Help - Search - Members - Calendar
Full Version: Something is not right.
Malwarebytes Forum > Computer Help > Malware Removal - HijackThis Logs
Glebe
Oct 12 2009, 12:16 AM
I consider myself tech-savvy, I fix friends and my own computers for fun. (Geeky I know). I just put in my oldest HD to see what was on it, (pre my interest in computers) over 6 years old or just 6, I scanned with mbam and it got 22 infections (suprise, suprise) I was still getting annoying popups after it successfuly removed them. I ran combofix it and I will post a log. But I still get pop ups.

Here goes nothing, lmk if there is something more I need.

(for hjt logs, mbam logs ignore timestamps..I haven't set time on my computer so it's still goofy.)

As im typing this I got a popup
They are always different popups, but all start the same (on the browser) CiD:

Here is a link..don't know if it's malicious.
http://www.etoro.com/registration/join/?mo...lient=webtrader

onto the logs (sorry I'm chatty tongue.gif)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:23:32 AM, on 11/1/2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\1129412339\ee\AOLSoftware.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINDOWS\system32\PSIService.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1129412339\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [SetupWizard] D:\SetupWizard.exe reboot
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [List Multi Knob Inside] C:\Documents and Settings\All Users\Application Data\64 01 list multi\locks rule.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKLM\..\Run: [dvd global admin that] C:\Documents and Settings\All Users\Application Data\browse lies dvd global\Owns Joy.exe
O4 - HKCU\..\Run: [16 Pop] C:\DOCUME~1\ANN&PA~1\APPLIC~1\TYPEBY~1\Ooze browse.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1192397740062
O16 - DPF: {886DDE35-E585-11D0-A707-000000521958} - http://69.56.176.76/webplugin.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\system32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe (file missing)
O24 - Desktop Component 0: (no name) - http://images10.newegg.com/Nest/warmBG.gif

--
End of file - 5709 bytes

Malwarebytes' Anti-Malware 1.41
Database version: 2943
Windows 5.1.2600 Service Pack 2

11/1/2004 7:24:18 AM
mbam-log-2004-11-01 (07-24-18).txt

Scan type: Quick Scan
Objects scanned: 4542
Time elapsed: 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

File "C:\ComboFix\MT_explorer.exe.tmp" added successfully
File "C:\ComboFix\MT_agentsvr.exe.tmp" added successfully
File "C:\ComboFix\MT_fltmc.exe.tmp" added successfully
File "C:\ComboFix\MT_logagent.exe.tmp" added successfully
File "C:\ComboFix\MT_magnify.exe.tmp" added successfully
File "C:\ComboFix\MT_msiexec.exe.tmp" added successfully
File "C:\ComboFix\MT_narrator.exe.tmp" added successfully
File "C:\ComboFix\MT_ntkrnlpa.exe.tmp" added successfully
File "C:\ComboFix\MT_ntoskrnl.exe.tmp" added successfully
File "C:\ComboFix\MT_osk.exe.tmp" added successfully
File "C:\ComboFix\MT_snmp.exe.tmp" added successfully
File "C:\ComboFix\MT_telnet.exe.tmp" added successfully
File "C:\ComboFix\MT_utilman.exe.tmp" added successfully
Glebe
Oct 12 2009, 12:18 AM
Also would just like to add-
I hardly use xp (but it's on this HD) I use linux. So when I plugged in this HD it installed most drivers but I can't find the driver for ViewSonic VE500, so my resolution is stuck in lowest, same with color quality so I really can't see anything..if you have anything that can help me get these drivers let me know.

