jmackin Posted January 21, 2008 Report Share Posted January 21, 2008 (edited) I have created a Hijacklog because my computer has moved slow and been acting funny - I did the F-Secure scan as well as windows defener and PANDA and I also have Norton 360. I am currently looking for a good spyware program to run but I was hoping someone would review this and make sure everything seems kosher.thanks!Logfile of HijackThis v1.99.1Scan saved at 4:55:46 PM, on 1/21/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\Ati2evxx.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\brsvc01a.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\system32\brss01a.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\Lexmark 5400 Series\lxctmon.exeC:\Program Files\Lexmark 5400 Series\ezprint.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\lxctcoms.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Cisco Systems\VPN Client\vpngui.exeC:\WINDOWS\system32\mstsc.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Internet Explorer\IEXPLORE.EXEC:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /sO4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: VPN Client.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cabO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cabO16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.comO17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.comO17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.comO17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.comO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing)**addition**Panda scan log what is really needed to get this goneIncident Status Location Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][2].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@atdmt[2].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@atwola[2].txt Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@azjmp[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@belnk[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@burstnet[1].txt Spyware:Cookie/360i Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@did-it[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@go[1].txt Spyware:Cookie/Target Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer mackin@target[1].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Jennifer Mackin\Cookies\jennifer [email protected][1].txt Adware:Adware/SaveNow Not disinfected C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Virus:Trj/Spamtaload.AW Disinfected Personal Folders\Deleted Items\[Norton AntiSpam] Mail Transaction Failed\text.zip[text.log.exe] Virus:Bck/mIRCBased.AW Disinfected C:\Program Files\mIRC\mirc.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.com] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc9.exe[nircmd.cfexe] Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\NirCmd.exe Edited January 22, 2008 by JennMack Link to post Share on other sites
rmurphy Posted January 25, 2008 Report Share Posted January 25, 2008 Welcome to BestTechie. I'm Ryan, and I'll be helping you.Everything looks good, but let's see if Kaspersky will find anything.Please do an online scan with Kaspersky WebScannerClick on AcceptYou will be promted to install an ActiveX component from Kaspersky, Click Yes.The program will launch and then begin downloading the latest definition files:Once the files have been downloaded click on NEXTNow click on Scan SettingsIn the scan settings make that the following are selected:Scan using the following Anti-Virus database:Extended (if available otherwise Standard)Scan Options:Scan ArchivesScan Mail Bases[*]Click OK[*]Now under select a target to scan:Select My Computer[*]This will program will start and scan your system.[*]The scan will take a while so be patient and let it run.[*]Once the scan is complete it will display if your system has been infected.Now click on the Save as Text button:[*]Save the file to your desktop.[*]Copy and paste that information in your next post.-Ryan Link to post Share on other sites
