Jump to content

After Conficker Contamination

Mondsky

By Mondsky
in Resolved Malware Removal Logs

 Share

Recommended Posts

Mondsky

Mondsky

Posted
Posted

Hi,

I'm a new user of malwarebytes and indeed its really effective, but still I need help. My PC (running on Windows XP SP3) was infiltrated by the "Conficker Virus" almost a month ago. I was on vacation that time and my sister was the one using my PC for three days surfing the net not knowing how to use my McAfee Anti-Virus scanner. When I arrived and started the virus scan, Conficker was detected in my system and was deleted. Unfortunately the damage has already been done for 3 types of backdoor Trojans keep re-appearing each time I use the internet. Upon detection of the backdoor trojans, a few minutes later a system window pops up implying Generic Host System32 service error which causes my system to hang or crash. A forced manual restart was the only option cause no functions seems to be working by then. After restart, all functions return to normal but the same process keeps repeating each time I connect to the internet. A few days later, my windows system crashed totaly and I was forced to reformat my PC.

After reformat, the Generic Host System32 service error still pops up a few minutes each time I connect to the internet. The hangs & crashes then follows that forces me hit the restart button on my CPU everytime. An Explorer.exe error also pops up sometimes. If I won't use the interent, no virus pop-ups or sytem error pop-ups occur so I'm forced not to use the internet until really needed.

As per instructions, I downloaded DeFogger, DDS.SCR & GMER Rootkit Scanner. Disabled my CD emulation drivers but did not asked for a reboot so I run DDS.SCR but did not produce the 2 logs DDS.txt & Attach.txt. unfortunately I don't know what script blockers are & much more disabling them in my system (perhaps somebody can help me with this). Then I run the GMER scanner as instructed.

Aside from my attached ark.txt, below are my scan logs for your reference:

MALWAREBYTES (Without Internet Connection)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3985

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/14/2010 8:55:57 AM

mbam-log-2010-04-14 (08-55-57).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 137128

Time elapsed: 51 minute(s), 52 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 0

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

(No malicious items detected)

MALWAREBYTES (after a few minutes connected to the internet)

Malwarebytes' Anti-Malware 1.45

www.malwarebytes.org

Database version: 3978

Windows 5.1.2600 Service Pack 3

Internet Explorer 6.0.2900.5512

4/12/2010 9:25:47 AM

mbam-log-2010-04-12 (09-25-47).txt

Scan type: Full scan (A:\|C:\|D:\|E:\|F:\|G:\|)

Objects scanned: 136371

Time elapsed: 57 minute(s), 8 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 1

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 11

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore\disableconfig (Windows.Tool.Disabled) -> Delete on reboot.

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\4DQNWTAN\33[1].exe (Worm.Kolab) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9643BABD-845F-47E6-8A16-C8719A040400}\RP19\A0030547.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9643BABD-845F-47E6-8A16-C8719A040400}\RP30\A0035524.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\System Volume Information\_restore{9643BABD-845F-47E6-8A16-C8719A040400}\RP31\A0035567.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\07.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\08.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\12.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\14.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\68.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\78.scr (Worm.Kolab) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\86.scr (Worm.Kolab) -> Quarantined and deleted successfully.

McAfee Access protection Log

4/10/2010 8:44:45 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 8:58:21 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 9:06:46 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.32.180.22:25

4/10/2010 9:09:00 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 199.79.168.176:25

4/10/2010 9:09:32 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\_ir_sf_temp_0\irsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:09:33 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\_ir_sf_temp_1\irsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:10:19 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\IXP000.TMP\avg_avwt_stf_all_90_663a1706.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:10:29 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.113.27:25

4/10/2010 9:11:01 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\7zS1A.tmp\avgsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:11:06 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\7zS1A.tmp\avgsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:11:13 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\7zS1A.tmp\avgsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:11:52 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.18.5.10:25

4/10/2010 9:15:03 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\7zS1A.tmp\avgsetup.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:15:29 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 208.80.206.47:25

4/10/2010 9:16:03 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\IXP002.TMP\avg_avwt_stf_all_90_663a1706.exe Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:19:21 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.124.22.140:25

4/10/2010 9:20:33 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.113.27:25

4/10/2010 9:21:48 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 9:23:15 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.46.232.11:25

4/10/2010 9:24:17 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\is-8BP68.tmp\mbam-setup.tmp Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:24:20 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.188.103.1:25

4/10/2010 9:25:24 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.86.93.228:25

4/10/2010 9:26:29 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.115.21.22:25

4/10/2010 9:27:21 AM Would be blocked by Access Protection rule (rule is currently not enforced) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\Documents and Settings\reymond\Local Settings\Temp\is-FLU9F.tmp\mbam-setup.tmp Common Standard Protection:Prevent common programs from running files from the Temp folder Action blocked : Execute

4/10/2010 9:28:09 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 67.192.119.147:25

