Jump to content

Something is not right.


Glebe

Recommended Posts

I consider myself tech-savvy, I fix friends and my own computers for fun. (Geeky I know). I just put in my oldest HD to see what was on it, (pre my interest in computers) over 6 years old or just 6, I scanned with mbam and it got 22 infections (suprise, suprise) I was still getting annoying popups after it successfuly removed them. I ran combofix it and I will post a log. But I still get pop ups.

Here goes nothing, lmk if there is something more I need.

(for hjt logs, mbam logs ignore timestamps..I haven't set time on my computer so it's still goofy.)

As im typing this I got a popup

They are always different popups, but all start the same (on the browser) CiD:

Here is a link..don't know if it's malicious.

http://www.etoro.com/registration/join/?mo...lient=webtrader

onto the logs (sorry I'm chatty :))

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 7:23:32 AM, on 11/1/2004

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\AOL\1129412339\ee\AOLSoftware.exe

C:\Program Files\Real\RealPlayer\RealPlay.exe

C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

C:\WINDOWS\system32\PSIService.exe

C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129412339\ee\AOLSoftware.exe

O4 - HKLM\..\Run: [setupWizard] D:\SetupWizard.exe reboot

O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER

O4 - HKLM\..\Run: [List Multi Knob Inside] C:\Documents and Settings\All Users\Application Data\64 01 list multi\locks rule.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKLM\..\Run: [dvd global admin that] C:\Documents and Settings\All Users\Application Data\browse lies dvd global\Owns Joy.exe

O4 - HKCU\..\Run: [16 Pop] C:\DOCUME~1\ANN&PA~1\APPLIC~1\TYPEBY~1\Ooze browse.exe

O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML

O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab

O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192397740062

O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab

O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe

O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe

O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)

O24 - Desktop Component 0: (no name) - http://images10.newegg.com/Nest/warmBG.gif

--

End of file - 5709 bytes

Malwarebytes' Anti-Malware 1.41

Database version: 2943

Windows 5.1.2600 Service Pack 2

11/1/2004 7:24:18 AM

mbam-log-2004-11-01 (07-24-18).txt

Scan type: Quick Scan

Objects scanned: 4542

Time elapsed: 17 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

File "C:\ComboFix\MT_explorer.exe.tmp" added successfully

File "C:\ComboFix\MT_agentsvr.exe.tmp" added successfully

File "C:\ComboFix\MT_fltmc.exe.tmp" added successfully

File "C:\ComboFix\MT_logagent.exe.tmp" added successfully

File "C:\ComboFix\MT_magnify.exe.tmp" added successfully

File "C:\ComboFix\MT_msiexec.exe.tmp" added successfully

File "C:\ComboFix\MT_narrator.exe.tmp" added successfully

File "C:\ComboFix\MT_ntkrnlpa.exe.tmp" added successfully

File "C:\ComboFix\MT_ntoskrnl.exe.tmp" added successfully

File "C:\ComboFix\MT_osk.exe.tmp" added successfully

File "C:\ComboFix\MT_snmp.exe.tmp" added successfully

File "C:\ComboFix\MT_telnet.exe.tmp" added successfully

File "C:\ComboFix\MT_utilman.exe.tmp" added successfully

Link to post
Share on other sites

Also would just like to add-

I hardly use xp (but it's on this HD) I use linux. So when I plugged in this HD it installed most drivers but I can't find the driver for ViewSonic VE500, so my resolution is stuck in lowest, same with color quality so I really can't see anything..if you have anything that can help me get these drivers let me know.

(they can't be found on viewsonic's site for some reason)

Link to post
Share on other sites

ComboFix 09-10-11.01 - Ann & Pat 11/01/2004 7:47.2.1 - NTFSx86

Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.744 [GMT -7:00]

Running from: c:\documents and settings\Ann & Pat\My Documents\Downloads\ComboFix.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

---- Previous Run -------

.