jmackin Posted January 26, 2008 Author Report Share Posted January 26, 2008 Thanks Ryan - here is the txt docKASPERSKY ONLINE SCANNER REPORT Saturday, January 26, 2008 4:05:00 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 26/01/2008 Kaspersky Anti-Virus database records: 533449-------------------------------------------------------------------------------Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: trueScan Target - My Computer: C:\ D:\ E:\ F:\ G:\ H:\ I:\Scan Statistics: Total number of scanned objects: 86162 Number of viruses found: 6 Number of infected objects: 28 Number of suspicious objects: 0 Duration of the scan process: 01:20:32Infected Object Name / Virus Name / Last ActionC:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-01202008-222101.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\InboxLOG.txt Object is locked skippedC:\Documents and Settings\All Users\Application Data\Microsoft\Windows NT\MSFax\ActivityLog\OutboxLOG.txt Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2A231A7B.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skippedC:\Documents and Settings\All Users\Application Data\Symantec\Shared\QBackup\index.qbs Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBConfig.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDebug.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBDetect.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBNotify.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBRefr.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetCfg2.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetDev.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetLoc.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBSetUsr.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBStHash.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\BBValid.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPPolicy.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStart.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SPBBC\SPStop.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtErEvt.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtETmp\59DBE3D2.TMP Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtMoEvt.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtNvEvt.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtScEvt.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtTxFEvt.log Object is locked skippedC:\Documents and Settings\All Users\Application Data\Symantec\SRTSP\SrtViEvt.log Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\cert8.db Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\formhistory.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\history.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\key3.db Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\parent.lock Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\search.sqlite Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\urlclassifier2.sqlite Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\6.0\58\44eef97a-79f0dd94 ZIP: infected - 1 skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip/vlocal.class Infected: Trojan-Downloader.Java.Agent.f skippedC:\Documents and Settings\Jennifer Mackin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmsecman.jar-69ee0e0e-6707c731.zip ZIP: infected - 1 skippedC:\Documents and Settings\Jennifer Mackin\Cookies\index.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe/file9 Infected: not-a-virus:AdTool.Win32.WhenU.a skippedC:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Inno: infected - 1 skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr00005.log Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\dfsr.db Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsr.log Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\fsrtmp.log Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_1A64_FCBD_64FC_9D27\tmp.edb Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{C0839FCD-891E-4022-B1B8-A1D61FB9A338} Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_001_ Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_002_ Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_003_ Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Application Data\Mozilla\Firefox\Profiles\7iom7s9m.default\Cache\_CACHE_MAP_ Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\History\History.IE5\MSHist012008012620080127\index.