(they can't be found on viewsonic's site for some reason)
Glebe
Oct 12 2009, 12:53 AM
ComboFix 09-10-11.01 - Ann & Pat 11/01/2004 7:47.2.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1022.744 [GMT -7:00]
Running from: c:\documents and settings\Ann & Pat\My Documents\Downloads\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files\Altnet\Download Manager\adm25.dll
c:\program files\Altnet\Download Manager\adm4.dll
c:\program files\Altnet\Download Manager\adm4005.exe
c:\program files\Altnet\Download Manager\admdata.dll
c:\program files\Altnet\Download Manager\admdloader.dll
c:\program files\Altnet\Download Manager\admfdi.dll
c:\program files\Altnet\Download Manager\admprog.dll
c:\program files\Altnet\Download Manager\altnetuninstall.exe
c:\program files\Altnet\Download Manager\asm.exe
c:\program files\Altnet\Download Manager\asmend.exe
c:\program files\Altnet\Download Manager\asmps.dll
c:\program files\Altnet\Download Manager\dminfo3.cab
c:\program files\Altnet\Download Manager\dminstall7.cab
c:\program files\Altnet\Download Manager\dmsetup.bmp
c:\program files\Altnet\Download Manager\dmsetupbig.bmp
c:\program files\Altnet\Download Manager\jsinstall.cab
c:\program files\Altnet\Download Manager\jslegals.txt
c:\program files\Altnet\Download Manager\selectdir.txt
c:\program files\Altnet\Download Manager\selectdir1st.txt
c:\program files\Need2Find\bar\1.bin\N2FFXTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2NTSTBR.JAR
c:\program files\Need2Find\bar\1.bin\N2PLUGIN.DLL
c:\program files\Need2Find\bar\1.bin\NPND2FN.DLL
c:\program files\Need2Find\bar\1.bin\PARTNER.DAT
c:\program files\Need2Find\bar\Cache\018CA031
c:\program files\Need2Find\bar\Cache\026162FD
c:\program files\Need2Find\bar\Cache\files.ini
c:\program files\Need2Find\bar\History\search
c:\program files\Need2Find\bar\Settings\prevcfg.htm
c:\windows\Fonts\acrsec.fon
c:\windows\system32\mirindaspk.exe

-- Previous Run --

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\utilman.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

--------

c:\windows\explorer.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\hh.exe . . . is infected!!

c:\windows\inf\unregmp2.exe . . . is infected!!

c:\windows\msagent\agentsvr.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\fltmc.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\logagent.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\magnify.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\msiexec.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\narrator.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntkrnlpa.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\ntoskrnl.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\osk.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\snmp.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\spoolsv.exe . . . is infected!!

c:\windows\system32\telnet.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

c:\windows\system32\utilman.exe . . . is infected!! . . .Failed to restore. Attempting to replace on reboot

Infected copy of c:\windows\explorer.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527808.exe
Infected copy of c:\windows\msagent\agentsvr.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527848.exe
Infected copy of c:\windows\system32\fltmc.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527849.exe
Infected copy of c:\windows\system32\logagent.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527850.exe
Infected copy of c:\windows\system32\magnify.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527851.exe
Infected copy of c:\windows\system32\msiexec.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527852.exe
Infected copy of c:\windows\system32\narrator.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527853.exe
Infected copy of c:\windows\system32\ntkrnlpa.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527854.exe
Infected copy of c:\windows\system32\ntoskrnl.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527824.exe
Infected copy of c:\windows\system32\osk.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527855.exe
Infected copy of c:\windows\system32\snmp.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527856.exe
Infected copy of c:\windows\system32\telnet.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527857.exe
Infected copy of c:\windows\system32\utilman.exe was found and disinfected
Restored copy from - c:\system volume information\_restore{7BC80D5E-629B-4C9F-BDC7-05874407FCE5}\RP977\A0527858.exe
.
((((((((((((((((((((((((( Files Created from 2004-10-01 to 2004-11-01 )))))))))))))))))))))))))))))))
.