c:\program files\Altnet\Download Manager\adm25.dll

c:\program files\Altnet\Download Manager\adm4.dll

c:\program files\Altnet\Download Manager\adm4005.exe

c:\program files\Altnet\Download Manager\admdata.dll

c:\program files\Altnet\Download Manager\admdloader.dll

c:\program files\Altnet\Download Manager\admfdi.dll

c:\program files\Altnet\Download Manager\admprog.dll

c:\program files\Altnet\Download Manager\altnetuninstall.exe

c:\program files\Altnet\Download Manager\asm.exe

c:\program files\Altnet\Download Manager\asmend.exe

c:\program files\Altnet\Download Manager\asmps.dll

c:\program files\Altnet\Download Manager\dminfo3.cab

c:\program files\Altnet\Download Manager\dminstall7.cab

c:\program files\Altnet\Download Manager\dmsetup.bmp

c:\program files\Altnet\Download Manager\dmsetupbig.bmp

c:\program files\Altnet\Download Manager\jsinstall.cab

c:\program files\Altnet\Download Manager\jslegals.txt

c:\program files\Altnet\Download Manager\selectdir.txt

c:\program files\Altnet\Download Manager\selectdir1st.txt

c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR

c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR

c:\program files\Need2Find\bar\1.bin\N2PLUGIN.DLL

c:\program files\Need2Find\bar\1.bin\NPND2FN.DLL

c:\program files\Need2Find\bar\1.bin\PARTNER.DAT

c:\program files\Need2Find\bar\Cache\018CA031

c:\program files\Need2Find\bar\Cache\026162FD

c:\program files\Need2Find\bar\Cache\files.ini

c:\program files\Need2Find\bar\History\search

c:\program files\Need2Find\bar\Settings\prevcfg.htm

c:\windows\Fonts\acrsec.fon

c:\windows\system32\mirindaspk.exe

-- Previous Run --

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\utilman.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

--------

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\utilman.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\explorer.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527808.exe

Infected copy of c:\windows\msagent\agentsvr.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527848.exe

Infected copy of c:\windows\system32\fltmc.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527849.exe

Infected copy of c:\windows\system32\logagent.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527850.exe

Infected copy of c:\windows\system32\magnify.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527851.exe

Infected copy of c:\windows\system32\msiexec.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527852.exe

Infected copy of c:\windows\system32\narrator.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527853.exe

Infected copy of c:\windows\system32\ntkrnlpa.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527854.exe

Infected copy of c:\windows\system32\ntoskrnl.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527824.exe

Infected copy of c:\windows\system32\osk.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527855.exe

Infected copy of c:\windows\system32\snmp.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527856.exe

Infected copy of c:\windows\system32\telnet.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527857.exe

Infected copy of c:\windows\system32\utilman.exe was found and disinfected

Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527858.exe

.

((((((((((((((((((((((((( Files Created from 2004-10-01 to 2004-11-01 )))))))))))))))))))))))))))))))

.

2008-07-09 22:46 . 2008-07-10 01:19 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\FrostWire

2008-07-09 22:44 . 2008-07-09 22:44 -------- d-----w- c:\program files\Common Files\Java

2008-07-09 22:42 . 2004-11-01 07:39 -------- d-----w- c:\program files\FrostWire

2008-06-24 16:14 . 2008-07-09 22:42 -------- d-----w- c:\program files\LimeWire

2008-06-20 17:41 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll

2008-06-20 10:44 . 2008-06-20 10:44 138368 -c----w- c:\windows\system32\dllcache\afd.sys

2008-02-20 05:32 . 2008-02-20 05:32 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll

2007-12-30 02:01 . 2008-07-09 22:11 -------- d-----w- c:\program files\Diablo II

2007-12-22 15:06 . 2007-12-22 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!

2007-12-21 17:54 . 2004-11-01 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\64 01 list multi

2007-12-21 17:54 . 2004-11-01 08:10 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Type Byte Amen

2007-12-21 17:53 . 2007-12-21 17:53 -------- d-----w- c:\program files\Circle Developement

2007-12-21 02:48 . 2007-12-21 02:48 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys

2007-12-21 02:47 . 2007-12-21 02:47 -------- d-----w- c:\program files\Real

2007-12-20 16:33 . 2007-12-20 16:33 -------- d-----w- c:\documents and settings\Ann & Pat\.borland

2007-12-18 14:40 . 2007-12-18 14:40 417792 -c----w- c:\windows\system32\dllcache\vbscript.dll

2007-12-18 09:51 . 2007-12-18 09:51 179584 -c----w- c:\windows\system32\dllcache\mrxdav.sys

2007-12-02 23:28 . 2007-12-02 23:28 139744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat

2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\program files\MSBuild

2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\windows\system32\XPSViewer

2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\program files\Reference Assemblies

2007-12-02 23:09 . 2006-06-29 21:07 14048 ------w- c:\windows\system32\spmsg2.dll

2007-12-02 22:46 . 2007-12-02 22:46 -------- d-----w- c:\program files\MSXML 6.0

2007-11-28 01:18 . 2007-11-28 01:46 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\FileZilla

2007-11-18 03:35 . 2004-11-01 07:43 -------- d-----w- c:\program files\Opera

2007-10-29 22:43 . 2008-05-07 05:18 1287680 -c----w- c:\windows\system32\dllcache\quartz.dll

2007-10-26 00:29 . 2007-10-26 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData

2007-10-26 00:21 . 2007-10-26 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet

2007-10-25 22:34 . 2007-10-25 22:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared

2007-10-19 16:13 . 2007-10-19 16:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple

2007-10-16 03:28 . 2007-10-16 03:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2

2007-10-15 22:16 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll

2007-10-14 22:42 . 2007-10-14 22:42 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\WMTools Downloaded Files

2007-10-11 03:57 . 2007-10-11 03:59 -------- d-----w- c:\program files\QuickTime

2007-10-11 03:54 . 2007-10-11 03:54 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Apple

2007-10-09 22:25 . 2007-07-09 13:09 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll

2007-09-03 17:36 . 2007-09-03 17:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire

2007-08-20 16:32 . 2004-11-01 07:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP

2007-08-11 18:06 . 2007-08-11 18:06 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Steam

2007-08-11 17:34 . 2004-08-04 05:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys

2007-08-11 17:34 . 2004-08-04 05:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2007-07-31 02:18 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll

2007-07-12 07:12 . 2007-07-12 07:12 81920 ----a-w- c:\windows\system32\frapsvid.dll

2007-07-10 19:46 . 2007-07-10 19:46 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Viewpoint

2007-06-23 02:44 . 2007-06-23 02:48 -------- d-----w- c:\windows\.mpr_file_store_32

2007-06-09 22:07 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll

2007-06-09 22:01 . 2007-06-09 22:01 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Microsoft Help

2007-06-09 22:00 . 2007-06-09 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help

2007-06-09 21:59 . 2007-06-09 21:59 -------- d-----r- C:\MSOCache

2007-06-09 00:16 . 2007-06-09 00:16 -------- d-----w- c:\program files\Windows Media Connect 2

2007-06-09 00:13 . 2007-06-09 00:14 -------- d-----w- c:\windows\system32\drivers\UMDF

2007-06-08 18:20 . 2007-06-08 18:20 32768 ----a-w- c:\windows\system32\netfxperf.dll

2007-06-08 18:20 . 2007-06-08 18:20 74752 ----a-w- c:\windows\system32\mscories.dll

2007-06-08 18:20 . 2007-06-08 18:20 275456 ----a-w- c:\windows\system32\mscoree.dll

2007-06-08 18:20 . 2007-06-08 18:20 155648 ----a-w- c:\windows\system32\mscorier.dll

2007-06-08 18:20 . 2007-06-08 18:20 83968 ----a-w- c:\windows\system32\dfshim.dll

2007-06-07 07:54 . 2007-06-07 07:54 88576 ----a-w- c:\windows\system32\infocardapi.dll

2007-06-07 07:54 . 2007-06-07 07:54 580952 ----a-w- c:\windows\system32\icardagt.exe

2007-06-07 07:54 . 2007-06-07 07:54 12120 ----a-w- c:\windows\system32\icardres.dll

2007-06-07 01:43 . 2007-06-09 00:21 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\uTorrent

2007-06-06 17:30 . 2007-06-06 17:30 1995632 ----a-w- c:\windows\system32\milcore.dll

2007-06-06 17:30 . 2007-06-06 17:30 771440 ----a-w- c:\windows\system32\PresentationNative_v0300.dll

2007-06-06 17:30 . 2007-06-06 17:30 483184 ----a-w- c:\windows\system32\evr.dll

2007-06-06 17:30 . 2007-06-06 17:30 347504 ----a-w- c:\windows\system32\PresentationHost.exe

2007-06-06 17:30 . 2007-06-06 17:30 161648 ----a-w- c:\windows\system32\UIAutomationCore.dll

2007-06-06 17:30 . 2007-06-06 17:30 106864 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

2007-06-06 17:30 . 2007-06-06 17:30 74096 ----a-w- c:\windows\system32\dxva2.dll

2007-06-06 17:30 . 2007-06-06 17:30 33136 ----a-w- c:\windows\system32\PresentationHostProxy.dll

2007-06-06 17:24 . 2007-06-06 17:24 16896 ----a-w- c:\windows\system32\tswpfwrp.exe

2007-05-31 04:14 . 2007-05-31 04:14 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Leadertech

2007-05-31 01:36 . 2007-05-31 01:36 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\AdobeAUM

2007-05-31 01:36 . 2007-05-31 01:36 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\AdobeUM

2007-05-31 01:28 . 2004-11-01 08:02 -------- d-----w- c:\program files\Google

2007-05-17 11:28 . 2007-12-04 18:38 550912 -c----w- c:\windows\system32\dllcache\oleaut32.dll

2007-05-15 23:43 . 2007-05-15 23:43 1320800 ----a-w- c:\windows\system32\msxml6.dll

2007-05-15 02:22 . 2008-06-17 23:16 -------- d-----w- c:\program files\PokerStars

2007-05-13 18:00 . 2007-05-26 02:10 -------- d-----w- c:\program files\Oberon Media

2007-05-10 03:30 . 2007-05-10 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel

2007-05-10 03:03 . 2007-05-10 03:30 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Corel

2007-05-10 02:57 . 2007-05-10 03:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys

2007-05-10 02:57 . 2007-05-10 03:30 88 --sh--r- c:\windows\system32\4F0BCE3A97.sys

2007-05-09 01:08 . 2007-05-09 01:08 86728 ----a-w- c:\windows\system32\msxml6r.dll

2007-05-08 22:03 . 2007-05-08 22:03 1275392 -c--a-w- c:\windows\system32\msxml4.dll

2007-04-25 14:21 . 2007-04-25 14:21 144896 -c----w- c:\windows\system32\dllcache\schannel.dll

2007-04-23 10:32 . 2007-04-23 10:32 364160 -c----w- c:\windows\system32\dllcache\update.sys

2007-04-22 00:52 . 2007-04-22 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith

2007-04-13 22:59 . 2007-04-13 22:59 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\TechSmith

2007-04-13 22:50 . 2007-03-19 15:30 102400 ----a-w- c:\windows\system32\tsccvid.dll

2007-04-13 22:50 . 2007-04-13 22:50 -------- d-----w- c:\windows\system32\QuickTime

2007-04-08 16:33 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll

2007-04-08 16:33 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll

2007-04-08 16:33 . 2004-08-04 04:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys

2007-04-08 16:33 . 2004-08-04 04:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys

2007-04-08 16:33 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys

2007-04-08 16:33 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys

2007-04-08 16:33 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys

2007-04-08 16:33 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys

2007-04-08 16:33 . 2004-08-04 05:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys

2007-04-08 16:33 . 2004-08-04 05:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys

2007-04-08 15:00 . 2008-06-23 16:06 -------- d-----w- c:\program files\Belkin Keyboard Mouse

2007-04-06 02:00 . 2007-04-06 02:00 1168 -c--a-w- c:\windows\mozver.dat

2007-03-25 06:29 . 2007-03-25 06:29 -------- d-----w- c:\documents and settings\Dylan\Local Settings\Application Data\Mozilla

2007-03-23 14:07 . 2007-03-23 14:07 1683280 -c----w- c:\windows\system32\dllcache\XpsSvcs.dll

2007-03-23 14:07 . 2007-03-23 14:07 1683280 ------w- c:\windows\system32\XpsSvcs.dll

2007-03-23 14:07 . 2007-03-23 14:07 583504 -c----w- c:\windows\system32\dllcache\XPSSHHDR.dll

2007-03-23 14:07 . 2007-03-23 14:07 583504 ------w- c:\windows\system32\XPSSHHDR.dll

2007-03-23 04:25 . 2007-03-23 04:25 677376 -c----w- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe

2007-03-23 04:25 . 2007-03-23 04:25 124928 ------w- c:\windows\system32\prntvpt.dll

2007-03-23 04:24 . 2007-03-23 04:24 28160 -c----w- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll

2007-03-17 13:43 . 2007-03-17 13:43 292864 -c----w- c:\windows\system32\dllcache\winsrv.dll

2007-03-16 03:34 . 2007-03-16 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems

2007-03-16 03:33 . 2008-06-23 16:07 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Adobe

2007-03-16 03:22 . 2007-03-16 03:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared

2007-03-08 15:36 . 2008-02-20 06:51 282624 -c----w- c:\windows\system32\dllcache\gdi32.dll

2007-03-08 15:36 . 2007-03-08 15:36 577536 -c----w- c:\windows\system32\dllcache\user32.dll

2007-03-08 13:47 . 2008-03-19 09:47 1845248 -c----w- c:\windows\system32\dllcache\win32k.sys

2007-02-15 17:48 . 2007-03-09 19:20 -------- d-----w- c:\documents and settings\Ann & Pat\Contacts

2007-02-15 17:45 . 2008-02-18 03:01 -------- dc----w- c:\windows\system32\DRVSTORE

2007-02-15 17:43 . 2008-07-11 18:50 -------- d-----w- c:\program files\MSN Messenger

2007-02-15 04:24 . 2007-02-17 23:28 19 -c--a-w- c:\windows\popcinfo.dat

2007-02-01 00:42 . 2007-02-01 00:42 -------- d-----w- c:\windows\Sun

2007-01-26 23:39 . 2007-01-26 23:39 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Mozilla

2007-01-25 23:34 . 2001-10-25 00:16 36224 ----a-r- c:\windows\system32\drivers\lne100v5.sys

2007-01-25 23:30 . 2002-08-29 06:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys

2007-01-25 23:30 . 2002-08-29 06:59 36224 ----a-w- c:\windows\system32\drivers\an983.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-10 21:54 . 2004-11-01 07:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-09-10 21:53 . 2004-11-01 07:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2008-10-16 21:13 . 2005-10-20 22:20 202776 ----a-w- c:\windows\system32\wuweb.dll

2008-10-16 21:13 . 2005-10-15 20:08 1809944 ----a-w- c:\windows\system32\wuaueng.dll

2008-10-16 21:12 . 2005-10-20 22:20 323608 ----a-w- c:\windows\system32\wucltui.dll

2008-10-16 21:12 . 2005-10-20 22:20 561688 ----a-w- c:\windows\system32\wuapi.dll

2008-10-16 21:09 . 2005-10-15 20:08 51224 ------w- c:\windows\system32\wuauclt.exe

2008-10-16 21:09 . 2005-05-26 11:16 43544 ----a-w- c:\windows\system32\wups2.dll

2008-10-16 21:09 . 2002-09-03 16:28 92696 ----a-w- c:\windows\system32\cdm.dll

2008-10-16 21:08 . 2005-10-20 22:20 34328 ----a-w- c:\windows\system32\wups.dll

2008-06-20 17:41 . 2002-09-03 16:46 245248 ------w- c:\windows\system32\mswsock.dll

2008-06-20 10:45 . 2002-09-03 17:06 360320 ------w- c:\windows\system32\drivers\tcpip.sys

2008-06-20 10:44 . 2002-09-03 16:27 138368 ----a-w- c:\windows\system32\drivers\afd.sys

2008-06-20 09:52 . 2002-09-03 17:06 225920 ----a-w- c:\windows\system32\drivers\tcpip6.sys

2008-06-13 13:10 . 2004-08-04 06:10 272128 ------w- c:\windows\system32\drivers\bthport.sys

2008-05-08 12:28 . 2002-09-03 16:56 202752 ----a-w- c:\windows\system32\drivers\rmcast.sys

2008-05-07 05:18 . 2005-08-30 17:14 1287680 ----a-w- c:\windows\system32\quartz.dll

2008-03-27 08:12 . 2002-09-03 16:45 151583 ----a-w- c:\windows\system32\msjint40.dll

2008-03-19 09:47 . 2002-09-03 17:11 1845248 ----a-w- c:\windows\system32\win32k.sys

2008-02-20 06:51 . 2002-09-03 16:33 282624 ----a-w- c:\windows\system32\gdi32.dll

2008-02-20 05:32 . 2002-09-03 16:31 45568 ----a-w- c:\windows\system32\dnsrslvr.dll

2007-12-18 14:40 . 2002-09-03 17:09 417792 ----a-w- c:\windows\system32\vbscript.dll

2007-12-18 09:51 . 2002-09-03 16:42 179584 ----a-w- c:\windows\system32\drivers\mrxdav.sys

2007-12-04 18:38 . 2002-09-03 16:51 550912 ----a-w- c:\windows\system32\oleaut32.dll

2007-11-18 15:25 . 2005-10-15 20:22 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Symantec

2007-11-13 10:25 . 2002-09-03 16:58 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys

2007-11-07 09:26 . 2002-09-03 16:39 721920 ----a-w- c:\windows\system32\lsasrv.dll

2007-10-28 01:40 . 2005-10-15 21:42 222720 ----a-w- c:\windows\system32\wmasf.dll

2007-10-25 22:07 . 2006-09-06 03:55 116472 -c----w- c:\windows\system32\pxcpyi64.exe

2007-10-25 22:07 . 2006-09-06 03:55 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys

2007-10-25 22:07 . 2006-09-06 03:55 118520 -c----w- c:\windows\system32\pxinsi64.exe

2007-08-21 06:15 . 2005-10-15 20:10 683520 ----a-w- c:\windows\system32\inetcomm.dll

2007-07-09 13:09 . 2004-03-06 02:16 584192 ----a-w- c:\windows\system32\rpcrt4.dll

2007-06-26 06:08 . 2002-09-03 16:46 1104896 ----a-w- c:\windows\system32\msxml3.dll

2007-06-13 10:23 . 2002-09-03 16:32 1033216 ----a-w- c:\windows\explorer.exe

2007-06-09 22:08 . 2005-10-15 20:31 -------- d-----w- c:\program files\Microsoft Works

2007-04-25 14:21 . 2002-09-03 16:58 144896 ----a-w- c:\windows\system32\schannel.dll

2007-04-23 10:32 . 2002-09-03 17:08 364160 ----a-w- c:\windows\system32\drivers\update.sys

2007-04-18 16:12 . 2002-09-03 16:44 2854400 ----a-w- c:\windows\system32\msi.dll

2007-03-17 13:43 . 2002-09-03 17:12 292864 ----a-w- c:\windows\system32\winsrv.dll

2007-03-08 15:36 . 2004-03-30 01:48 40960 -c--a-w- c:\windows\system32\mf3216.dll

2007-03-08 15:36 . 2002-09-03 17:08 577536 ------w- c:\windows\system32\user32.dll

2007-02-28 09:10 . 2002-09-03 16:50 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe

2007-02-28 08:38 . 2002-08-29 01:04 2057600 ----a-w- c:\windows\system32\ntkrnlpa.exe

2007-02-09 11:10 . 2002-09-03 16:50 574464 ------w- c:\windows\system32\drivers\ntfs.sys

2007-02-05 20:17 . 2002-09-03 17:08 185344 ------w- c:\windows\system32\upnphost.dll

2006-12-04 23:21 . 2002-09-03 16:46 414720 -c--a-w- c:\windows\system32\msscp.dll

2006-11-20 08:42 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\snmp.exe

2006-11-01 19:17 . 2002-09-03 16:41 927504 -c----w- c:\windows\system32\mfc40u.dll

2006-10-19 13:56 . 2004-08-20 22:01 713216 ----a-w- c:\windows\system32\sxs.dll

2006-10-19 04:58 . 2005-01-28 20:44 8704 -c--a-w- c:\windows\system32\wdfmgr.exe

2006-10-19 04:58 . 2005-01-28 20:44 8704 -c--a-w- c:\windows\system32\uwdf.exe

2006-10-19 03:03 . 2005-10-15 21:42 100864 ----a-w- c:\windows\system32\logagent.exe

2006-10-19 03:00 . 2005-01-28 20:44 38528 -c--a-w- c:\windows\system32\drivers\wpdusb.sys

2006-10-16 16:15 . 2002-09-03 16:51 122880 ----a-w- c:\windows\system32\oledlg.dll

2006-10-14 08:13 . 2002-09-03 16:41 981760 ----a-w- c:\windows\system32\mfc42u.dll

2006-10-13 12:35 . 2002-09-03 16:50 142336 -c--a-w- c:\windows\system32\nwprovau.dll

2006-10-04 13:33 . 2002-09-03 17:07 35840 ----a-w- c:\windows\system32\umandlg.dll

2006-10-04 08:48 . 2002-09-03 17:08 50176 ----a-w- c:\windows\system32\utilman.exe

2006-10-04 08:48 . 2002-09-03 16:51 215552 ----a-w- c:\windows\system32\osk.exe

2006-10-04 08:48 . 2002-09-03 16:47 53760 ----a-w- c:\windows\system32\narrator.exe

2006-10-04 08:48 . 2002-09-03 16:39 72704 ----a-w- c:\windows\system32\magnify.exe

2006-08-25 15:45 . 2002-09-03 16:29 617472 ------w- c:\windows\system32\comctl32.dll

2006-08-22 12:05 . 2002-09-03 16:32 498742 -c--a-w- c:\windows\system32\dxmasf.dll

2006-08-21 17:52 . 2002-09-03 17:05 246814 -c--a-w- c:\windows\system32\strmdll.dll

2006-08-21 12:21 . 2004-08-04 07:56 16896 -c--a-w- c:\windows\system32\fltlib.dll

2006-08-21 09:14 . 2004-08-04 07:56 23040 ----a-w- c:\windows\system32\fltmc.exe

2006-08-21 09:14 . 2004-08-04 06:01 128896 ------w- c:\windows\system32\drivers\fltmgr.sys

2006-08-17 12:28 . 2002-09-03 17:12 132096 ----a-w- c:\windows\system32\wkssvc.dll

2006-08-16 11:58 . 2002-09-03 16:26 100352 ----a-w- c:\windows\system32\6to4svc.dll

2006-08-14 10:34 . 2002-09-03 17:04 332928 ----a-w- c:\windows\system32\drivers\srv.sys

2006-07-21 08:24 . 2004-11-16 21:32 72704 ----a-w- c:\windows\system32\hlink.dll

2006-06-22 05:06 . 2002-09-03 16:53 1435648 -c--a-w- c:\windows\system32\query.dll

2006-06-22 05:06 . 2002-09-03 16:28 69120 -c--a-w- c:\windows\system32\ciodm.dll

2006-06-14 09:00 . 2005-10-15 22:35 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys

2006-06-14 08:47 . 2005-10-15 22:35 6400 ----a-w- c:\windows\system32\drivers\splitter.sys

2006-06-14 08:47 . 2005-10-15 22:35 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys

2006-05-11 19:06 . 2006-09-06 03:55 520192 -c--a-w- c:\windows\system32\CddbPlaylist2Sony.dll

2006-05-11 19:05 . 2006-09-06 03:55 73728 -c--a-w- c:\windows\system32\CddbLinkSony.dll

2006-05-11 19:05 . 2006-09-06 03:55 770048 -c--a-w- c:\windows\system32\CDDBUISony.dll

2006-05-11 19:03 . 2006-09-06 03:55 585728 -c--a-w- c:\windows\system32\CddbMusicIDSony.dll

2006-05-11 19:02 . 2006-09-06 03:55 643072 -c--a-w- c:\windows\system32\CDDBControlSony.dll

2006-05-05 09:47 . 2002-09-03 16:56 174592 ----a-w- c:\windows\system32\drivers\rdbss.sys

2006-05-05 09:41 . 2002-09-03 16:42 453120 ----a-w- c:\windows\system32\drivers\mrxsmb.sys

2006-04-26 22:19 . 2006-04-26 22:18 106496 -c--a-w- c:\windows\TMP_FILE_0.tmp

2006-03-17 00:33 . 2004-08-04 06:00 262784 ------w- c:\windows\system32\drivers\http.sys

2006-03-01 19:42 . 2005-10-15 20:09 161280 -c--a-w- c:\windows\system32\msdtcuiu.dll

2006-03-01 19:42 . 2005-10-15 20:09 956416 -c--a-w- c:\windows\system32\msdtctm.dll

2006-03-01 19:42 . 2005-10-15 20:09 11776 ----a-w- c:\windows\system32\xolehlp.dll

2006-03-01 19:42 . 2005-10-15 20:08 426496 -c--a-w- c:\windows\system32\msdtcprx.dll

2006-03-01 19:42 . 2005-07-26 04:31 91136 -c--a-w- c:\windows\system32\mtxoci.dll

2006-03-01 19:42 . 2005-07-26 04:31 66560 ----a-w- c:\windows\system32\mtxclu.dll

2006-02-20 03:24 . 2005-10-15 20:55 -------- d-----w- c:\program files\Common Files\InstallShield

2006-02-15 00:22 . 2005-10-15 22:35 142464 ------w- c:\windows\system32\drivers\aec.sys

2006-01-31 22:35 . 2005-10-15 20:23 91904 -c--a-w- c:\windows\system32\S32EVNT1.DLL

2006-01-31 22:35 . 2005-10-15 20:23 123248 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2005-10-31 17:46 . 2006-09-06 03:55 36679 -c----w- c:\windows\system32\drivers\NETMD052.sys

2005-10-17 21:14 . 2002-09-03 17:06 118272 -c--a-w- c:\windows\system32\t2embed.dll

2005-10-17 21:14 . 2002-09-03 16:33 80896 -c--a-w- c:\windows\system32\fontsub.dll

2005-10-15 22:35 . 2005-10-15 22:35 -------- d-----w- c:\program files\Analog Devices

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"16 Pop"="c:\docume~1\ANN&PA~1\APPLIC~1\TYPEBY~1\Ooze browse.exe" [2004-11-01 466944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

"HostManager"="c:\program files\Common Files\AOL\1129412339\ee\AOLSoftware.exe" [2006-09-26 50736]

"SetupWizard"="D:\SetupWizard.exe" [bU]

"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-12-21 26112]

"List Multi Knob Inside"="c:\documents and settings\All Users\Application Data\64 01 list multi\locks rule.exe" [bU]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]

"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

"dvd global admin that"="c:\documents and settings\All Users\Application Data\browse lies dvd global\Owns Joy.exe" [2004-11-01 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]

[bU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]

path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk

backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\America Online 9.0b\\waol.exe"=

"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\AOLServiceHost.exe"=

"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=

"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=

"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=

"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\aolsoftware.exe"=

"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\aim6.exe"=

"c:\\Program Files\\Steam\\SteamApps\\tkrwizkid@hotmail.com\\counter-strike source\\hl2.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Steam\\SteamApps\\dredlock21\\counter-strike\\hl.exe"=

S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [1/25/2007 4:34 PM 36224]

S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys --> c:\windows\system32\XDva007.sys [?]

S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]

S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2004-11-01 c:\windows\Tasks\ACF99DA0918A0FCC.job

- c:\docume~1\ann&pa~1\applic~1\typeby~1\1Phone64.exe [2007-12-21 08:10]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

mStart Page = hxxp://www.comcast.net/

mSearch Bar =

mWindow Title = Microsoft Internet Explorer presented by Comcast

uInternet Connection Wizard,ShellNext = iexplore

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML

IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL

DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

DPF: {886DDE35-E585-11D0-A707-000000521958} - hxxp://69.56.176.76/webplugin.cab

FF - ProfilePath - c:\documents and settings\Ann & Pat\Application Data\Mozilla\Firefox\Profiles\e4h7ykjw.default\

FF - prefs.js: browser.startup.homepage - www.google.com

FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll

FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\WPF\NPWPF.dll

---- FIREFOX POLICIES ----

FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2004-11-01 07:58

Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

SetupWizard = D:\SetupWizard.exe reboot???

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)

c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2712)

c:\windows\system32\l3codeca.acm

c:\windows\system32\WPDShServiceObj.dll

c:\program files\Common Files\aolshare\aolshcpy.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Internet Explorer\iexplore.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe

c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe

c:\windows\system32\PSIService.exe

c:\program files\Common Files\Symantec Shared\SNDSrvc.exe

c:\windows\system32\wscntfy.exe

.

**************************************************************************

.

Completion time: 2004-11-01 8:03 - machine was rebooted

ComboFix-quarantined-files.txt 2004-11-01 15:03

Pre-Run: 18,745,503,744 bytes free

Post-Run: 18,710,675,456 bytes free

558 --- E O F --- 2004-11-01 09:00

Link to post
Share on other sites

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.