmcoCUyutwAvAs4wTCyrPTloHWYUrkf8w0Vnzac1/g/J/vmS:2mftyuwAvN7lrvbkf8w0VnH1/g/J/O
TrID
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)

ExifTool
UninitializedDataSize....: 0
InitializedDataSize......: 752128
ImageVersion.............: 5.1
ProductName..............: Microsoft Windows Operating System
FileVersionNumber........: 6.0.2900.5512
LanguageCode.............: English (U.S.)
FileFlagsMask............: 0x003f
FileDescription..........: Windows Explorer
CharacterSet.............: Unicode
LinkerVersion............: 7.1
FileOS...................: Windows NT 32-bit
MIMEType.................: application/octet-stream
Subsystem................: Windows GUI
FileVersion..............: 6.00.2900.5512 (xpsp.080413-2105)
TimeStamp................: 2008:04:13 13:43:44+01:00
FileType.................: Win32 EXE
PEType...................: PE32
InternalName.............: explorer
ProductVersion...........: 6.00.2900.5512
SubsystemVersion.........: 4.1
OSVersion................: 5.1
OriginalFilename.........: EXPLORER.EXE
LegalCopyright...........: Microsoft Corporation. All rights reserved.
MachineType..............: Intel 386 or later, and compatibles
CompanyName..............: Microsoft Corporation
CodeSize.................: 282112
FileSubtype..............: 0
ProductVersionNumber.....: 6.0.2900.5512
EntryPoint...............: 0x1a55f
ObjectFileType...........: Executable application

Sigcheck
publisher................: Microsoft Corporation
product..................: Microsoft_ Windows_ Operating System
internal name............: explorer
copyright................: © Microsoft Corporation. All rights reserved.
original name............: EXPLORER.EXE
file version.............: 6.00.2900.5512 (xpsp.080413-2105)
description..............: Windows Explorer

Portable Executable structural information
PE Sections...................:

Name Virtual Address Virtual Size Raw Size Entropy MD5
.text 4096 281609 282112 6.38 f5a483a72f777fb2693cb4e9901abc27
.data 286720 7604 6144 1.30 983f35021232560eaaa99fcbc1b7d359
.rsrc 294912 754792 755200 6.50 7bb95e8ae1c01a6c863ee211dc8ae5a3
.reloc 1052672 14156 14336 6.78 8ab3b57351c95c8d78540008b9a707bc

PE Imports....................:

msvcrt.dll
_itow, free, memmove, realloc, _except_handler3, malloc, _ftol, _vsnwprintf

SHDOCVW.dll
-, -, -

GDI32.dll
GetStockObject, CreatePatternBrush, OffsetViewportOrgEx, GetLayout, CombineRgn, CreateDIBSection, GetTextExtentPoint32W, StretchBlt, CreateRectRgnIndirect, CreateRectRgn, GetClipRgn, IntersectClipRect, GetViewportOrgEx, SetViewportOrgEx, SelectClipRgn, PatBlt, GetBkColor, CreateCompatibleDC, CreateCompatibleBitmap, OffsetWindowOrgEx, DeleteDC, SetBkColor, BitBlt, ExtTextOutW, GetTextExtentPointW, GetClipBox, GetObjectW, SetTextColor, SetBkMode, CreateFontIndirectW, DeleteObject, GetTextMetricsW, SelectObject, GetDeviceCaps, TranslateCharsetInfo, SetStretchBltMode

ADVAPI32.dll
RegSetValueW, RegEnumKeyExW, GetUserNameW, RegNotifyChangeKeyValue, RegEnumValueW, RegQueryValueExA, RegOpenKeyExA, RegEnumKeyW, RegCloseKey, RegCreateKeyW, RegQueryInfoKeyW, RegOpenKeyExW, RegQueryValueExW, RegCreateKeyExW, RegSetValueExW, RegDeleteValueW, RegQueryValueW

