Jump to content

Boot.Mebroot found by NAV but not MBAM false + ???


Recommended Posts

In WinXP my NAV finds the Boot.Mebroot on one of my many drives. It won't remove it. I tried Symantec Removal Tool and it doesn't find it. States mebroot not found. I downloaded MBAM and ran it. Doesn't find any problem. I've tried several things including booting into the Recovery Console from CD and running the fixmbr and fixboot on all drives. One drive has two partitions. I'm rerunning MBAM from safe mode now again. Ideas? :)

Link to post
Share on other sites

In WinXP my NAV finds the Boot.Mebroot on one of my many drives. It won't remove it. I tried Symantec Removal Tool and it doesn't find it. States mebroot not found. I downloaded MBAM and ran it. Doesn't find any problem. I've tried several things including booting into the Recovery Console from CD and running the fixmbr and fixboot on all drives. One drive has two partitions. I'm rerunning MBAM from safe mode now again. Ideas? :)

I just ran the GMER and my system crashed....got the blue screen of death. It has rebooted. I'll try to rerun it.

Link to post
Share on other sites

NAV finds the Boot.Mebroot but their Symantec's Boot.Mebroot Remover Tool didn't find it. MBAM doesn't find it either. My system has become very slow, especially at boot so something is going on. Please let me know if you have any ideas. Thank you very much in advance for any assistance.

DDS

DDS (Ver_10-03-17.01) - NTFSx86

Run by Michael Froehle at 23:39:24.03 on Wed 03/31/2010

Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_05

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2559.1807 [GMT -5:00]

AV: a-squared Anti-Malware *On-access scanning enabled* (Outdated) {0F8591BB-342B-4493-91C3-4E948ED21255}

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost -k DcomLaunch

C:\WINDOWS\system32\svchost -k rpcss

C:\WINDOWS\System32\svchost.exe -k netsvcs

C:\WINDOWS\system32\svchost.exe -k NetworkService

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\svchost.exe -k LocalService

C:\Program Files\a-squared Anti-Malware\a2service.exe

C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe

C:\Program Files\Symantec AntiVirus\DefWatch.exe

C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe

C:\Program Files\iolo\common\lib\ioloServiceManager.exe

C:\WINDOWS\system32\oodag.exe

C:\Program Files\Raxco\PerfectDisk\PDAgent.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\PROGRA~1\SYMANT~1\VPTray.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\PROGRAM FILES\A-SQUARED ANTI-MALWARE\a2guard.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe

C:\Program Files\PrintKey2000\Printkey2000.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Documents and Settings\Michael Froehle\Desktop\dds.scr

C:\WINDOWS\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

mStart Page = hxxp://www.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll

BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

BHO: TurboPasswords Helper: {e3e1b903-f307-4d2a-b987-d942a2f0a24f} - c:\program files\palm programs\turbopasswords\TurboPasswordsBHO.dll

TB: TurboPasswords Bar: {a9120c4f-5402-4572-9113-94661623d420} - c:\program files\palm programs\turbopasswords\TurboPasswordsBHO.dll

TB: {724D43A0-0D85-11D4-9908-00400523E39A} - No File

uRun: [LaunchList] c:\program files\pinnacle\studio 11\LaunchList2.exe

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"

mRun: [vptray] c:\progra~1\symant~1\VPTray.exe

mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"

mRun: [a-squared] "c:\program files\a-squared anti-malware\a2guard.exe" /d=60

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [startCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun

dRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe

StartupFolder: c:\docume~1\michae~1\startm~1\programs\startup\shortc~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\acroba~1.lnk - c:\program files\adobe\acrobat 5.0\distillr\AcroTray.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\printk~1.lnk - c:\program files\printkey2000\Printkey2000.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\window~1.lnk - c:\program files\windows desktop search\WindowsSearch.exe

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC} - c:\program files\java\jre1.6.0_05\bin\ssv.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll

Trusted Zone: intuit.com\ttlc

Trusted Zone: turbotax.com

DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} - hxxp://photo.walgreens.com/WalgreensActivia.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185144233516

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab

DPF: {AB294EC6-7ADA-11D4-9D5F-00B0D04BBD07} - hxxp://media.rivals.com/msichat.cab

DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: {2E7E425A-88E4-4FAC-99F8-3A357DFECAF4} = 4.2.2.3,4.2.2.2

Handler: G7PS - {9EACF0FB-4FC7-436E-989B-3197142AD979} - c:\windows\system32\G7PS.dll

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Notify: AtiExtEvent - Ati2evxx.dll

Notify: NavLogon - c:\windows\system32\NavLogon.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

SEH: Windows Desktop Search Namespace Manager: {56f9679e-7826-4c84-81f3-532071a8bcc5} - c:\program files\windows desktop search\MSNLNamespaceMgr.dll