4/10/2010 9:29:20 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 9:31:29 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.200.145.235:25

4/10/2010 9:32:41 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 200.107.10.25:25

4/10/2010 9:33:52 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 76.96.30.116:25

4/10/2010 9:35:18 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 193.252.22.186:25

4/10/2010 9:36:50 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 9:38:09 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.9.248.33:25

4/10/2010 9:39:13 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.18.5.13:25

4/10/2010 9:40:18 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.238.152.198:25

4/10/2010 9:42:05 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.96.23.67:25

4/10/2010 9:43:16 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 9:44:24 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.113.27:25

4/10/2010 9:45:26 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.188.146.193:25

4/10/2010 9:46:48 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 61.60.31.5:25

4/10/2010 9:47:56 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 58.71.2.9:25

4/10/2010 9:49:04 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.85.217.49:25

4/10/2010 9:50:15 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 69.147.95.19:25

4/10/2010 9:51:18 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 81.21.224.2:25

4/10/2010 9:52:34 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 208.65.144.13:25

4/10/2010 9:54:12 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 82.204.219.220:25

4/10/2010 9:55:17 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 151.151.5.60:25

4/10/2010 9:56:32 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.163.120.178:25

4/10/2010 9:57:35 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 82.204.219.220:25

4/10/2010 9:58:35 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 9:59:38 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 69.89.25.150:25

4/10/2010 10:00:46 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 98.129.184.3:25

4/10/2010 10:43:23 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 10:52:26 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 10:56:15 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 10:59:00 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.178.149.7:25

4/10/2010 11:00:04 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 62.20.233.128:25

4/10/2010 11:01:17 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 11:03:19 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.188.103.1:25

4/10/2010 11:04:25 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.115.37.21:25

4/10/2010 11:10:57 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 11:19:27 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.59.134.8:25

4/10/2010 11:20:32 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.93.27:25

4/10/2010 11:22:12 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 80.73.128.54:25

4/10/2010 11:23:18 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 188.40.178.59:25

4/10/2010 11:24:25 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.79.27:25

4/10/2010 11:25:32 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 195.50.106.142:25

4/10/2010 11:27:38 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 11:28:46 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 194.109.24.132:25

4/10/2010 11:29:56 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 76.96.30.116:25

4/10/2010 11:31:31 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 213.188.129.250:25

4/10/2010 11:32:34 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 11:34:57 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 69.73.36.94:25

4/10/2010 11:36:05 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 129.41.169.30:25

4/10/2010 11:37:34 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.6.19.3:25

4/10/2010 11:38:38 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.37.104:25

4/10/2010 11:39:44 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 217.12.11.35:25

4/10/2010 11:41:03 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 11:42:11 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.32.180.22:25

4/10/2010 11:43:20 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.115.21.22:25

4/10/2010 11:44:27 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 76.96.30.116:25

4/10/2010 11:45:31 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 194.2.0.84:25

4/10/2010 11:47:34 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.1.17.3:25

4/10/2010 11:49:25 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 151.151.65.100:25

4/10/2010 11:51:04 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.200.145.235:25

4/10/2010 11:52:26 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.18.4.10:25

4/10/2010 11:53:30 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.130.191.236:25

4/10/2010 11:54:49 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.85.217.49:25

4/10/2010 11:56:05 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 11:57:30 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 68.1.17.3:25

4/10/2010 11:59:08 AM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.23.61.221:25

4/10/2010 12:00:09 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 98.137.54.238:25

4/10/2010 12:02:15 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 213.150.40.146:25

4/10/2010 12:03:18 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 202.86.5.24:25

4/10/2010 12:04:25 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.46.232.11:25

4/10/2010 12:05:35 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 208.80.206.35:25

4/10/2010 12:06:38 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.178.149.7:25

4/10/2010 12:08:56 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.54.188.126:25

4/10/2010 12:11:11 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 12:12:15 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.86.93.227:25

4/10/2010 12:15:37 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.86.93.229:25

4/10/2010 12:16:39 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 66.155.127.54:25

4/10/2010 12:18:42 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.92.152:25

4/10/2010 12:19:45 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 205.188.190.1:25

4/10/2010 12:21:06 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 174.133.40.66:25

4/10/2010 12:22:18 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.113.27:25

4/10/2010 12:23:24 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 167.206.4.79:25

4/10/2010 12:24:29 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.54.188.72:25

4/10/2010 12:25:35 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.252.142.5:25

4/10/2010 12:27:48 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 66.94.236.34:25

4/10/2010 12:28:58 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.26.60.153:25

4/10/2010 12:30:38 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 67.133.179.201:25

4/10/2010 12:31:47 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.233.247.4:25

4/10/2010 12:40:25 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 12:49:13 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 12:59:23 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.55.101.121:25

4/10/2010 1:00:43 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 66.45.16.100:25