KERNEL32.dll
GetSystemDirectoryW, CreateThread, CreateJobObjectW, ExitProcess, SetProcessShutdownParameters, ReleaseMutex, CreateMutexW, SetPriorityClass, GetCurrentProcess, GetStartupInfoW, GetCommandLineW, SetErrorMode, LeaveCriticalSection, EnterCriticalSection, ResetEvent, LoadLibraryExA, CompareFileTime, GetSystemTimeAsFileTime, SetThreadPriority, GetCurrentThreadId, GetThreadPriority, GetCurrentThread, GetUserDefaultLangID, Sleep, GetBinaryTypeW, GetModuleHandleExW, SystemTimeToFileTime, GetLocalTime, GetCurrentProcessId, GetEnvironmentVariableW, UnregisterWait, GlobalGetAtomNameW, GetFileAttributesW, MoveFileW, lstrcmpW, LoadLibraryExW, FindClose, FindNextFileW, FindFirstFileW, lstrcmpiA, SetEvent, AssignProcessToJobObject, GetDateFormatW, GetTimeFormatW, FlushInstructionCache, lstrcpynW, GetSystemWindowsDirectoryW, SetLastError, GetProcessHeap, HeapFree, HeapReAlloc, HeapSize, HeapAlloc, GetUserDefaultLCID, ReadProcessMemory, OpenProcess, InterlockedCompareExchange, LoadLibraryA, QueryPerformanceCounter, UnhandledExceptionFilter, SetUnhandledExceptionFilter, VirtualFree, VirtualAlloc, ResumeThread, TerminateProcess, TerminateThread, GetSystemDefaultLCID, GetLocaleInfoW, CreateEventW, GetLastError, OpenEventW, DelayLoadFailureHook, WaitForSingleObject, GetTickCount, ExpandEnvironmentStringsW, GetModuleFileNameW, GetPrivateProfileStringW, lstrcmpiW, CreateProcessW, FreeLibrary, GetWindowsDirectoryW, LocalAlloc, CreateFileW, DeviceIoControl, LocalFree, GetQueuedCompletionStatus, CreateIoCompletionPort, SetInformationJobObject, CloseHandle, LoadLibraryW, GetModuleHandleW, ActivateActCtx, DeactivateActCtx, GetFileAttributesExW, GetProcAddress, DeleteCriticalSection, CreateEventA, HeapDestroy, InitializeCriticalSection, MulDiv, InitializeCriticalSectionAndSpinCount, lstrlenW, InterlockedDecrement, InterlockedIncrement, GlobalAlloc, InterlockedExchange, GetModuleHandleA, GetVersionExA, GlobalFree, GetProcessTimes, lstrcpyW, GetLongPathNameW, RegisterWaitForSingleObject

UxTheme.dll
GetThemeBackgroundContentRect, GetThemeBool, GetThemePartSize, DrawThemeParentBackground, OpenThemeData, DrawThemeBackground, GetThemeTextExtent, DrawThemeText, CloseThemeData, SetWindowTheme, GetThemeBackgroundRegion, -, GetThemeMargins, GetThemeColor, GetThemeFont, GetThemeRect, IsAppThemed

BROWSEUI.dll
-, -, -, -

SHELL32.dll
-, -, SHGetFolderPathW, -, -, -, -, -, ExtractIconExW, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHGetSpecialFolderLocation, ShellExecuteExW, -, -, -, SHGetSpecialFolderPathW, -, -, -, SHBindToParent, -, -, -, SHParseDisplayName, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, -, SHChangeNotify, SHGetDesktopFolder, SHAddToRecentDocs, -, -, -, DuplicateIcon, -, -, -, -, -, -, -, -, SHUpdateRecycleBinIcon, SHGetFolderLocation, SHGetPathFromIDListA, -, -, -, -, -, -, -, SHGetPathFromIDListW, -, -, -

ntdll.dll
RtlNtStatusToDosError, NtQueryInformationProcess

ole32.dll
CoFreeUnusedLibraries, RegisterDragDrop, CreateBindCtx, RevokeDragDrop, CoInitializeEx, CoUninitialize, OleInitialize, CoRevokeClassObject, CoRegisterClassObject, CoMarshalInterThreadInterfaceInStream, CoCreateInstance, OleUninitialize, DoDragDrop