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6346.tmp Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF6565.tmp Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8115.tmp Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Temp\~DF8130.tmp Object is locked skippedC:\Documents and Settings\Jennifer Mackin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\Jennifer Mackin\NTUSER.DAT Object is locked skippedC:\Documents and Settings\Jennifer Mackin\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skippedC:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skippedC:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skippedC:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skippedC:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CAAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CBAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CCAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\CDAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PAAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PBAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PCAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\PDAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RAAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RBAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RCAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.DBF Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RDAAAAAA.FPT Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.CDX Object is locked skippedC:\Program Files\Cisco Systems\VPN Client\Certificates\RSADB.DBF Object is locked skippedC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcrst.dll Object is locked skippedC:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAD.dat Object is locked skippedC:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWADMT.dat Object is locked skippedC:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.dat Object is locked skippedC:\Program Files\Common Files\Symantec Shared\coShared\WA\1.5\NCOWAS.ldb Object is locked skippedC:\Program Files\Common Files\Symantec Shared\EENGINE\EPERSIST.DAT Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDALRT.log Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDCON.log Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDDBG.log Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDFW.log Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDIDS.log Object is locked skippedC:\Program Files\Common Files\Symantec Shared\SNDSYS.log Object is locked skippedC:\Program Files\Norton 360\Log\AutoProtect.log Object is locked skippedC:\Program Files\Norton 360\Log\AVContext.log Object is locked skippedC:\Program Files\Norton 360\Log\AVManual.log Object is locked skippedC:\Program Files\Norton 360\Log\Backup.log Object is locked skippedC:\Program Files\Norton 360\Log\CUInternetPageViewHistory.log Object is locked skippedC:\Program Files\Norton 360\Log\CUInternetSearchHistory.log Object is locked skippedC:\Program Files\Norton 360\Log\CUInternetTempFiles.log Object is locked skippedC:\Program Files\Norton 360\Log\CUWindowsTempFiles.log Object is locked skippedC:\Program Files\Norton 360\Log\EmailScan.log Object is locked skippedC:\Program Files\Norton 360\Log\InternetSecurity.log Object is locked skippedC:\Program Files\Norton 360\Log\ISIntrusionPrevented.log Object is locked skippedC:\Program Files\Norton 360\Log\ISIOTraffic.log Object is locked skippedC:\Program Files\Norton 360\Log\ISNewNetwork.log Object is locked skippedC:\Program Files\Norton 360\Log\LiveUpdate.log Object is locked skippedC:\Program Files\Norton 360\Log\NCO.log Object is locked skippedC:\Program Files\Norton 360\Log\VABrowserSettings.log Object is locked skippedC:\Program Files\Norton 360\Log\VAIPAddresses.log Object is locked skippedC:\Program Files\Norton 360\Log\VAWeakPasswords.log Object is locked skippedC:\Program Files\Norton 360\Log\WDFScanner.log Object is locked skippedC:\Program Files\RealVNC\WinVNC\othread2.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\Program Files\RealVNC\WinVNC\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\Program Files\RealVNC\WinVNC\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\QooBox\Quarantine\C\a.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skippedC:\QooBox\Quarantine\C\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows32.exe.vir Infected: Trojan-Spy.Win32.Banker.fgw skippedC:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe/data0004 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\RECYCLER\S-1-5-21-3583174769-1769637256-4123306712-1005\Dc8.exe Inno: infected - 3 skippedC:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP601\A0039419.exe Infected: Trojan-Spy.Win32.Banker.fgw skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream/data0014 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream/data0001 Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.63 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP602\A0039436.exe NSIS: infected - 4 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040360.exe Infected: Trojan-Spy.Win32.Banker.fgw skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP615\A0040361.exe Infected: Trojan-Spy.Win32.Banker.fgw skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040420.