4/10/2010 1:02:23 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 24.222.0.18:25

4/10/2010 1:03:28 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 24.40.8.248:25

4/10/2010 1:05:03 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.190.54.127:25

4/10/2010 1:06:08 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 75.180.132.243:25

4/10/2010 1:07:48 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 204.232.236.146:25

4/10/2010 1:08:50 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.92.168:25

4/10/2010 1:10:00 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 128.255.56.76:25

4/10/2010 1:11:08 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 168.95.5.24:25

4/10/2010 1:12:09 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 98.137.54.238:25

4/10/2010 1:13:20 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.190.54.127:25

4/10/2010 1:15:00 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 89.167.219.1:25

4/10/2010 1:16:08 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.172.128.93:25

4/10/2010 1:17:48 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.194.62.10:25

4/10/2010 2:28:08 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 2:43:09 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 2:58:13 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 3:09:52 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 112.203.181.167:25

4/10/2010 3:13:17 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 3:28:23 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.32.180.22:25

4/10/2010 3:29:26 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 94.100.176.20:25

4/10/2010 3:31:37 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 209.85.223.89:25

4/10/2010 3:32:46 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.46.232.11:25

4/10/2010 3:35:13 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.37.120:25

4/10/2010 3:38:33 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.33.0.193:25

4/10/2010 3:39:37 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 76.96.62.116:25

4/10/2010 3:41:41 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.115.36.22:25

4/10/2010 3:43:29 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.88.22:25

4/10/2010 3:44:37 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 77.238.184.241:25

4/10/2010 3:46:07 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.12.90.65:25

4/10/2010 3:47:48 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 207.115.36.22:25

4/10/2010 3:49:34 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 64.29.157.12:25

4/10/2010 3:50:49 PM Blocked by port blocking rule C:\Program Files\uTorrent\uTorrent.exe Anti-virus Standard Protection:Prevent IRC communication 66.167.53.197:6666

4/10/2010 3:51:21 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 74.125.113.27:25

4/10/2010 3:52:51 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 143.90.14.38:25

4/10/2010 3:55:22 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 206.46.232.11:25

4/10/2010 3:58:01 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 96.36.61.32:25

4/10/2010 3:59:04 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 65.55.92.168:25

4/10/2010 4:00:08 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 204.176.110.250:25

4/10/2010 4:01:48 PM Blocked by port blocking rule C:\WINDOWS\system32\svchost.exe Anti-virus Standard Protection:Prevent mass mailing worms from sending mail 216.163.188.54:25

4/12/2010 11:45:51 AM Blocked by port blocking rule C:\Program Files\uTorrent\uTorrent.exe Anti-virus Standard Protection:Prevent IRC communication 82.66.8.120:6667

4/12/2010 1:17:55 PM Blocked by Access Protection rule COMPUTER_1\reymond F:\Comet Downloads\stinger1010838.exe \REGISTRY\MACHINE\SOFTWARE\McAfee Common Standard Protection:Prevent modification of McAfee files and settings Action blocked : Delete

McAfee On Access Scan Log

4/10/2010 8:43:40 AM Engine version = 5100.0194

4/10/2010 8:43:40 AM AntiVirus DAT version = 4893.0000

4/10/2010 8:43:40 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 8:43:40 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 8:52:49 AM Engine version = 5100.0194

4/10/2010 8:52:49 AM AntiVirus DAT version = 4893.0000

4/10/2010 8:52:49 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 8:52:49 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 9:05:13 AM Engine version = 5400.1158

4/10/2010 9:05:13 AM AntiVirus DAT version = 5946.0000

4/10/2010 9:05:13 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 9:05:13 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 9:05:13 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Common Files\McAfee\Engine\avvclean.dat

4/10/2010 9:05:15 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Common Files\McAfee\Engine\avvnames.dat

4/10/2010 9:05:16 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Program Files\Common Files\McAfee\Engine\avvscan.dat

4/10/2010 9:05:16 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\McScript_InUse.exe C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\UpdateHistory.ini

4/10/2010 9:05:16 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\Documents and Settings\All Users\Application Data\McAfee\Common Framework\Db\Agent_COMPUTER_1.xml

4/10/2010 9:10:13 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Application Layer Gateway Generic.dx!ijs (Trojan)

4/10/2010 9:10:14 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe C:\PROGRAM FILES\COMMON FILES\ALG.EXE Generic.dx!ijs (Trojan)

4/10/2010 9:10:17 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_0\irsetup.exe C:\Program Files\Common Files\alg.exe Generic.dx!ijs (Trojan)

4/10/2010 9:13:32 AM Not scanned (scan timed out) COMPUTER_1\reymond d:\63d5cf73175a9e06b1fb184c\setup.exe C:\Documents and Settings\reymond\Local Settings\Temp\dd_depcheck_NETFX_EXP_35.txt

4/10/2010 9:13:33 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\7zS1A.tmp\avgsetup.exe C:\Program Files\AVG\AVG9\avgar9us.chm

4/10/2010 9:15:56 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_1\irsetup.exe HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Application Layer Gateway Generic.dx!ijs (Trojan)

4/10/2010 9:15:56 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_1\irsetup.exe C:\PROGRAM FILES\COMMON FILES\ALG.EXE Generic.dx!ijs (Trojan)

4/10/2010 9:15:56 AM Deleted COMPUTER_1\reymond C:\DOCUME~1\reymond\LOCALS~1\Temp\_ir_sf_temp_1\irsetup.exe C:\Program Files\Common Files\alg.exe Generic.dx!ijs (Trojan)

4/10/2010 9:40:49 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE W32/Spybot.worm!cw (Virus)

4/10/2010 9:40:49 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe W32/Spybot.worm!cw (Virus)

4/10/2010 9:40:56 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/10/2010 9:40:59 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/10/2010 10:04:17 AM Engine version = 5400.1158

4/10/2010 10:04:17 AM AntiVirus DAT version = 5946.0000

4/10/2010 10:04:17 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 10:04:17 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 10:04:56 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\msi.dll

4/10/2010 10:04:58 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\system32\dumprep.exe C:\WINDOWS\system32\drivers\intelide.sys

4/10/2010 10:04:58 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/10/2010 10:04:58 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 10:04:58 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe C:\Documents and Settings\reymond\Application Data\XemiComputers\Active Desktop Calendar\Data\Active Desktop Calendar.xdat-journal

4/10/2010 10:04:58 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wuauclt.exe C:\WINDOWS\WindowsUpdate.log

4/10/2010 10:04:58 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\comctl32.dll

4/10/2010 10:09:45 AM Statistics:

4/10/2010 10:09:45 AM Files scanned: 1053

4/10/2010 10:09:45 AM Files detected: 0

4/10/2010 10:09:45 AM Files cleaned: 0

4/10/2010 10:09:45 AM Files deleted: 0

4/10/2010 10:39:05 AM Engine version = 5400.1158

4/10/2010 10:39:05 AM AntiVirus DAT version = 5946.0000

4/10/2010 10:39:05 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 10:39:05 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 10:39:35 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\USB Disk Security\USBGuard.exe

4/10/2010 10:49:16 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/10/2010 10:49:17 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/10/2010 10:50:50 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MS17.EXE W32/Spybot.worm!cw (Virus)

4/10/2010 10:50:50 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\Ms17.exe W32/Spybot.worm!cw (Virus)

4/10/2010 11:06:27 AM Engine version = 5400.1158

4/10/2010 11:06:27 AM AntiVirus DAT version = 5946.0000

4/10/2010 11:06:27 AM Number of detection signatures in EXTRA.DAT = None

4/10/2010 11:06:27 AM Names of detection signatures in EXTRA.DAT = None

4/10/2010 11:07:07 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 11:07:08 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/10/2010 11:16:01 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/10/2010 11:16:01 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/10/2010 12:35:45 PM Engine version = 5400.1158

4/10/2010 12:35:45 PM AntiVirus DAT version = 5946.0000

4/10/2010 12:35:45 PM Number of detection signatures in EXTRA.DAT = None

4/10/2010 12:35:45 PM Names of detection signatures in EXTRA.DAT = None

4/10/2010 12:36:18 PM Not scanned (scan timed out) NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\system32\svchost.exe C:\WINDOWS\Registration\R000000000007.clb

4/10/2010 12:36:20 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\MSVCP60.dll

4/10/2010 12:36:20 PM Not scanned (scan timed out) NT AUTHORITY\LOCAL SERVICE C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\ATL.DLL

4/10/2010 12:36:20 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\NETRAP.dll

4/10/2010 12:36:20 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe C:\Documents and Settings\reymond\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp

4/10/2010 12:36:20 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe

4/10/2010 12:36:20 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/10/2010 12:36:20 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 12:57:48 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE Generic BackDoor!cdk (Trojan)

4/10/2010 12:57:48 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe Generic BackDoor!cdk (Trojan)

4/10/2010 1:20:13 PM Engine version = 5400.1158

4/10/2010 1:20:13 PM AntiVirus DAT version = 5946.0000

4/10/2010 1:20:13 PM Number of detection signatures in EXTRA.DAT = None

4/10/2010 1:20:13 PM Names of detection signatures in EXTRA.DAT = None

4/10/2010 1:20:50 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe C:\Documents and Settings\reymond\Application Data\XemiComputers\Active Desktop Calendar\Desktop\Active Desktop Calendar.bmp

4/10/2010 1:20:51 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Logs\wbemcore.log

4/10/2010 1:20:51 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drprov.dll

4/10/2010 1:20:51 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\WBEM\Logs\wmiprov.log