2008-07-09 22:46 . 2008-07-10 01:19 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\FrostWire
2008-07-09 22:44 . 2008-07-09 22:44 -------- d-----w- c:\program files\Common Files\Java
2008-07-09 22:42 . 2004-11-01 07:39 -------- d-----w- c:\program files\FrostWire
2008-06-24 16:14 . 2008-07-09 22:42 -------- d-----w- c:\program files\LimeWire
2008-06-20 17:41 . 2008-06-20 17:41 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 10:44 . 2008-06-20 10:44 138368 -c----w- c:\windows\system32\dllcache\afd.sys
2008-02-20 05:32 . 2008-02-20 05:32 45568 -c----w- c:\windows\system32\dllcache\dnsrslvr.dll
2007-12-30 02:01 . 2008-07-09 22:11 -------- d-----w- c:\program files\Diablo II
2007-12-22 15:06 . 2007-12-22 15:06 -------- d-----w- c:\documents and settings\All Users\Application Data\Messenger Plus!
2007-12-21 17:54 . 2004-11-01 08:10 -------- d-----w- c:\documents and settings\All Users\Application Data\64 01 list multi
2007-12-21 17:54 . 2004-11-01 08:10 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Type Byte Amen
2007-12-21 17:53 . 2007-12-21 17:53 -------- d-----w- c:\program files\Circle Developement
2007-12-21 02:48 . 2007-12-21 02:48 8552 ----a-w- c:\windows\system32\drivers\asctrm.sys
2007-12-21 02:47 . 2007-12-21 02:47 -------- d-----w- c:\program files\Real
2007-12-20 16:33 . 2007-12-20 16:33 -------- d-----w- c:\documents and settings\Ann & Pat\.borland
2007-12-18 14:40 . 2007-12-18 14:40 417792 -c----w- c:\windows\system32\dllcache\vbscript.dll
2007-12-18 09:51 . 2007-12-18 09:51 179584 -c----w- c:\windows\system32\dllcache\mrxdav.sys
2007-12-02 23:28 . 2007-12-02 23:28 139744 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\program files\MSBuild
2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\windows\system32\XPSViewer
2007-12-02 23:17 . 2007-12-02 23:17 -------- d-----w- c:\program files\Reference Assemblies
2007-12-02 23:09 . 2006-06-29 21:07 14048 ------w- c:\windows\system32\spmsg2.dll
2007-12-02 22:46 . 2007-12-02 22:46 -------- d-----w- c:\program files\MSXML 6.0
2007-11-28 01:18 . 2007-11-28 01:46 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\FileZilla
2007-11-18 03:35 . 2004-11-01 07:43 -------- d-----w- c:\program files\Opera
2007-10-29 22:43 . 2008-05-07 05:18 1287680 -c----w- c:\windows\system32\dllcache\quartz.dll
2007-10-26 00:29 . 2007-10-26 00:29 -------- d-----w- c:\documents and settings\All Users\Application Data\espionServerData
2007-10-26 00:21 . 2007-10-26 00:21 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2007-10-25 22:34 . 2007-10-25 22:34 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2007-10-19 16:13 . 2007-10-19 16:13 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Apple
2007-10-16 03:28 . 2007-10-16 03:28 -------- d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2007-10-15 22:16 . 2008-10-16 21:06 268648 ----a-w- c:\windows\system32\mucltui.dll
2007-10-14 22:42 . 2007-10-14 22:42 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\WMTools Downloaded Files
2007-10-11 03:57 . 2007-10-11 03:59 -------- d-----w- c:\program files\QuickTime
2007-10-11 03:54 . 2007-10-11 03:54 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Apple
2007-10-09 22:25 . 2007-07-09 13:09 584192 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2007-09-03 17:36 . 2007-09-03 17:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\Xfire
2007-08-20 16:32 . 2004-11-01 07:16 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2007-08-11 18:06 . 2007-08-11 18:06 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Steam
2007-08-11 17:34 . 2004-08-04 05:07 59264 -c--a-w- c:\windows\system32\dllcache\usbaudio.sys
2007-08-11 17:34 . 2004-08-04 05:07 59264 ----a-w- c:\windows\system32\drivers\USBAUDIO.sys
2007-07-31 02:18 . 2008-10-16 21:06 208744 ----a-w- c:\windows\system32\muweb.dll
2007-07-12 07:12 . 2007-07-12 07:12 81920 ----a-w- c:\windows\system32\frapsvid.dll
2007-07-10 19:46 . 2007-07-10 19:46 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Viewpoint
2007-06-23 02:44 . 2007-06-23 02:48 -------- d-----w- c:\windows\.mpr_file_store_32
2007-06-09 22:07 . 2006-10-27 02:56 32592 ----a-w- c:\windows\system32\msonpmon.dll
2007-06-09 22:01 . 2007-06-09 22:01 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Microsoft Help
2007-06-09 22:00 . 2007-06-09 22:10 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2007-06-09 21:59 . 2007-06-09 21:59 -------- d-----r- C:\MSOCache
2007-06-09 00:16 . 2007-06-09 00:16 -------- d-----w- c:\program files\Windows Media Connect 2
2007-06-09 00:13 . 2007-06-09 00:14 -------- d-----w- c:\windows\system32\drivers\UMDF
2007-06-08 18:20 . 2007-06-08 18:20 32768 ----a-w- c:\windows\system32\netfxperf.dll
2007-06-08 18:20 . 2007-06-08 18:20 74752 ----a-w- c:\windows\system32\mscories.dll
2007-06-08 18:20 . 2007-06-08 18:20 275456 ----a-w- c:\windows\system32\mscoree.dll
2007-06-08 18:20 . 2007-06-08 18:20 155648 ----a-w- c:\windows\system32\mscorier.dll
2007-06-08 18:20 . 2007-06-08 18:20 83968 ----a-w- c:\windows\system32\dfshim.dll
2007-06-07 07:54 . 2007-06-07 07:54 88576 ----a-w- c:\windows\system32\infocardapi.dll
2007-06-07 07:54 . 2007-06-07 07:54 580952 ----a-w- c:\windows\system32\icardagt.exe
2007-06-07 07:54 . 2007-06-07 07:54 12120 ----a-w- c:\windows\system32\icardres.dll
2007-06-07 01:43 . 2007-06-09 00:21 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\uTorrent
2007-06-06 17:30 . 2007-06-06 17:30 1995632 ----a-w- c:\windows\system32\milcore.dll
2007-06-06 17:30 . 2007-06-06 17:30 771440 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2007-06-06 17:30 . 2007-06-06 17:30 483184 ----a-w- c:\windows\system32\evr.dll
2007-06-06 17:30 . 2007-06-06 17:30 347504 ----a-w- c:\windows\system32\PresentationHost.exe
2007-06-06 17:30 . 2007-06-06 17:30 161648 ----a-w- c:\windows\system32\UIAutomationCore.dll
2007-06-06 17:30 . 2007-06-06 17:30 106864 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2007-06-06 17:30 . 2007-06-06 17:30 74096 ----a-w- c:\windows\system32\dxva2.dll
2007-06-06 17:30 . 2007-06-06 17:30 33136 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2007-06-06 17:24 . 2007-06-06 17:24 16896 ----a-w- c:\windows\system32\tswpfwrp.exe
2007-05-31 04:14 . 2007-05-31 04:14 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Leadertech
2007-05-31 01:36 . 2007-05-31 01:36 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\AdobeAUM
2007-05-31 01:36 . 2007-05-31 01:36 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\AdobeUM
2007-05-31 01:28 . 2004-11-01 08:02 -------- d-----w- c:\program files\Google
2007-05-17 11:28 . 2007-12-04 18:38 550912 -c----w- c:\windows\system32\dllcache\oleaut32.dll
2007-05-15 23:43 . 2007-05-15 23:43 1320800 ----a-w- c:\windows\system32\msxml6.dll
2007-05-15 02:22 . 2008-06-17 23:16 -------- d-----w- c:\program files\PokerStars
2007-05-13 18:00 . 2007-05-26 02:10 -------- d-----w- c:\program files\Oberon Media
2007-05-10 03:30 . 2007-05-10 03:30 -------- d-----w- c:\documents and settings\All Users\Application Data\Corel
2007-05-10 03:03 . 2007-05-10 03:30 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Corel
2007-05-10 02:57 . 2007-05-10 03:47 2516 -csha-w- c:\windows\system32\KGyGaAvL.sys
2007-05-10 02:57 . 2007-05-10 03:30 88 --sh--r- c:\windows\system32\4F0BCE3A97.sys
2007-05-09 01:08 . 2007-05-09 01:08 86728 ----a-w- c:\windows\system32\msxml6r.dll
2007-05-08 22:03 . 2007-05-08 22:03 1275392 -c--a-w- c:\windows\system32\msxml4.dll
2007-04-25 14:21 . 2007-04-25 14:21 144896 -c----w- c:\windows\system32\dllcache\schannel.dll
2007-04-23 10:32 . 2007-04-23 10:32 364160 -c----w- c:\windows\system32\dllcache\update.sys
2007-04-22 00:52 . 2007-04-22 00:52 -------- d-----w- c:\documents and settings\All Users\Application Data\TechSmith
2007-04-13 22:59 . 2007-04-13 22:59 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\TechSmith
2007-04-13 22:50 . 2007-03-19 15:30 102400 ----a-w- c:\windows\system32\tsccvid.dll
2007-04-13 22:50 . 2007-04-13 22:50 -------- d-----w- c:\windows\system32\QuickTime
2007-04-08 16:33 . 2004-08-04 06:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2007-04-08 16:33 . 2004-08-04 06:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2007-04-08 16:33 . 2004-08-04 04:58 14848 -c--a-w- c:\windows\system32\dllcache\kbdhid.sys
2007-04-08 16:33 . 2004-08-04 04:58 14848 ----a-w- c:\windows\system32\drivers\kbdhid.sys
2007-04-08 16:33 . 2001-08-17 20:48 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2007-04-08 16:33 . 2001-08-17 20:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2007-04-08 16:33 . 2001-08-17 21:02 9600 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2007-04-08 16:33 . 2001-08-17 21:02 9600 ----a-w- c:\windows\system32\drivers\hidusb.sys
2007-04-08 16:33 . 2004-08-04 05:08 31616 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2007-04-08 16:33 . 2004-08-04 05:08 31616 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2007-04-08 15:00 . 2008-06-23 16:06 -------- d-----w- c:\program files\Belkin Keyboard Mouse
2007-04-06 02:00 . 2007-04-06 02:00 1168 -c--a-w- c:\windows\mozver.dat
2007-03-25 06:29 . 2007-03-25 06:29 -------- d-----w- c:\documents and settings\Dylan\Local Settings\Application Data\Mozilla
2007-03-23 14:07 . 2007-03-23 14:07 1683280 -c----w- c:\windows\system32\dllcache\XpsSvcs.dll
2007-03-23 14:07 . 2007-03-23 14:07 1683280 ------w- c:\windows\system32\XpsSvcs.dll
2007-03-23 14:07 . 2007-03-23 14:07 583504 -c----w- c:\windows\system32\dllcache\XPSSHHDR.dll
2007-03-23 14:07 . 2007-03-23 14:07 583504 ------w- c:\windows\system32\XPSSHHDR.dll
2007-03-23 04:25 . 2007-03-23 04:25 677376 -c----w- c:\windows\system32\dllcache\PrintFilterPipelineSvc.exe
2007-03-23 04:25 . 2007-03-23 04:25 124928 ------w- c:\windows\system32\prntvpt.dll
2007-03-23 04:24 . 2007-03-23 04:24 28160 -c----w- c:\windows\system32\dllcache\FilterPipelinePrintProc.dll
2007-03-17 13:43 . 2007-03-17 13:43 292864 -c----w- c:\windows\system32\dllcache\winsrv.dll
2007-03-16 03:34 . 2007-03-16 03:34 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2007-03-16 03:33 . 2008-06-23 16:07 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Adobe
2007-03-16 03:22 . 2007-03-16 03:22 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2007-03-08 15:36 . 2008-02-20 06:51 282624 -c----w- c:\windows\system32\dllcache\gdi32.dll
2007-03-08 15:36 . 2007-03-08 15:36 577536 -c----w- c:\windows\system32\dllcache\user32.dll
2007-03-08 13:47 . 2008-03-19 09:47 1845248 -c----w- c:\windows\system32\dllcache\win32k.sys
2007-02-15 17:48 . 2007-03-09 19:20 -------- d-----w- c:\documents and settings\Ann & Pat\Contacts
2007-02-15 17:45 . 2008-02-18 03:01 -------- dc----w- c:\windows\system32\DRVSTORE
2007-02-15 17:43 . 2008-07-11 18:50 -------- d-----w- c:\program files\MSN Messenger
2007-02-15 04:24 . 2007-02-17 23:28 19 -c--a-w- c:\windows\popcinfo.dat
2007-02-01 00:42 . 2007-02-01 00:42 -------- d-----w- c:\windows\Sun
2007-01-26 23:39 . 2007-01-26 23:39 -------- d-----w- c:\documents and settings\Ann & Pat\Local Settings\Application Data\Mozilla
2007-01-25 23:34 . 2001-10-25 00:16 36224 ----a-r- c:\windows\system32\drivers\lne100v5.sys
2007-01-25 23:30 . 2002-08-29 06:59 36224 -c--a-w- c:\windows\system32\dllcache\an983.sys
2007-01-25 23:30 . 2002-08-29 06:59 36224 ----a-w- c:\windows\system32\drivers\an983.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-10 21:54 . 2004-11-01 07:08 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-10 21:53 . 2004-11-01 07:08 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2008-10-16 21:13 . 2005-10-20 22:20 202776 ----a-w- c:\windows\system32\wuweb.dll
2008-10-16 21:13 . 2005-10-15 20:08 1809944 ----a-w- c:\windows\system32\wuaueng.dll
2008-10-16 21:12 . 2005-10-20 22:20 323608 ----a-w- c:\windows\system32\wucltui.dll
2008-10-16 21:12 . 2005-10-20 22:20 561688 ----a-w- c:\windows\system32\wuapi.dll
2008-10-16 21:09 . 2005-10-15 20:08 51224 ------w- c:\windows\system32\wuauclt.exe
2008-10-16 21:09 . 2005-05-26 11:16 43544 ----a-w- c:\windows\system32\wups2.dll
2008-10-16 21:09 . 2002-09-03 16:28 92696 ----a-w- c:\windows\system32\cdm.dll
2008-10-16 21:08 . 2005-10-20 22:20 34328 ----a-w- c:\windows\system32\wups.dll
2008-06-20 17:41 . 2002-09-03 16:46 245248 ------w- c:\windows\system32\mswsock.dll
2008-06-20 10:45 . 2002-09-03 17:06 360320 ------w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 10:44 . 2002-09-03 16:27 138368 ----a-w- c:\windows\system32\drivers\afd.sys
2008-06-20 09:52 . 2002-09-03 17:06 225920 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-13 13:10 . 2004-08-04 06:10 272128 ------w- c:\windows\system32\drivers\bthport.sys
2008-05-08 12:28 . 2002-09-03 16:56 202752 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-07 05:18 . 2005-08-30 17:14 1287680 ----a-w- c:\windows\system32\quartz.dll
2008-03-27 08:12 . 2002-09-03 16:45 151583 ----a-w- c:\windows\system32\msjint40.dll
2008-03-19 09:47 . 2002-09-03 17:11 1845248 ----a-w- c:\windows\system32\win32k.sys
2008-02-20 06:51 . 2002-09-03 16:33 282624 ----a-w- c:\windows\system32\gdi32.dll
2008-02-20 05:32 . 2002-09-03 16:31 45568 ----a-w- c:\windows\system32\dnsrslvr.dll
2007-12-18 14:40 . 2002-09-03 17:09 417792 ----a-w- c:\windows\system32\vbscript.dll
2007-12-18 09:51 . 2002-09-03 16:42 179584 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2007-12-04 18:38 . 2002-09-03 16:51 550912 ----a-w- c:\windows\system32\oleaut32.dll
2007-11-18 15:25 . 2005-10-15 20:22 -------- d-----w- c:\documents and settings\Ann & Pat\Application Data\Symantec
2007-11-13 10:25 . 2002-09-03 16:58 20480 ----a-w- c:\windows\system32\drivers\secdrv.sys
2007-11-07 09:26 . 2002-09-03 16:39 721920 ----a-w- c:\windows\system32\lsasrv.dll
2007-10-28 01:40 . 2005-10-15 21:42 222720 ----a-w- c:\windows\system32\wmasf.dll
2007-10-25 22:07 . 2006-09-06 03:55 116472 -c----w- c:\windows\system32\pxcpyi64.exe
2007-10-25 22:07 . 2006-09-06 03:55 43528 ------w- c:\windows\system32\drivers\PxHelp20.sys
2007-10-25 22:07 . 2006-09-06 03:55 118520 -c----w- c:\windows\system32\pxinsi64.exe
2007-08-21 06:15 . 2005-10-15 20:10 683520 ----a-w- c:\windows\system32\inetcomm.dll
2007-07-09 13:09 . 2004-03-06 02:16 584192 ----a-w- c:\windows\system32\rpcrt4.dll
2007-06-26 06:08 . 2002-09-03 16:46 1104896 ----a-w- c:\windows\system32\msxml3.dll
2007-06-13 10:23 . 2002-09-03 16:32 1033216 ----a-w- c:\windows\explorer.exe
2007-06-09 22:08 . 2005-10-15 20:31 -------- d-----w- c:\program files\Microsoft Works
2007-04-25 14:21 . 2002-09-03 16:58 144896 ----a-w- c:\windows\system32\schannel.dll
2007-04-23 10:32 . 2002-09-03 17:08 364160 ----a-w- c:\windows\system32\drivers\update.sys
2007-04-18 16:12 . 2002-09-03 16:44 2854400 ----a-w- c:\windows\system32\msi.dll
2007-03-17 13:43 . 2002-09-03 17:12 292864 ----a-w- c:\windows\system32\winsrv.dll
2007-03-08 15:36 . 2004-03-30 01:48 40960 -c--a-w- c:\windows\system32\mf3216.dll
2007-03-08 15:36 . 2002-09-03 17:08 577536 ------w- c:\windows\system32\user32.dll
2007-02-28 09:10 . 2002-09-03 16:50 2180352 ----a-w- c:\windows\system32\ntoskrnl.exe
2007-02-28 08:38 . 2002-08-29 01:04 2057600 ----a-w- c:\windows\system32\ntkrnlpa.exe
2007-02-09 11:10 . 2002-09-03 16:50 574464 ------w- c:\windows\system32\drivers\ntfs.sys
2007-02-05 20:17 . 2002-09-03 17:08 185344 ------w- c:\windows\system32\upnphost.dll
2006-12-04 23:21 . 2002-09-03 16:46 414720 -c--a-w- c:\windows\system32\msscp.dll
2006-11-20 08:42 . 2004-08-04 07:56 33280 ----a-w- c:\windows\system32\snmp.exe
2006-11-01 19:17 . 2002-09-03 16:41 927504 -c----w- c:\windows\system32\mfc40u.dll
2006-10-19 13:56 . 2004-08-20 22:01 713216 ----a-w- c:\windows\system32\sxs.dll
2006-10-19 04:58 . 2005-01-28 20:44 8704 -c--a-w- c:\windows\system32\wdfmgr.exe
2006-10-19 04:58 . 2005-01-28 20:44 8704 -c--a-w- c:\windows\system32\uwdf.exe
2006-10-19 03:03 . 2005-10-15 21:42 100864 ----a-w- c:\windows\system32\logagent.exe
2006-10-19 03:00 . 2005-01-28 20:44 38528 -c--a-w- c:\windows\system32\drivers\wpdusb.sys
2006-10-16 16:15 . 2002-09-03 16:51 122880 ----a-w- c:\windows\system32\oledlg.dll
2006-10-14 08:13 . 2002-09-03 16:41 981760 ----a-w- c:\windows\system32\mfc42u.dll
2006-10-13 12:35 . 2002-09-03 16:50 142336 -c--a-w- c:\windows\system32\nwprovau.dll
2006-10-04 13:33 . 2002-09-03 17:07 35840 ----a-w- c:\windows\system32\umandlg.dll
2006-10-04 08:48 . 2002-09-03 17:08 50176 ----a-w- c:\windows\system32\utilman.exe
2006-10-04 08:48 . 2002-09-03 16:51 215552 ----a-w- c:\windows\system32\osk.exe
2006-10-04 08:48 . 2002-09-03 16:47 53760 ----a-w- c:\windows\system32\narrator.exe
2006-10-04 08:48 . 2002-09-03 16:39 72704 ----a-w- c:\windows\system32\magnify.exe
2006-08-25 15:45 . 2002-09-03 16:29 617472 ------w- c:\windows\system32\comctl32.dll
2006-08-22 12:05 . 2002-09-03 16:32 498742 -c--a-w- c:\windows\system32\dxmasf.dll
2006-08-21 17:52 . 2002-09-03 17:05 246814 -c--a-w- c:\windows\system32\strmdll.dll
2006-08-21 12:21 . 2004-08-04 07:56 16896 -c--a-w- c:\windows\system32\fltlib.dll
2006-08-21 09:14 . 2004-08-04 07:56 23040 ----a-w- c:\windows\system32\fltmc.exe
2006-08-21 09:14 . 2004-08-04 06:01 128896 ------w- c:\windows\system32\drivers\fltmgr.sys
2006-08-17 12:28 . 2002-09-03 17:12 132096 ----a-w- c:\windows\system32\wkssvc.dll
2006-08-16 11:58 . 2002-09-03 16:26 100352 ----a-w- c:\windows\system32\6to4svc.dll
2006-08-14 10:34 . 2002-09-03 17:04 332928 ----a-w- c:\windows\system32\drivers\srv.sys
2006-07-21 08:24 . 2004-11-16 21:32 72704 ----a-w- c:\windows\system32\hlink.dll
2006-06-22 05:06 . 2002-09-03 16:53 1435648 -c--a-w- c:\windows\system32\query.dll
2006-06-22 05:06 . 2002-09-03 16:28 69120 -c--a-w- c:\windows\system32\ciodm.dll
2006-06-14 09:00 . 2005-10-15 22:35 82944 ----a-w- c:\windows\system32\drivers\wdmaud.sys
2006-06-14 08:47 . 2005-10-15 22:35 6400 ----a-w- c:\windows\system32\drivers\splitter.sys
2006-06-14 08:47 . 2005-10-15 22:35 172416 ----a-w- c:\windows\system32\drivers\kmixer.sys
2006-05-11 19:06 . 2006-09-06 03:55 520192 -c--a-w- c:\windows\system32\CddbPlaylist2Sony.dll
2006-05-11 19:05 . 2006-09-06 03:55 73728 -c--a-w- c:\windows\system32\CddbLinkSony.dll
2006-05-11 19:05 . 2006-09-06 03:55 770048 -c--a-w- c:\windows\system32\CDDBUISony.dll
2006-05-11 19:03 . 2006-09-06 03:55 585728 -c--a-w- c:\windows\system32\CddbMusicIDSony.dll
2006-05-11 19:02 . 2006-09-06 03:55 643072 -c--a-w- c:\windows\system32\CDDBControlSony.dll
2006-05-05 09:47 . 2002-09-03 16:56 174592 ----a-w- c:\windows\system32\drivers\rdbss.sys
2006-05-05 09:41 . 2002-09-03 16:42 453120 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2006-04-26 22:19 . 2006-04-26 22:18 106496 -c--a-w- c:\windows\TMP_FILE_0.tmp
2006-03-17 00:33 . 2004-08-04 06:00 262784 ------w- c:\windows\system32\drivers\http.sys
2006-03-01 19:42 . 2005-10-15 20:09 161280 -c--a-w- c:\windows\system32\msdtcuiu.dll
2006-03-01 19:42 . 2005-10-15 20:09 956416 -c--a-w- c:\windows\system32\msdtctm.dll
2006-03-01 19:42 . 2005-10-15 20:09 11776 ----a-w- c:\windows\system32\xolehlp.dll
2006-03-01 19:42 . 2005-10-15 20:08 426496 -c--a-w- c:\windows\system32\msdtcprx.dll
2006-03-01 19:42 . 2005-07-26 04:31 91136 -c--a-w- c:\windows\system32\mtxoci.dll
2006-03-01 19:42 . 2005-07-26 04:31 66560 ----a-w- c:\windows\system32\mtxclu.dll
2006-02-20 03:24 . 2005-10-15 20:55 -------- d-----w- c:\program files\Common Files\InstallShield
2006-02-15 00:22 . 2005-10-15 22:35 142464 ------w- c:\windows\system32\drivers\aec.sys
2006-01-31 22:35 . 2005-10-15 20:23 91904 -c--a-w- c:\windows\system32\S32EVNT1.DLL
2006-01-31 22:35 . 2005-10-15 20:23 123248 -c--a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2005-10-31 17:46 . 2006-09-06 03:55 36679 -c----w- c:\windows\system32\drivers\NETMD052.sys
2005-10-17 21:14 . 2002-09-03 17:06 118272 -c--a-w- c:\windows\system32\t2embed.dll
2005-10-17 21:14 . 2002-09-03 16:33 80896 -c--a-w- c:\windows\system32\fontsub.dll
2005-10-15 22:35 . 2005-10-15 22:35 -------- d-----w- c:\program files\Analog Devices
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"16 Pop"="c:\docume~1\ANN&PA~1\APPLIC~1\TYPEBY~1\Ooze browse.exe" [2004-11-01 466944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]
"HostManager"="c:\program files\Common Files\AOL\1129412339\ee\AOLSoftware.exe" [2006-09-26 50736]
"SetupWizard"="D:\SetupWizard.exe" [BU]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2007-12-21 26112]
"List Multi Knob Inside"="c:\documents and settings\All Users\Application Data\64 01 list multi\locks rule.exe" [BU]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
"dvd global admin that"="c:\documents and settings\All Users\Application Data\browse lies dvd global\Owns Joy.exe" [2004-11-01 819200]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon]
[BU]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Norton GoBack.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Norton GoBack.lnk
backup=c:\windows\pss\Norton GoBack.lnkCommon Startup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0b\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1129412339\\EE\\aim6.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tkrwizkid@hotmail.com\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Steam\\SteamApps\\dredlock21\\counter-strike\\hl.exe"=

S3 LNE100;Linksys LNE100TX(v5) Fast Ethernet Adapter;c:\windows\system32\drivers\lne100v5.sys [1/25/2007 4:34 PM 36224]
S3 XDva007;XDva007;\??\c:\windows\system32\XDva007.sys --> c:\windows\system32\XDva007.sys [?]
S3 XDva013;XDva013;\??\c:\windows\system32\XDva013.sys --> c:\windows\system32\XDva013.sys [?]
S3 XDva025;XDva025;\??\c:\windows\system32\XDva025.sys --> c:\windows\system32\XDva025.sys [?]
.
Contents of the 'Scheduled Tasks' folder

2004-11-01 c:\windows\Tasks\ACF99DA0918A0FCC.job
- c:\docume~1\ann&pa~1\applic~1\typeby~1\1Phone64.exe [2007-12-21 08:10]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
mStart Page = hxxp://www.comcast.net/
mSearch Bar =
mWindow Title = Microsoft Internet Explorer presented by Comcast
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: &Search - http://kl.bar.need2find.com/KL/menusearch.html?p=KL
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {886DDE35-E585-11D0-A707-000000521958} - hxxp://69.56.176.76/webplugin.cab
FF - ProfilePath - c:\documents and settings\Ann & Pat\Application Data\Mozilla\Firefox\Profiles\e4h7ykjw.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - plugin: c:\windows\Microsoft.NET\Framework\v3.5\WPF\NPWPF.dll

---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2004-11-01 07:58
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
SetupWizard = D:\SetupWizard.exe reboot???

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(504)
c:\windows\system32\l3codeca.acm

- - - - - - - > 'explorer.exe'(2712)
c:\windows\system32\l3codeca.acm
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Common Files\aolshare\aolshcpy.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Internet Explorer\iexplore.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
c:\program files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
c:\windows\system32\PSIService.exe
c:\program files\Common Files\Symantec Shared\SNDSrvc.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2004-11-01 8:03 - machine was rebooted
ComboFix-quarantined-files.txt 2004-11-01 15:03

Pre-Run: 18,745,503,744 bytes free
Post-Run: 18,710,675,456 bytes free

558 --- E O F --- 2004-11-01 09:00
Glebe
Oct 12 2009, 01:24 AM
JUst gonna reformat thanks though


tongue.gif
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2010 Invision Power Services, Inc.