LSA: Authentication Packages = msv1_0 relog_ap

Hosts: 192.168.1.102 TCP Printer Port

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\michae~1\applic~1\mozilla\firefox\profiles\p54udwuh.default\

FF - prefs.js: browser.startup.homepage - hxxp://yahoo.com

FF - plugin: c:\documents and settings\michael froehle\application data\move networks\plugins\npqmp071503000010.dll

FF - plugin: c:\documents and settings\michael froehle\application data\mozilla\plugins\npPxPlay.dll

FF - plugin: c:\program files\picasa2\npPicasa3.dll

FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\

FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);

c:\program files\mozilla firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);

c:\program files\mozilla firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.debug", false);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);

c:\program files\mozilla firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);

c:\program files\mozilla firefox\greprefs\all.js - pref("html5.enable", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

ef", true);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");

c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);

c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);

============= SERVICES / DRIVERS ===============

R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2006-9-6 337592]

R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2006-9-6 54968]

R2 a2AntiMalware;a-squared Anti-Malware Service;c:\program files\a-squared anti-malware\a2service.exe [2009-8-22 1858144]

R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2006-7-19 192160]

R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2006-7-19 169632]

R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-15 665008]

R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2010-3-15 665008]

R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2006-9-27 1813232]

R3 EL98x;3Com EtherLink 10/100 PCI;c:\windows\system32\drivers\el98xn5.sys [2007-6-3 70174]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-10-21 102448]

R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100329.002\naveng.sys [2010-3-30 84912]

R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100329.002\navex15.sys [2010-3-30 1324720]

R3 tbcspud;Santa Cruz Driver;c:\windows\system32\drivers\tbcspud.sys [2007-6-3 144768]

R3 tbcwdm;Santa Cruz WDM Driver;c:\windows\system32\drivers\tbcwdm.sys [2007-6-3 545088]

S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-6 34064]

S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2006-9-27 116464]

S3 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2005-1-26 280344]

============== File Associations ===============

JSEFile=NOTEPAD.EXE %1

VBEFile=NOTEPAD.EXE %1

VBSFile=NOTEPAD.EXE %1

=============== Created Last 30 ================

2010-04-01 04:36:35 0 ----a-w- c:\documents and settings\michael froehle\defogger_reenable

2010-03-31 02:33:24 0 d-----w- c:\docume~1\michae~1\applic~1\Malwarebytes

2010-03-31 02:30:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-03-31 02:30:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-03-31 02:30:06 20824 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-03-31 02:30:06 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-03-30 23:58:23 5607 ----a-w- c:\windows\~GLH0006.TMP

2010-03-30 23:58:11 122480 ----a-w- c:\windows\~GLC0008.TMP

2010-03-30 23:56:44 5607 ----a-w- c:\windows\~GLH0007.TMP

2010-03-30 23:56:42 122480 ----a-w- c:\windows\~GLC0007.TMP

2010-03-30 23:56:26 5607 ----a-w- c:\windows\~GLH0004.TMP

2010-03-30 23:56:25 122480 ----a-w- c:\windows\~GLC0006.TMP

2010-03-30 23:56:21 122480 ----a-w- c:\windows\~GLC0004.TMP

2010-03-30 23:46:06 5607 ----a-w- c:\windows\~GLH0005.TMP

2010-03-30 23:46:03 122480 ----a-w- c:\windows\~GLC0005.TMP

2010-03-30 23:44:16 5607 ----a-w- c:\windows\~GLH0003.TMP

2010-03-30 23:44:14 122480 ----a-w- c:\windows\~GLC0003.TMP

2010-03-30 23:43:58 5607 ----a-w- c:\windows\~GLH0002.TMP

2010-03-30 23:43:57 122480 ----a-w- c:\windows\~GLC0002.TMP

2010-03-30 23:40:13 0 d-----w- c:\program files\Quicken Family Lawyer

2010-03-30 23:39:56 5607 ----a-w- c:\windows\~GLH0001.TMP

2010-03-30 23:39:54 122480 ----a-w- c:\windows\~GLC0001.TMP

2010-03-30 23:39:13 5607 ----a-w- c:\windows\~GLH0000.TMP

2010-03-30 23:39:11 122480 ----a-w- c:\windows\~GLC0000.TMP

2010-03-24 21:45:50 0 d-----w- c:\docume~1\michae~1\applic~1\Windows Desktop Search

2010-03-24 13:04:58 0 d-----w- c:\program files\Windows Desktop Search

2010-03-24 13:04:54 0 d-----w- c:\windows\system32\GroupPolicy

2010-03-24 12:49:42 98304 -c----w- c:\windows\system32\dllcache\nlhtml.dll

2010-03-24 12:49:42 29696 -c----w- c:\windows\system32\dllcache\mimefilt.dll

2010-03-24 12:49:42 192000 -c----w- c:\windows\system32\dllcache\offfilt.dll

2010-03-23 01:10:00 0 ----a-w- c:\windows\ativpsrm.bin

2010-03-18 03:54:19 7900 ----a-w- c:\documents and settings\michael froehle\M1 Volleyball