SHLWAPI.dll
StrCpyNW, -, -, -, -, StrRetToBufW, StrRetToStrW, -, -, -, -, SHQueryValueExW, PathIsNetworkPathW, -, AssocCreate, -, -, -, -, -, StrCatW, StrCpyW, -, -, -, -, -, -, SHGetValueW, -, StrCmpNIW, PathRemoveBlanksW, PathRemoveArgsW, PathFindFileNameW, StrStrIW, PathGetArgsW, -, StrToIntW, SHRegGetBoolUSValueW, SHRegWriteUSValueW, SHRegCloseUSKey, SHRegCreateUSKeyW, SHRegGetUSValueW, SHSetValueW, -, PathAppendW, PathUnquoteSpacesW, -, -, PathQuoteSpacesW, -, SHSetThreadRef, SHCreateThreadRef, -, -, -, PathCombineW, -, -, -, SHStrDupW, PathIsPrefixW, PathParseIconLocationW, AssocQueryKeyW, -, AssocQueryStringW, StrCmpW, -, -, -, -, -, -, -, -, SHRegQueryUSValueW, SHRegOpenUSKeyW, SHRegSetUSValueW, PathIsDirectoryW, PathFileExistsW, PathGetDriveNumberW, -, StrChrW, PathFindExtensionW, -, -, PathRemoveFileSpecW, PathStripToRootW, -, -, -, SHOpenRegStream2W, -, -, -, StrDupW, SHDeleteValueW, StrCatBuffW, SHDeleteKeyW, StrCmpIW, -, -, wnsprintfW, -, -, StrCmpNW, -, -

USER32.dll
TileWindows, GetDoubleClickTime, GetSystemMetrics, GetSysColorBrush, AllowSetForegroundWindow, LoadMenuW, GetSubMenu, RemoveMenu, SetParent, GetMessagePos, CheckDlgButton, EnableWindow, GetDlgItemInt, SetDlgItemInt, CopyIcon, AdjustWindowRectEx, DrawFocusRect, DrawEdge, ExitWindowsEx, WindowFromPoint, SetRect, AppendMenuW, LoadAcceleratorsW, LoadBitmapW, SendNotifyMessageW, SetWindowPlacement, CheckMenuItem, EndDialog, SendDlgItemMessageW, MessageBeep, GetActiveWindow, PostQuitMessage, MoveWindow, GetDlgItem, RemovePropW, GetClassNameW, GetDCEx, SetCursorPos, ChildWindowFromPoint, ChangeDisplaySettingsW, RegisterHotKey, UnregisterHotKey, SetCursor, SendMessageTimeoutW, GetWindowPlacement, LoadImageW, SetWindowRgn, IntersectRect, OffsetRect, EnumDisplayMonitors, RedrawWindow, SubtractRect, TranslateAcceleratorW, WaitMessage, InflateRect, CallWindowProcW, GetDlgCtrlID, SetCapture, LockSetForegroundWindow, SystemParametersInfoW, FindWindowW, CreatePopupMenu, GetMenuDefaultItem, DestroyMenu, GetShellWindow, EnumChildWindows, GetWindowLongW, SendMessageW, RegisterWindowMessageW, GetKeyState, CopyRect, MonitorFromRect, MonitorFromPoint, RegisterClassW, SetPropW, GetWindowLongA, SetWindowLongW, FillRect, GetCursorPos, MessageBoxW, LoadStringW, ReleaseDC, GetDC, EnumDisplaySettingsExW, EnumDisplayDevicesW, PostMessageW, DispatchMessageW, TranslateMessage, GetMessageW, PeekMessageW, PtInRect, BeginPaint, EndPaint, SetWindowTextW, GetAsyncKeyState, InvalidateRect, GetWindow, ShowWindowAsync, TrackPopupMenuEx, UpdateWindow, DestroyIcon, IsRectEmpty, SetActiveWindow, GetSysColor, DrawTextW, IsHungAppWindow, SetTimer, GetMenuItemID, TrackPopupMenu, EndTask, SendMessageCallbackW, GetClassLongW, LoadIconW, OpenInputDesktop, CloseDesktop, SetScrollPos, ShowWindow, BringWindowToTop, GetDesktopWindow, CascadeWindows, CharUpperBuffW, SwitchToThisWindow, InternalGetWindowText, GetScrollInfo, GetMenuItemCount, CreateWindowExW, DialogBoxParamW, MsgWaitForMultipleObjects, CharNextA, RegisterClipboardFormatW, EndDeferWindowPos, DeferWindowPos, BeginDeferWindowPos, PrintWindow, SetClassLongW, GetPropW, GetNextDlgGroupItem, GetNextDlgTabItem, ChildWindowFromPointEx, IsChild, NotifyWinEvent, TrackMouseEvent, GetCapture, GetAncestor, CharUpperW, SetWindowLongA, DrawCaption, ModifyMenuW, InsertMenuW, IsWindowEnabled, GetMenuState, LoadCursorW, GetParent, IsDlgButtonChecked, DestroyWindow, EnumWindows, IsWindowVisible, GetClientRect, UnionRect, EqualRect, GetWindowThreadProcessId, GetForegroundWindow, KillTimer, GetClassInfoExW, DefWindowProcW, RegisterClassExW, GetIconInfo, SetScrollInfo, GetLastActivePopup, SetForegroundWindow, IsWindow, GetSystemMenu, IsIconic, IsZoomed, EnableMenuItem, SetMenuDefaultItem, MonitorFromWindow, GetMonitorInfoW, GetWindowInfo, GetFocus, SetFocus, MapWindowPoints, ScreenToClient, ClientToScreen, GetWindowRect, SetWindowPos, DeleteMenu, GetMenuItemInfoW, SetMenuItemInfoW, CharNextW