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0040421.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP618\A0041339.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.c skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP621\A0041534.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.60 skippedC:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP629\change.log Object is locked skippedC:\WINDOWS\Debug\PASSWD.LOG Object is locked skippedC:\WINDOWS\Internet Logs\tvDebug.log Object is locked skippedC:\WINDOWS\ModemLog_Conexant D850 56K V.9x DFVc Modem.txt Object is locked skippedC:\WINDOWS\SchedLgU.Txt Object is locked skippedC:\WINDOWS\SoftwareDistribution\EventCache\{7CA81C9B-7607-4A2C-BB57-E746C405E856}.bin Object is locked skippedC:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skippedC:\WINDOWS\Sti_Trace.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\edb.log Object is locked skippedC:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skippedC:\WINDOWS\system32\config\AppEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\DEFAULT Object is locked skippedC:\WINDOWS\system32\config\default.LOG Object is locked skippedC:\WINDOWS\system32\config\SAM Object is locked skippedC:\WINDOWS\system32\config\SAM.LOG Object is locked skippedC:\WINDOWS\system32\config\SecEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SECURITY Object is locked skippedC:\WINDOWS\system32\config\SECURITY.LOG Object is locked skippedC:\WINDOWS\system32\config\SOFTWARE Object is locked skippedC:\WINDOWS\system32\config\software.LOG Object is locked skippedC:\WINDOWS\system32\config\SysEvent.Evt Object is locked skippedC:\WINDOWS\system32\config\SYSTEM Object is locked skippedC:\WINDOWS\system32\config\system.LOG Object is locked skippedC:\WINDOWS\system32\h323log.txt Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skippedC:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skippedC:\WINDOWS\Temp\JET8B45.tmp Object is locked skippedC:\WINDOWS\Temp\JET8C9D.tmp Object is locked skippedC:\WINDOWS\wiadebug.log Object is locked skippedC:\WINDOWS\wiaservc.log Object is locked skippedC:\WINDOWS\WindowsUpdate.log Object is locked skippedScan process completed. Link to post Share on other sites
rmurphy Posted January 26, 2008 Report Share Posted January 26, 2008 You will want to print out these instructions, or save them to notepad so that you can refer to them later.Please download ATF Cleaner by Atribune.This program is for XP and Windows 2000 onlyClose all Internet Explorer, Firefox, and Opera windows before continuing.Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select AllClick the Empty Selected button.If you use Firefox browserClick Firefox at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.If you use Opera browserClick Opera at the top and choose: Select AllClick the Empty Selected button.NOTE: If you would like to keep your saved passwords, please click No at the prompt.Click Exit on the Main menu to close the program.For Technical Support, double-click the e-mail address located at the bottom of each menu.Let's make a new restore point and clear the others:Go - Start>Programmes>Accessories>System Tools>System Restore>Create a New Restore point. Go - Start>Programmes>Accessories>System Tools>Disc Cleanup>"More Options" Tab>Remove All But Most Recent Point. Please do this for each hard drive that you have connected to the computerPlease download ComboFix from Here1. Please open Notepad Click Start , then RunType notepad .exe in the Run Box.2. Now copy/paste the entire content of the codebox below into the Notepad window:File::C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe3. Save the above as CFScript.txt4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:Combofix.txt A new HijackThis log.-Ryan Link to post Share on other sites
jmackin Posted January 26, 2008 Author Report Share Posted January 26, 2008 Ryan,So I am only getting rid of bitlord_1.1 which I do us? that is all that is quoted?File::C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe Link to post Share on other sites
jmackin Posted January 26, 2008 Author Report Share Posted January 26, 2008 combo below:ComboFix 08-01-23.1C - Jennifer Mackin 2008-01-26 17:48:35.2 - NTFSx86Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.369 [GMT -6:00]Running from: C:\Documents and Settings\Jennifer Mackin\Desktop\ComboFix.exeCommand switches used :: C:\Documents and Settings\Jennifer Mackin\Desktop\CFScript.txt * Created a new restore pointWARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!FILEC:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe.((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))).C:\Documents and Settings\Jennifer Mackin\Desktop\IPOD Movies\BitLord_1.1.exe.((((((((((((((((((((((((( Files Created from 2007-12-26 to 2008-01-26 ))))))))))))))))))))))))))))))).2008-01-26 10:14 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab2008-01-25 09:10 . 2008-01-25 09:10 <DIR> d-------- C:\WINDOWS\LastGood2008-01-24 20:53 . 2006-10-04 08:06 1,197,294 --------- C:\WINDOWS\system32\dllcache\sysmain.sdb2008-01-24 20:53 . 2006-10-04 08:06 764,868 --------- C:\WINDOWS\system32\dllcache\apph_sp.sdb2008-01-24 20:53 . 2006-10-04 08:06 217,118 --------- C:\WINDOWS\system32\dllcache\apphelp.sdb2008-01-24 20:52 . 2008-01-24 20:52 <DIR> d-------- C:\Program Files\Windows Media Connect 22008-01-24 20:50 . 2008-01-24 20:50 <DIR> d-------- C:\WINDOWS\system32\LogFiles2008-01-24 20:50 . 2008-01-24 20:51 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF2008-01-23 20:18 . 2008-01-23 20:18 <DIR> d-------- C:\Program Files\Common Files\xing shared2008-01-21 16:49 . 2008-01-21 18:03 <DIR> d-------- C:\WINDOWS\system32\ActiveScan2008-01-21 16:49 . 2008-01-21 16:49 30,590 --a------ C:\WINDOWS\system32\pavas.ico2008-01-21 16:49 . 2008-01-21 16:49 2,550 --a------ C:\WINDOWS\system32\Uninstall.ico2008-01-21 16:49 . 2008-01-21 16:49 1,406 --a------ C:\WINDOWS\system32\Help.ico2008-01-21 16:00 . 2008-01-21 16:00 <DIR> d-------- C:\Program Files\Citrix2008-01-21 04:56 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll2008-01-21 04:56 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui2008-01-20 22:20 . 2008-01-21 17:54 <DIR> d-------- C:\Program Files\Windows Defender2008-01-20 22:17 . 2008-01-20 22:23 <DIR> d-------- C:\Program Files\Windows Live Safety Center2008-01-20 21:41 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe2008-01-20 19:02 . 2007-09-24 23:31 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl2008-01-20 18:54 . 2008-01-26 10:14 <DIR> d-------- C:\WINDOWS\Downloaded Program Files2008-01-20 18:54 . 2005-07-04 16:03 1,650,688 --a------ C:\WINDOWS\system32\qdiagdwc.ocx2008-01-20 18:54 . 2004-06-15 15:55 7,882 --a------ C:\WINDOWS\system32\GTKCMOS.sys2008-01-20 18:54 . 2005-02-08 12:37 7,626 --a------ C:\WINDOWS\system32\GPCIEnum.sys2008-01-20 18:54 . 2005-02-09 13:08 7,168 --a------ C:\WINDOWS\system32\DLPT64.sys2008-01-20 18:54 . 2004-06-09 09:29 6,977 --a------ C:\WINDOWS\system32\DDMI2.sys2008-01-20 18:54 . 2005-03-13 16:54 6,656 --a------ C:\WINDOWS\system32\DLPT2.sys2008-01-20 18:54 . 2005-02-08 13:04 5,632 --a------ C:\WINDOWS\system32\GPCIEn64.sys2008-01-20 18:54 . 2005-02-08 15:46 5,120 --a------ C:\WINDOWS\system32\GTKCMO64.sys2008-01-20 18:54 . 2005-02-07 19:07 4,608 --a------ C:\WINDOWS\system32\DDMI64.sys2008-01-19 10:49 . 2008-01-19 10:49 <DIR> d-------- C:\Program Files\DellSupport2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\Windows Installer Clean Up2008-01-16 17:24 . 2008-01-16 17:24 <DIR> d-------- C:\Program Files\MSECACHE2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iTunes2008-01-15 18:50 . 2008-01-15 18:50 <DIR> d-------- C:\Program Files\iPod2008-01-15 18:48 . 2008-01-15 18:49 <DIR> d-------- C:\Program Files\QuickTime2008-01-13 23:09 . 2008-01-20 21:25 5 --a------ C:\WINDOWS\winload.inf2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts2007-12-27 18:45 . 2007-12-27 18:48 <DIR> d-------- C:\Program Files\Picasa2.(((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))).2008-01-26 23:41 --------- d-----w C:\Program Files\Lx_cats2008-01-25 12:30 --------- d-----w C:\Program Files\Common Files\Symantec Shared2008-01-24 02:18 --------- d-----w C:\Program Files\Real2008-01-24 02:18 --------- d-----w C:\Program Files\Common Files\Real2008-01-21 23:52 --------- d-----w C:\Program Files\Norton 3602008-01-21 23:51 --------- d-----w C:\Program Files\MSN Messenger2008-01-21 23:51 --------- d-----w C:\Program Files\mIRC2008-01-21 23:48 --------- d-----w C:\Program Files\Lexmark 5400 Series2008-01-21 23:45 --------- d-----w C:\Program Files\Google2008-01-21 22:22 3,506 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys2008-01-21 22:21 --------- d-----w C:\Program Files\Common Files\Corel2008-01-21 16:36 --------- d-----w C:\Program Files\Plaxo2008-01-21 13:16 --------- d-----w C:\Program Files\RealVNC2008-01-21 01:02 --------- d-----w C:\Program Files\Java2008-01-19 