4/10/2010 1:20:51 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\USB Disk Security\USBGuard.exe C:\Program Files\McAfee\Common Framework\UdaterUI.exe

4/10/2010 1:20:51 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 1:20:51 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/10/2010 1:29:30 PM Engine version = 5400.1158

4/10/2010 1:29:30 PM AntiVirus DAT version = 5946.0000

4/10/2010 1:29:30 PM Number of detection signatures in EXTRA.DAT = None

4/10/2010 1:29:30 PM Names of detection signatures in EXTRA.DAT = None

4/10/2010 1:30:11 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 1:30:12 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drprov.dll

4/10/2010 1:30:12 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\TAPI32.dll

4/10/2010 2:50:03 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE W32/Spybot.worm!cw (Virus)

4/10/2010 2:50:03 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe W32/Spybot.worm!cw (Virus)

4/10/2010 3:40:04 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/10/2010 3:40:04 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/10/2010 4:04:12 PM Engine version = 5400.1158

4/10/2010 4:04:12 PM AntiVirus DAT version = 5946.0000

4/10/2010 4:04:12 PM Number of detection signatures in EXTRA.DAT = None

4/10/2010 4:04:12 PM Names of detection signatures in EXTRA.DAT = None

4/10/2010 4:04:45 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/10/2010 4:04:46 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\wbem\wbemsvc.dll

4/10/2010 4:04:46 PM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/10/2010 4:04:46 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\USB Disk Security\USBGuard.exe C:\WINDOWS\system32\smss.exe

4/10/2010 4:04:46 PM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\WZCSAPI.DLL

4/10/2010 4:49:23 PM Statistics:

4/10/2010 4:49:23 PM Files scanned: 1333

4/10/2010 4:49:23 PM Files detected: 0

4/10/2010 4:49:23 PM Files cleaned: 0

4/10/2010 4:49:23 PM Files deleted: 0

4/12/2010 7:45:09 AM Engine version = 5400.1158

4/12/2010 7:45:09 AM AntiVirus DAT version = 5946.0000

4/12/2010 7:45:09 AM Number of detection signatures in EXTRA.DAT = None

4/12/2010 7:45:09 AM Names of detection signatures in EXTRA.DAT = None

4/12/2010 7:45:46 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Logs\wbemcore.log

4/12/2010 7:45:47 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\system32\wbem\wmiprvse.exe C:\WINDOWS\system32\WBEM\Logs\wmiprov.log

4/12/2010 7:45:47 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\WINDOWS\Explorer.EXE C:\WINDOWS\System32\drprov.dll

4/12/2010 7:45:47 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\Program Files\McAfee\Common Framework\FrameworkService.exe C:\WINDOWS\system32\Rasapi32.dll

4/12/2010 7:45:47 AM Not scanned (scan timed out) NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG

4/12/2010 7:50:46 AM Engine version = 5400.1158

4/12/2010 7:50:46 AM AntiVirus DAT version = 5948.0000

4/12/2010 7:50:46 AM Number of detection signatures in EXTRA.DAT = None

4/12/2010 7:50:46 AM Names of detection signatures in EXTRA.DAT = None

4/12/2010 8:08:54 AM Not scanned (scan timed out) COMPUTER_1\reymond C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe C:\Documents and Settings\LocalService\Local Settings\History\desktop.ini

4/12/2010 9:28:33 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE W32/Spybot.worm!cw (Virus)

4/12/2010 9:28:33 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe W32/Spybot.worm!cw (Virus)

4/12/2010 11:07:11 AM Engine version = 5400.1158

4/12/2010 11:07:11 AM AntiVirus DAT version = 5948.0000

4/12/2010 11:07:11 AM Number of detection signatures in EXTRA.DAT = None

4/12/2010 11:07:11 AM Names of detection signatures in EXTRA.DAT = None

4/12/2010 11:47:05 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE W32/Spybot.worm!cw (Virus)

4/12/2010 11:47:05 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe W32/Spybot.worm!cw (Virus)

4/12/2010 12:00:40 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE W32/Spybot.worm!cw (Virus)

4/12/2010 12:00:40 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe W32/Spybot.worm!cw (Virus)

4/12/2010 12:11:45 PM Engine version = 5400.1158

4/12/2010 12:11:45 PM AntiVirus DAT version = 5948.0000

4/12/2010 12:11:45 PM Number of detection signatures in EXTRA.DAT = None

4/12/2010 12:11:45 PM Names of detection signatures in EXTRA.DAT = None

4/12/2010 12:51:58 PM Engine version = 5400.1158

4/12/2010 12:51:58 PM AntiVirus DAT version = 5948.0000

4/12/2010 12:51:58 PM Number of detection signatures in EXTRA.DAT = None

4/12/2010 12:51:58 PM Names of detection signatures in EXTRA.DAT = None

4/12/2010 1:33:54 PM Engine version = 5400.1158

4/12/2010 1:33:54 PM AntiVirus DAT version = 5948.0000

4/12/2010 1:33:54 PM Number of detection signatures in EXTRA.DAT = None

4/12/2010 1:33:54 PM Names of detection signatures in EXTRA.DAT = None

4/12/2010 1:52:42 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE Generic BackDoor!cdk (Trojan)

4/12/2010 1:52:42 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe Generic BackDoor!cdk (Trojan)

4/12/2010 1:52:53 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\BLAZE.EXE Generic BackDoor!cdk (Trojan)

4/12/2010 1:52:53 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\blaze.exe Generic BackDoor!cdk (Trojan)

4/12/2010 2:12:33 PM Engine version = 5400.1158

4/12/2010 2:12:33 PM AntiVirus DAT version = 5948.0000

4/12/2010 2:12:33 PM Number of detection signatures in EXTRA.DAT = None

4/12/2010 2:12:33 PM Names of detection signatures in EXTRA.DAT = None

4/12/2010 2:41:11 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/12/2010 2:41:11 PM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/12/2010 2:59:48 PM Engine version = 5400.1158

4/12/2010 2:59:48 PM AntiVirus DAT version = 5948.0000

4/12/2010 2:59:48 PM Number of detection signatures in EXTRA.DAT = None

4/12/2010 2:59:48 PM Names of detection signatures in EXTRA.DAT = None

4/12/2010 4:58:18 PM Statistics:

4/12/2010 4:58:18 PM Files scanned: 1246

4/12/2010 4:58:18 PM Files detected: 0

4/12/2010 4:58:18 PM Files cleaned: 0

4/12/2010 4:58:18 PM Files deleted: 0

4/13/2010 8:03:17 AM Engine version = 5400.1158

4/13/2010 8:03:17 AM AntiVirus DAT version = 5948.0000

4/13/2010 8:03:17 AM Number of detection signatures in EXTRA.DAT = None

4/13/2010 8:03:17 AM Names of detection signatures in EXTRA.DAT = None

4/13/2010 8:07:23 AM Engine version = 5400.1158

4/13/2010 8:07:23 AM AntiVirus DAT version = 5949.0000

4/13/2010 8:07:23 AM Number of detection signatures in EXTRA.DAT = None

4/13/2010 8:07:23 AM Names of detection signatures in EXTRA.DAT = None

4/13/2010 8:41:48 AM Engine version = 5400.1158

4/13/2010 8:41:48 AM AntiVirus DAT version = 5949.0000

4/13/2010 8:41:48 AM Number of detection signatures in EXTRA.DAT = None

4/13/2010 8:41:48 AM Names of detection signatures in EXTRA.DAT = None

4/13/2010 8:54:38 AM Statistics:

4/13/2010 8:54:38 AM Files scanned: 781

4/13/2010 8:54:38 AM Files detected: 0

4/13/2010 8:54:38 AM Files cleaned: 0

4/13/2010 8:54:38 AM Files deleted: 0

4/13/2010 8:56:04 AM Engine version = 5400.1158

4/13/2010 8:56:04 AM AntiVirus DAT version = 5949.0000

4/13/2010 8:56:04 AM Number of detection signatures in EXTRA.DAT = None

4/13/2010 8:56:04 AM Names of detection signatures in EXTRA.DAT = None

4/13/2010 9:17:46 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\SYSTEM32\MINI.EXE Generic BackDoor!cde (Trojan)

4/13/2010 9:17:46 AM Deleted NT AUTHORITY\SYSTEM C:\WINDOWS\system32\ftp.exe C:\WINDOWS\system32\mini.exe Generic BackDoor!cde (Trojan)

4/13/2010 9:21:58 AM Engine version = 5400.1158

4/13/2010 9:21:58 AM AntiVirus DAT version = 5949.0000

4/13/2010 9:21:58 AM Number of detection signatures in EXTRA.DAT = None

4/13/2010 9:21:58 AM Names of detection signatures in EXTRA.DAT = None

4/13/2010 12:53:31 PM Statistics:

4/13/2010 12:53:31 PM Files scanned: 43210

4/13/2010 12:53:31 PM Files detected: 0

4/13/2010 12:53:31 PM Files cleaned: 0

4/13/2010 12:53:31 PM Files deleted: 0

4/13/2010 1:17:57 PM Engine version = 5400.1158

4/13/2010 1:17:57 PM AntiVirus DAT version = 5949.0000

4/13/2010 1:17:57 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 1:17:57 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 3:31:49 PM Statistics:

4/13/2010 3:31:49 PM Files scanned: 2188

4/13/2010 3:31:49 PM Files detected: 0

4/13/2010 3:31:49 PM Files cleaned: 0

4/13/2010 3:31:49 PM Files deleted: 0

4/13/2010 3:33:33 PM Engine version = 5400.1158

4/13/2010 3:33:33 PM AntiVirus DAT version = 5949.0000

4/13/2010 3:33:33 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 3:33:33 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 3:44:25 PM Statistics:

4/13/2010 3:44:25 PM Files scanned: 249

4/13/2010 3:44:25 PM Files detected: 0

4/13/2010 3:44:25 PM Files cleaned: 0

4/13/2010 3:44:25 PM Files deleted: 0

4/13/2010 3:48:25 PM Engine version = 5400.1158

4/13/2010 3:48:25 PM AntiVirus DAT version = 5949.0000

4/13/2010 3:48:25 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 3:48:25 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:23:06 PM Statistics:

4/13/2010 4:23:06 PM Files scanned: 627

4/13/2010 4:23:06 PM Files detected: 0

4/13/2010 4:23:06 PM Files cleaned: 0

4/13/2010 4:23:06 PM Files deleted: 0

4/13/2010 4:24:50 PM Engine version = 5400.1158

4/13/2010 4:24:50 PM AntiVirus DAT version = 5949.0000

4/13/2010 4:24:50 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 4:24:50 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:29:21 PM Statistics:

4/13/2010 4:29:21 PM Files scanned: 1424

4/13/2010 4:29:21 PM Files detected: 0

4/13/2010 4:29:21 PM Files cleaned: 0

4/13/2010 4:29:21 PM Files deleted: 0

4/13/2010 4:32:23 PM Engine version = 5400.1158

4/13/2010 4:32:23 PM AntiVirus DAT version = 5949.0000

4/13/2010 4:32:23 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 4:32:23 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:42:19 PM Statistics:

4/13/2010 4:42:19 PM Files scanned: 584

4/13/2010 4:42:19 PM Files detected: 0

4/13/2010 4:42:19 PM Files cleaned: 0

4/13/2010 4:42:19 PM Files deleted: 0

4/13/2010 4:43:50 PM Engine version = 5400.1158

4/13/2010 4:43:50 PM AntiVirus DAT version = 5949.0000

4/13/2010 4:43:50 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 4:43:50 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:58:07 PM Engine version = 5400.1158

4/13/2010 4:58:07 PM AntiVirus DAT version = 5949.0000

4/13/2010 4:58:07 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 4:58:07 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:58:09 PM Engine version = 5400.1158

4/13/2010 4:58:09 PM AntiVirus DAT version = 5949.0000

4/13/2010 4:58:09 PM Number of detection signatures in EXTRA.DAT = None

4/13/2010 4:58:09 PM Names of detection signatures in EXTRA.DAT = None

4/13/2010 4:59:11 PM Statistics:

4/13/2010 4:59:11 PM Files scanned: 414

4/13/2010 4:59:11 PM Files detected: 0

4/13/2010 4:59:11 PM Files cleaned: 0

4/13/2010 4:59:11 PM Files deleted: 0

4/14/2010 7:42:06 AM Engine version = 5400.1158

4/14/2010 7:42:06 AM AntiVirus DAT version = 5949.0000

4/14/2010 7:42:06 AM Number of detection signatures in EXTRA.DAT = None

4/14/2010 7:42:06 AM Names of detection signatures in EXTRA.DAT = None

4/14/2010 7:47:21 AM Engine version = 5400.1158

4/14/2010 7:47:21 AM AntiVirus DAT version = 5950.0000

4/14/2010 7:47:21 AM Number of detection signatures in EXTRA.DAT = None

4/14/2010 7:47:21 AM Names of detection signatures in EXTRA.DAT = None

Trend Micro HijackThis Log

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:36:45 AM, on 4/14/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\USB Disk Security\USBGuard.exe

C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\McAfee\Common Framework\FrameworkService.exe

C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\McAfee\Common Framework\UdaterUI.exe

C:\Program Files\McAfee\Common Framework\McTray.exe

C:\Program Files\DivX\DivX Update\DivXUpdate.exe

C:\Program Files\Total Video Converter\tvc.exe

C:\Documents and Settings\reymond\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Documents and Settings\reymond\Local Settings\Application Data\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe

O4 - HKLM\..\Run: [uSB Antivirus] C:\Program Files\USB Disk Security\USBGuard.exe

O4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE

O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript

O4 - HKCU\..\Run: [Active Desktop Calendar] C:\Program Files\XemiComputers\Active Desktop Calendar\ADC.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html

O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe

O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe

O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe

--

End of file - 4335 bytes

I CAN'T TURN OFF MY INTERNET FOREVER, NEED YOUR HELP PLEASE . . . .

ark.rar

Link to post
Share on other sites
Mondsky

Mondsky

Posted
  • Author
Posted

Each time I connect to the internet, my McAfee keeps blocking an attack to my svchost.exe over & over again. Please see below Log File:

4/10/2010 9:05:11 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:06:15 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:20:26 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:20:42 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:36:33 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:40:11 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 9:51:32 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 10:47:30 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 10:47:48 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 10:48:07 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:18:22 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:26:07 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:30:14 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:35:00 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:40:52 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:46:19 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:48:38 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:57:14 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 11:59:19 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:00:22 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:39:41 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:49:12 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:56:08 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:56:37 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:56:48 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 12:57:53 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 1:02:53 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:22:11 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:25:12 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:29:27 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:31:16 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:38:32 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:40:14 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:58:04 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 2:59:38 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 3:00:57 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 3:15:09 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 3:16:22 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 3:49:23 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:15:27 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:19:32 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:29:32 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:33:20 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:37:07 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/10/2010 4:37:46 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 7:55:41 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:27:49 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:30:17 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:42:47 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:43:20 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:43:57 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:44:51 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:45:53 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:46:02 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:47:55 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 9:54:28 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:09:02 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:13:55 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:17:01 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:26:20 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:33:30 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:37:10 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:41:08 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:42:13 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 10:44:12 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:15:46 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:21:03 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:28:08 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:29:25 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:31:27 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:40:26 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:40:47 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:42:14 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:43:31 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:46:21 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:47:22 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:49:24 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:52:57 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 11:57:11 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:02:42 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:03:10 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:07:54 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:14:36 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:15:36 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:18:15 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:19:59 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:20:58 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 12:28:45 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:32:06 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:41:46 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:44:03 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:46:17 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:46:42 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:47:58 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:51:05 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:55:41 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:57:20 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:57:54 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 1:59:54 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:00:14 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:19:36 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:25:52 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:28:11 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:36:41 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:38:56 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:39:57 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 2:41:08 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/12/2010 3:16:27 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:13:12 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:13:52 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:14:38 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:15:56 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:16:28 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:17:37 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:21:36 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:22:51 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 8:59:16 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 9:06:07 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 9:08:43 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 9:14:32 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 4:03:41 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 4:50:55 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/13/2010 4:52:00 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 7:53:16 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 9:35:05 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 11:13:39 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 11:14:13 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 11:15:49 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 1:29:07 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/14/2010 1:49:28 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 7:53:15 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 7:57:04 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 8:26:34 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 8:27:02 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 8:27:48 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 8:29:44 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 8:30:09 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 9:39:45 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 1:13:24 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 1:13:57 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/15/2010 4:24:06 PM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 7:58:55 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:10:31 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:13:56 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:14:26 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:17:38 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:25:39 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:29:45 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:31:13 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:31:39 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

4/16/2010 8:37:04 AM Blocked by Buffer Overflow Protection NT AUTHORITY\SYSTEM C:\WINDOWS\System32\svchost.exe:KERNEL32.LoadLibraryA BO:Writable BO:Stack

After a few minutes, a systems error windows pops-up "Generic Host Win32 Service Error" (see attached) which causes my PC to hang or crash. This only happens when i connect to the internet. Need Help.

post-39038-1271385224_thumb.jpg

Link to post
Share on other sites
Mondsky

Mondsky

Posted
  • Author
Posted

My McAfee keeps detecting & deleting a Backdoor Trojan BLAZE.EXE each time I connect to the internet. Even if its deleted, it keeps coming back each time I reconnect.

Location: C:Windows\System32\Blaze.exe

Detected As: Generic Backdoor!cdk

Detection Type: Trojan

Application: C:\Windows\System32\ftp.exeUsername: NTAuthority\System

Need help please . . .

Link to post
Share on other sites
Maniac

Maniac

Posted
Posted

Hello Mondsky!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

  • The process of cleaning your system may take some time, so please be patient.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • If you don't know or can't understand something please ask.
  • Do not install any software or hardware, while work on.

Step 1:

Download DDS and save it to your desktop from here or here or here.

Disable any script blocker, and then double click dds.scr to run the tool.

  • When done, DDS will open two (2) logs:
    1. DDS.txt
    2. Attach.txt

    [*]Save both reports to your desktop. Post them back to your topic.

Step 2:

Please download the following scanning tool. GMER

  • Open the zip file and copy the file
    gmer.exe
    to your Desktop.

  • Double click on
    gmer.exe
    and run it.

  • It may take a minute to load and become available.

  • Do not make any changes. Click on the
    SCAN
    button and DO NOT use the computer while it's scanning.

  • Once the scan is done click on the
    SAVE
    button and browse to your Desktop and save the file as
    GMER.LOG

  • Zip up the
    GMER.LOG
    file and save it as
    gmerlog.zip
    and attach it to your reply post.

  • DO NOT
    directly post this log into a reply. You
    MUST
    attach it as a
    .ZIP
    file.

  • Click OK and quit the GMER program.

In your next reply, please include these log(s):

* DDS log with Attach.txt

* GMER log

Link to post
Share on other sites
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.