OLEAUT32.dll
-, -
First seen by VirusTotal
2012-01-21 23:11:25 UTC ( 3 weeks, 2 days ago )
Last seen by VirusTotal
2012-01-27 00:18:25 UTC ( 2 weeks, 4 days ago )
File names (max. 25)
1.explorer.exe
2.C:\WINDOWS\explorer.exe
3.c:\windows\explorer.exe
4.file-3448407_exe
  • 0

Advertisements

#32
RKinner
Posted 14 February 2012 - 07:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
No problem. Since I last talked to you I have had another case of the same infections and found a way around it.

Download the attached fix.zip and right click on it and Extract All. You will see three files. a.txt, b.txt and c.txt. Copy the three file to C:\


Start, Settings, Control Panel, System, Advanced, Startup and Recovery -Settings, and change the Time to Display the List of Operating Systems from two to 10 seconds. OK


Now Reboot. When it gives you a choice between your regular XP and the Recovery Console, hit the down arrow to select the Recovery Console then Enter. You should get a black screen with a C:\> prompt. Type with an Enter after each line:

copy \a.txt \windows\explorer.exe


(I use two spaces in the code box so you can see where 1 space goes. It will probably ask you if you want to overwrite the existing file tell it)

y


copy \b.txt \windows\system32\svchost.exe


(It will probably ask you if you want to overwrite the existing file tell it)

y


copy \c.txt \windows\system32\winlogon.exe


It will probably ask you if you want to overwrite the existing file tell it)

y


exit

Run Combofix again and let's see if it is happy
  • 0

#33
lashom35
Posted 15 February 2012 - 01:45 PM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
I completed the steps. I had a problem with combofix generating the report log. My computer froze in the process and I had to shut down. Now when I go to boot the computer I get blue screen stating unmountable boot volume. I can't boot in safe mode either.
  • 0

#34
RKinner
Posted 15 February 2012 - 02:54 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Doesn't sound good. Can you boot into the Recovery Console?

If so:

fixmbr

fixboot

exit

Any luck?
  • 0

#35
lashom35
Posted 15 February 2012 - 03:19 PM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
No luck booting in Recovery Mode
  • 0

#36
RKinner
Posted 15 February 2012 - 03:22 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Acts like the hard drive has failed.

If you go into the CMOS/BIOS setup does it detect the hard drive? If so what part number does it give for it?
  • 0

#37
lashom35
Posted 15 February 2012 - 03:33 PM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
samsung hm080II-(S1)
  • 0

#38
RKinner
Posted 16 February 2012 - 02:25 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Appears Samsung sold the hard drive division to Seagate so maybe their Seatools for DOS CD will work for you.

http://www.seagate.c...lsDOS223ALL.ISO

You have to download the .iso file then burn it to a CD then boot off the CD. It will test your drive. The extended test will take a long time but is your best bet. Sometimes it can fix the drive after it finishes if you tell it to when it asks.

If you don't know how to make a bootable cd then get free iso brurner

http://www.freeisoburner.com/

You just run it, point it at the .iso file you downloaded and put in a blank CD and it should do the rest. Then move the CD to the sick PC and boot off it.
  • 0

#39
lashom35
Posted 21 February 2012 - 11:26 AM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
The scan found 2 errors but was unable to repair them.
  • 0

#40
RKinner
Posted 21 February 2012 - 12:15 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
The hard drive has failed. Not much you can do without replacing it.
  • 0

Advertisements

#41
lashom35
Posted 21 February 2012 - 07:01 PM

lashom35

    Member

  • Topic Starter
  • Member
  • PipPip
  • 55 posts
Do you have any other sources where i might be able to find the DOS tools for the samsung drive. The error states that the drive can not be fixed because it's the wrong drive.
  • 0

#42
RKinner
Posted 22 February 2012 - 12:10 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
http://majorgeeks.co...util_d5769.html
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP