Jump to content

shopathome, winesm32, rootkit.tdss, virtumonde - NEED REMOVAL HELP


Recommended Posts

A couple days ago, one of my business websites suffered from Cross Scripting and other malicious code that I suspect was inserted via one of the Forms we have on our page. As a result, when I visited the homepage (unaware of the issue), I was redirected to the following websites:

freedotsite dot ru

tagteamexpo dot ru

buzznet-com dot babylon dot com dot youdao-com dot tagteamexpo dot ru:8080

where an auto download of the following programs/viruses/malware (possibly more) began:

ShopAtHome Toolbar

winesm32.exe

rootkit.tdss

FlvPLayer.exe

I was using Firefox 3.5 or 3.6 (can't remember) to browse at the time and quickly blocked the new scripts using NoScript but I guess the damage had already been done.

Norton flagged a few of these and I tried to use Spybot Search and Destroy, SuperAntiSpyware, MalwareBytes, and Norton Antivirus to scan and remove. Many different trojans, malware, and Virtumonde were found and supposedly removed. I attempted a System Restore but was unable and eventually I turned off and turned back on System Restore. I thought everything was successfully removed however while the computer suddenly unexpectedly shutdown during a browsing session in Internet Explorer. Upon reboot, the computer remained in a continuous boot cycle and would not boot up normally or into any form of Safe Mode.

Since then, I have used a Windows XP Professional SP2 disc to run a repair and am now able to successfully boot into Windows normally. However, the system runs incredibly slowly and immediately upon startup the following programs try to install:

PhotoGallery

Document Viewer

When I hit cancel, I receive a Microsoft .NET Framework message saying:

"an unhandled exception has occurred in a component in your application. Click continue and application will ignore this error and attempt to continue."

The first time this happened, I accidently hit continue after trying to cancel numerous times. The computer went into another reboot cycle as described above and I once again used the XP SP2 cd to repair.

Norton and MalwareBytes Scans have both come up clean but I'm afraid I still have a serious problem on hand.

After completing and saving the GMER file as ark.txt, the computer slowed to a crawl so badly that I had to restart. (Hopefully this doesn't have too much bearing on the repair process)

I have followed all directions to the best of my ability given the state of the crippled system to use DeFogger and posted/attached the requested DDS, GMER, and MBAM logs for help. Ark.txt and Attach.txt are zipped up together in Attach.zip. Thank you in advance for your help.

MALWAREBYTES LOG

Malwarebytes' Anti-Malware 1.44

Database version: 3809

Windows 5.1.2600 Service Pack 2

Internet Explorer 6.0.2900.2180

3/1/2010 7:48:59 PM

mbam-log-2010-03-01 (19-48-59).txt

Scan type: Quick Scan

Objects scanned: 124495

Time elapsed: 8 minute(s), 3 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

DDS.TXT

DDS (Ver_09-12-01.01) - NTFSx86

Run by Administrator at 15:43:43.23 on Mon 03/01/2010

Internet Explorer: 6.0.2900.2180

Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1014.360 [GMT -5:00]

AV: Norton AntiVirus *On-access scanning enabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\System32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\system32\brsvc01a.exe

C:\WINDOWS\system32\brss01a.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe

C:\Program Files\Common Files\LightScribe\LSSrvc.exe

C:\Program Files\Microsoft LifeCam\MSCamS32.exe

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe

C:\WINDOWS\system32\svchost.exe -k imgsvc

C:\Program Files\Norton AntiVirus\Engine\17.5.0.127\ccSvcHst.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\SMINST\Scheduler.exe

C:\WINDOWS\vVX6000.exe

C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe

C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe

C:\WINDOWS\system32\igfxpers.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Microsoft ActiveSync\wcescomm.exe

C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe

C:\PROGRA~1\MI3AA1~1\rapimgr.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe

C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe

C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe

C:\WINDOWS\system32\msiexec.exe

C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Administrator\Desktop\Defogger.exe

C:\Documents and Settings\Administrator\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=74&bd=smb&pf=desktop

uInternet Settings,ProxyOverride = *.local

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll

BHO: ContributeBHO Class: {074c1dc5-9320-4a9a-947d-c042949c6216} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

BHO: {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File

BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton antivirus\engine\17.5.0.127\IPSBHO.DLL

BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre1.6.0_01\bin\ssv.dll

BHO: AOL Toolbar Launcher: {7c554162-8cb7-45a4-b8f4-8ea1c75885f9} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - No File

BHO: Adobe PDF Conversion Toolbar Helper: {ae7cd045-e861-484f-8273-0445ee161910} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No File

TB: AOL Toolbar: {de9c389f-3316-41a7-809b-aa305ed9d922} - c:\program files\aol\aol toolbar 5.0\aoltb.dll

TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

TB: Contribute Toolbar: {517bdde4-e3a7-4570-b21e-2b52b6139fc7} - c:\program files\adobe\/Adobe Contribute CS3/contributeieplugin.dll

TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File

EB: Adobe PDF: {182ec0be-5110-49c8-a062-beb1d02a220b} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\wcescomm.exe"

uRun: [Google Update] "c:\documents and settings\administrator\local settings\application data\google\update\GoogleUpdate.exe" /c

mRun: [setRefresh] c:\program files\compaq\setrefresh\SetRefresh.exe

mRun: [Recguard] c:\windows\sminst\Recguard.exe

mRun: [Reminder] c:\windows\creator\Remind_XP.exe

mRun: [scheduler] c:\windows\sminst\Scheduler.exe

mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime

mRun: [VX6000] c:\windows\vVX6000.exe

mRun: [sSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot

mRun: [RoxioDragToDisc] "c:\program files\roxio\drag-to-disc\DrgToDsc.exe"

mRun: [PaperPort PTD] c:\program files\scansoft\paperport\pptd40nt.exe

mRun: [LifeCam] "c:\program files\microsoft lifecam\LifeExp.exe"

mRun: [indexSearch] c:\program files\scansoft\paperport\IndexSearch.exe

mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe

mRun: [ControlCenter2.0] c:\program files\brother\controlcenter2\brctrcen.exe /autorun

mRun: [Adobe_ID0EYTHM] c:\progra~1\common~1\adobe\adobev~1\server\bin\VERSIO~2.EXE

mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 8.0\acrobat\Acrotray.exe"

mRun: [iMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC

mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC

mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName

mRun: [igfxTray] c:\windows\system32\igfxtray.exe

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [Persistence] c:\windows\system32\igfxpers.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpphot~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe

StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\quickb~1.lnk - c:\program files\common files\intuit\quickbooks\qbupdate\qbupdate.exe

IE: &AOL Toolbar Search - c:\program files\aol\aol toolbar 5.0\resources\en-us\local\search.html

IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html

DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

Handler: intu-help-qb1 - {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - c:\program files\intuit\quickbooks 2008\HelpAsyncPluggableProtocol.dll

Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL

Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll

Notify: igfxcui - igfxdev.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files\common files\lightscribe\LSRunOnce.exe"

Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============

R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\nav\1105000.07f\SymDS.sys [2010-2-25 328752]

R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\nav\1105000.07f\SymEFA.sys [2010-2-25 172592]

R1 BHDrvx86;BHDrvx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\bashdefs\20100211.001\BHDrvx86.sys [2010-2-11 536112]

R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nav\1105000.07f\cchpx86.sys [2010-2-25 501888]

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2010-2-17 12872]

R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2010-2-17 66632]

R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\nav\1105000.07f\Ironx86.sys [2010-2-25 116272]

R2 NAV;Norton AntiVirus;c:\program files\norton antivirus\engine\17.5.0.127\ccSvcHst.exe [2010-2-25 126392]

R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2010-2-25 102448]

R3 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\ipsdefs\20100224.002\IDSXpx86.sys [2010-2-26 329592]

R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100301.016\NAVENG.SYS [2010-3-1 84912]

R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_17.5.0.127\definitions\virusdefs\20100301.016\NAVEX15.SYS [2010-3-1 1324720]

R3 VX6000;Microsoft LifeCam VX-6000;c:\windows\system32\drivers\VX6000Xp.sys [2010-2-9 2074464]

S0 wpvtcnti;wpvtcnti;c:\windows\system32\drivers\celfsq.sys --> c:\windows\system32\drivers\celfsq.sys [?]

S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-10 135664]

S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2010-2-17 12872]

=============== Created Last 30 ================

2010-03-01 20:42:10 20 ----a-w- c:\documents and settings\administrator\defogger_reenable

2010-03-01 19:24:24 118784 ----a-w- c:\windows\system32\chg.exe

2010-02-27 22:20:20 155648 ----a-w- c:\windows\system32\igfxres.dll

2010-02-27 22:09:04 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys

2010-02-27 22:09:03 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll

2010-02-27 22:09:02 9216 -c--a-w- c:\windows\system32\dllcache\wamps51.dll

2010-02-27 22:09:02 53248 -c--a-w- c:\windows\system32\dllcache\wamreg51.dll

2010-02-27 22:09:01 76800 -c--a-w- c:\windows\system32\dllcache\wam51.dll

2010-02-27 22:09:01 363520 -c--a-w- c:\windows\system32\dllcache\w3svc.dll

2010-02-27 22:09:00 73728 -c--a-w- c:\windows\system32\dllcache\w3ext.dll

2010-02-27 22:09:00 5632 -c--a-w- c:\windows\system32\dllcache\w3svapi.dll

2010-02-27 22:09:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll

2010-02-27 22:09:00 4608 -c--a-w- c:\windows\system32\dllcache\w3ctrs51.dll

2010-02-27 22:07:59 53248 -c--a-w- c:\windows\system32\dllcache\nextlink.dll

2010-02-27 22:06:59 7680 -c--a-w- c:\windows\system32\dllcache\ftpctrs2.dll

2010-02-27 22:05:59 76800 -c--a-w- c:\windows\system32\dllcache\logui.ocx

2010-02-27 22:04:03 488 ---ha-r- c:\windows\system32\logonui.exe.manifest

2010-02-27 22:03:55 749 ---ha-r- c:\windows\WindowsShell.Manifest

2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\wuaucpl.cpl.manifest

2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\sapi.cpl.manifest

2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\nwc.cpl.manifest

2010-02-27 22:03:55 749 ---ha-r- c:\windows\system32\ncpa.cpl.manifest

2010-02-27 22:03:16 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe

2010-02-27 22:02:58 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll

2010-02-27 21:44:54 70144 -c--a-w- c:\windows\system32\dllcache\pintlphr.exe

2010-02-27 21:43:48 57398 -c--a-w- c:\windows\system32\dllcache\imjpdadm.exe

2010-02-27 21:42:59 1086058 ----a-r- c:\windows\SET51.tmp

2010-02-27 21:42:57 1042903 ----a-r- c:\windows\SET4E.tmp

2010-02-27 21:16:17 12664 ----a-w- c:\windows\system32\wpa.bak

2010-02-27 20:52:20 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe

2010-02-27 20:52:17 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe

2010-02-27 20:30:55 7334 -c--a-w- c:\windows\system32\dllcache\wmerrenu.cat

2010-02-27 20:30:50 13753 ----a-r- c:\windows\SET58.tmp

2010-02-27 20:30:47 1086058 ----a-r- c:\windows\SET4C.tmp

2010-02-27 20:30:45 1042903 ----a-r- c:\windows\SET49.tmp

2010-02-27 20:27:14 0 ----a-w- c:\windows\SET69.tmp

2010-02-27 20:26:44 0 ----a-w- c:\windows\SET68.tmp

2010-02-27 20:26:43 0 ----a-w- c:\windows\SET67.tmp

2010-02-27 20:26:43 0 ----a-w- c:\windows\SET66.tmp

2010-02-27 20:26:42 0 ----a-w- c:\windows\SET65.tmp

2010-02-27 20:26:14 0 ----a-w- c:\windows\SET64.tmp

2010-02-27 08:23:58 0 d-----w- c:\windows\system32\wbem\Repository

2010-02-26 19:33:52 0 d-----w- c:\docume~1\admini~1\applic~1\CoreFTP

2010-02-26 19:27:09 0 d-----w- c:\program files\CoreFTP

2010-02-26 18:59:18 274288 ----a-w- c:\windows\system32\mucltui.dll

2010-02-26 18:59:18 215920 ----a-w- c:\windows\system32\muweb.dll

2010-02-26 18:59:18 16736 ----a-w- c:\windows\system32\mucltui.dll.mui

2010-02-26 10:37:24 481 ----a-w- c:\documents and settings\administrator\Shortcut to Administrator.lnk

2010-02-26 07:40:39 0 d-----w- c:\docume~1\admini~1\applic~1\Malwarebytes

2010-02-26 07:40:27 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2010-02-26 07:40:25 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes

2010-02-26 07:40:19 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

2010-02-26 07:40:19 0 d-----w- c:\program files\Malwarebytes' Anti-Malware

2010-02-26 04:55:12 0 d-----w- c:\windows\pss

2010-02-26 04:15:12 0 d-----w- c:\program files\Safer Networking

2010-02-26 03:31:49 0 d-----w- c:\program files\Trend Micro

2010-02-26 01:05:05 805 ----a-w- c:\windows\system32\drivers\SYMEVENT.INF

2010-02-26 01:05:05 7443 ----a-w- c:\windows\system32\drivers\SYMEVENT.CAT

2010-02-26 01:05:05 60808 ----a-w- c:\windows\system32\S32EVNT1.DLL

2010-02-26 01:05:05 124976 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS

2010-02-26 01:05:04 0 d-----w- c:\program files\Symantec

2010-02-26 01:05:04 0 d-----w- c:\program files\common files\Symantec Shared

2010-02-26 00:58:21 0 d-----w- c:\windows\system32\drivers\NAV

2010-02-26 00:58:20 0 d-----w- c:\program files\Norton AntiVirus

2010-02-26 00:58:13 0 d-----w- c:\program files\NortonInstaller

2010-02-26 00:58:13 0 d-----w- c:\docume~1\alluse~1\applic~1\NortonInstaller

2010-02-26 00:47:07 0 d-----w- c:\docume~1\alluse~1\applic~1\Norton

2010-02-25 19:41:17 120 ----a-w- c:\windows\Gmuroyenevudam.dat

2010-02-25 19:41:17 0 ----a-w- c:\windows\Dtecoxobuzogaz.bin

2010-02-25 19:33:09 24 ----a-w- c:\docume~1\admini~1\applic~1\rbuwzv.dat

2010-02-25 16:46:05 0 d-----w- c:\program files\Spybot - Search & Destroy

2010-02-25 16:46:05 0 d-----w- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy

2010-02-25 15:44:16 0 d-----w- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com

2010-02-25 15:44:03 0 d-----w- c:\program files\SUPERAntiSpyware

2010-02-25 15:44:03 0 d-----w- c:\docume~1\admini~1\applic~1\SUPERAntiSpyware.com

2010-02-25 15:43:42 0 d-----w- c:\program files\common files\Wise Installation Wizard

2010-02-24 21:54:38 0 d-----w- c:\program files\Coupons

2010-02-13 04:07:14 0 d-----w- c:\windows\system32\Adobe

2010-02-10 21:49:44 421 ----a-w- c:\windows\hegames.ini

2010-02-09 19:51:42 230424 ----a-w- C:\DC6810xp-001.raw

2010-02-09 19:47:00 5504 ----a-w- c:\windows\system32\drivers\MSTEE.sys

2010-02-09 19:46:52 19328 ----a-w- c:\windows\system32\drivers\WSTCODEC.SYS

2010-02-09 19:46:50 85376 ----a-w- c:\windows\system32\drivers\NABTSFEC.sys

2010-02-09 19:46:49 17024 ----a-w- c:\windows\system32\drivers\CCDECODE.sys

2010-02-09 19:46:44 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys

2010-02-09 19:45:58 90624 ----a-w- c:\windows\system32\kswdmcap.ax

2010-02-09 19:45:58 28672 ----a-w- c:\windows\system32\vidcap.ax

2010-02-09 19:45:56 61952 ----a-w- c:\windows\system32\kstvtune.ax

2010-02-09 19:45:48 53760 ----a-w- c:\windows\system32\vfwwdm32.dll

2010-02-09 19:45:47 43008 ----a-w- c:\windows\system32\ksxbar.ax

2010-02-09 19:33:16 764256 ----a-w- c:\windows\vVX6000.exe

2010-02-09 19:33:16 676704 ----a-w- c:\windows\system32\LCCoin30.dll

2010-02-09 19:33:16 577376 ----a-w- c:\windows\system32\vVX6000.dll

2010-02-09 19:33:16 524128 ----a-w- c:\windows\system32\LcProxy.ax

2010-02-09 19:33:16 32736 ----a-w- c:\windows\system32\drivers\VX6KCamd.sys

2010-02-09 19:33:16 2074464 ----a-w- c:\windows\system32\drivers\VX6000Xp.sys

2010-02-09 19:33:16 175456 ----a-w- c:\windows\system32\cVX6000.dll

2010-02-09 19:33:16 15497 ----a-w- c:\windows\VX6KStd.ini

2010-02-09 19:33:16 13022 ----a-w- c:\windows\VX6000.src

2010-02-09 19:33:16 101744 ----a-w- c:\windows\system32\VX6000.dll

2010-02-09 19:33:01 0 d-----w- c:\program files\Microsoft LifeCam

2010-02-09 19:26:29 0 d-----w- c:\windows\system32\XPSViewer

2010-02-09 19:25:39 575488 ------w- c:\windows\system32\xpsshhdr.dll

2010-02-09 19:25:39 1676288 ------w- c:\windows\system32\xpssvcs.dll

2010-02-09 19:25:39 117760 ------w- c:\windows\system32\prntvpt.dll

2010-02-09 19:25:39 0 d-----w- C:\9e278bc955f12189c84f52a7530760

2010-02-09 19:22:22 0 d-----w- c:\program files\MSXML 6.0

2010-02-09 19:11:14 3727720 ----a-w- c:\windows\system32\d3dx9_35.dll

2010-02-09 19:11:08 0 d-----w- c:\windows\Logs

2010-02-06 09:39:55 0 d-----w- c:\program files\uTorrent

2010-02-06 09:39:35 0 d-----w- c:\docume~1\admini~1\applic~1\uTorrent

2010-02-05 16:35:22 56 ---ha-w- c:\windows\system32\ezsidmv.dat

2010-02-05 16:33:04 0 d-----r- c:\program files\Skype

2010-02-04 16:16:23 0 d-----w- c:\program files\Windows Media Connect 2

2010-02-04 16:16:01 0 d-----w- C:\f97f0afe066c2f29494a

2010-02-04 16:15:28 0 d-----w- C:\386a74b299c20d0e2b

2010-02-04 16:15:24 0 d-----w- c:\windows\system32\LogFiles

2010-02-04 16:15:02 0 d-----w- C:\7a15ae45d14b128fd810f0

==================== Find3M ====================

2010-02-27 22:01:51 23428 ----a-w- c:\windows\system32\emptyregdb.dat

2010-01-17 19:52:29 117088 ----a-w- c:\windows\hpoins11.dat

2010-01-17 19:37:48 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

============= FINISH: 15:44:17.23 ===============

Attach.zip

Link to post
Share on other sites

  • 3 weeks later...
  • 2 weeks later...
  • Staff

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.