2010-03-15 15:35:51 93096 ----a-w- c:\windows\system32\IncContxMenu.dll

2010-03-15 15:35:49 2164648 ----a-w- c:\windows\system32\Incinerator.dll

2010-03-15 15:35:39 9341 ----a-w- c:\windows\system32\drivers\filedisk.sys

2010-03-15 15:34:45 0 d-----w- c:\program files\iolo

2010-03-15 04:56:16 51511296 ----a-w- C:\dump_dvd.vob

2010-03-11 01:55:47 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe

==================== Find3M ====================

2010-03-11 12:38:54 832512 ----a-w- c:\windows\system32\wininet.dll

2010-03-11 12:38:52 78336 ----a-w- c:\windows\system32\ieencode.dll

2010-03-11 12:38:51 17408 ----a-w- c:\windows\system32\corpol.dll

2010-02-26 02:39:41 87608 ----a-w- c:\docume~1\michae~1\applic~1\inst.exe

2010-02-26 02:39:41 47360 ----a-w- c:\windows\system32\drivers\pcouffin.sys

2010-02-26 02:39:41 47360 ----a-w- c:\docume~1\michae~1\applic~1\pcouffin.sys

2010-02-19 23:47:50 3604480 ----a-w- c:\windows\system32\GPhotos.scr

2010-02-11 07:38:10 3565056 ----a-w- c:\windows\system32\drivers\ati2mtag.sys

2010-02-11 05:17:44 11845632 ----a-w- c:\windows\system32\atioglxx.dll

2010-02-11 05:07:40 307200 ----a-w- c:\windows\system32\atiiiexx.dll

2010-02-11 04:46:14 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2010-02-11 04:45:14 325120 ----a-w- c:\windows\system32\ati2dvag.dll

2010-02-11 04:37:08 290816 ----a-w- c:\windows\system32\atiok3x2.dll

2010-02-11 04:36:00 204800 ----a-w- c:\windows\system32\atipdlxx.dll

2010-02-11 04:35:44 155648 ----a-w- c:\windows\system32\Oemdspif.dll

2010-02-11 04:35:32 26112 ----a-w- c:\windows\system32\Ati2mdxx.exe

2010-02-11 04:35:24 43520 ----a-w- c:\windows\system32\ati2edxx.dll

2010-02-11 04:35:10 155648 ----a-w- c:\windows\system32\ati2evxx.dll

2010-02-11 04:33:56 602112 ----a-w- c:\windows\system32\ati2evxx.exe

2010-02-11 04:32:36 53248 ----a-w- c:\windows\system32\ATIDDC.DLL

2010-02-11 04:25:10 3818144 ----a-w- c:\windows\system32\ati3duag.dll

2010-02-11 04:23:04 45056 ----a-w- c:\windows\system32\aticalrt.dll

2010-02-11 04:22:52 45056 ----a-w- c:\windows\system32\aticalcl.dll

2010-02-11 04:21:14 3227648 ----a-w- c:\windows\system32\aticaldd.dll

2010-02-11 04:19:08 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2010-02-11 04:12:24 2670592 ----a-w- c:\windows\system32\ativvaxx.dll

2010-02-11 04:12:00 887724 ----a-w- c:\windows\system32\ativva6x.dat

2010-02-11 04:12:00 3107788 ----a-w- c:\windows\system32\ativva5x.dat

2010-02-11 03:59:16 49664 ----a-w- c:\windows\system32\amdpcom32.dll

2010-02-11 03:55:40 475136 ----a-w- c:\windows\system32\atikvmag.dll

2010-02-11 03:54:04 126976 ----a-w- c:\windows\system32\atiadlxx.dll

2010-02-11 03:53:46 17408 ----a-w- c:\windows\system32\atitvo32.dll

2010-02-11 03:47:50 626688 ----a-w- c:\windows\system32\ati2cqag.dll

2010-02-11 02:20:00 593920 ------w- c:\windows\system32\ati2sgag.exe

2010-01-28 23:13:18 30208 ----a-w- c:\windows\system32\iolobtdfg.exe

2010-01-28 23:13:18 12288 ----a-w- c:\windows\system32\smrgdf.exe

============= FINISH: 23:41:55.28 ===============

MBAM

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3935

Windows 5.1.2600 Service Pack 3 (Safe Mode)

Internet Explorer 7.0.5730.11

3/31/2010 10:58:30 PM

mbam-log-2010-03-31 (22-58-30).txt

Scan type: Full scan (C:\|F:\|G:\|I:\|K:\|M:\|)

Objects scanned: 261997

Time elapsed: 1 hour(s), 47 minute(s), 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

Attach.zip

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.