16:25 --------- d-----w C:\Program Files\Roxio2008-01-16 23:37 --------- d-----w C:\Program Files\Dell2008-01-16 23:35 --------- d-----w C:\Program Files\Kodak2008-01-16 23:30 --------- d-----w C:\Program Files\Flashation Menu Builder2008-01-03 23:21 --------- d--h--w C:\Program Files\InstallShield Installation Information2007-12-25 18:37 --------- d-----w C:\Program Files\Common Files\Kodak2007-12-14 00:39 --------- d-----w C:\Program Files\Lexmark Toolbar2007-12-14 00:39 --------- d-----w C:\Program Files\Abbyy FineReader 6.0 Sprint2007-12-12 12:29 805 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.INF2007-12-12 12:29 60,800 ----a-w C:\WINDOWS\system32\S32EVNT1.DLL2007-12-12 12:29 123,952 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.SYS2007-12-12 12:29 10,740 ----a-w C:\WINDOWS\system32\drivers\SYMEVENT.CAT2007-12-12 12:29 --------- d-----w C:\Program Files\Symantec2007-12-01 05:57 43,696 ----a-w C:\WINDOWS\system32\drivers\srtspx.sys2007-12-01 05:57 317,616 ----a-w C:\WINDOWS\system32\drivers\srtspl.sys2007-12-01 05:57 279,088 ----a-w C:\WINDOWS\system32\drivers\srtsp.sys2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspx.cat2007-12-01 05:57 10,549 ----a-w C:\WINDOWS\system32\drivers\srtspl.cat2007-12-01 05:57 10,545 ----a-w C:\WINDOWS\system32\drivers\srtsp.cat2007-12-01 05:57 1,430 ----a-w C:\WINDOWS\system32\drivers\srtspl.inf2007-12-01 05:57 1,421 ----a-w C:\WINDOWS\system32\drivers\srtspx.inf2007-12-01 05:57 1,415 ----a-w C:\WINDOWS\system32\drivers\srtsp.inf2007-11-14 07:26 450,560 ------w C:\WINDOWS\system32\dllcache\jscript.dll2007-11-07 09:26 721,920 ----a-w C:\WINDOWS\system32\lsasrv.dll2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll2007-10-30 16:53 360,832 ------w C:\WINDOWS\system32\dllcache\tcpip.sys2007-10-30 09:55 3,065,856 ------w C:\WINDOWS\system32\dllcache\mshtml.dll2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll2007-10-29 22:43 1,287,680 ------w C:\WINDOWS\system32\dllcache\quartz.dll2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll2007-10-27 23:40 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll2007-10-26 03:34 8,460,288 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll2006-08-15 01:18 88 --sh--r C:\WINDOWS\system32\3D9842D320.sys.((((((((((((((((((((((((((((( snapshot@2008-01-20_21.47.07.10 ))))))))))))))))))))))))))))))))))))))))).+ 2006-10-04 14:05:26 39,424 ------w C:\WINDOWS\AppPatch\acadproc.dll+ 2006-08-24 14:28:54 141,424 ----a-w C:\WINDOWS\Downloaded Program Files\asinst.dll+ 2007-05-07 22:38:46 500,120 ----a-w C:\WINDOWS\Downloaded Program Files\daas_s.dll+ 2002-07-26 00:13:18 24,576 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.dll+ 2002-07-26 00:13:12 196,608 ----a-w C:\WINDOWS\Downloaded Program Files\dwusplay.exe+ 2007-05-07 22:39:00 192,920 ----a-w C:\WINDOWS\Downloaded Program Files\fsauc.dll+ 2007-05-07 22:39:24 254,360 ----a-w C:\WINDOWS\Downloaded Program Files\fscax.dll+ 2005-06-10 16:44:02 417,792 ----a-w C:\WINDOWS\Downloaded Program Files\isusweb.dll+ 2007-10-15 16:02:14 465,472 ----a-w C:\WINDOWS\Downloaded Program Files\wlscBase.dll- 2008-01-21 03:43:13 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT+ 2008-01-26 23:48:16 233,472 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT- 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat+ 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat- 2008-01-21 03:43:13 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT+ 2008-01-26 23:48:17 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT- 2008-01-21 03:43:13 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat+ 2008-01-26 23:48:17 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat- 2008-01-21 03:43:13 5,513,216 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT+ 2008-01-26 23:48:17 6,144,000 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT- 2008-01-21 03:43:13 155,648 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat+ 2008-01-26 23:48:17 217,088 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\inf\unregmp2.exe+ 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\inf\unregmp2.exe- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\ARPPRODUCTICON.exe- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut2_8A9B8148DDD7448FBD6C358386D32354.exe- 2006-06-13 02:47:01 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe+ 2008-01-21 22:21:36 22,486 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut3_928F762215294C13AD31D1888867DB93.exe- 2006-06-13 02:47:01 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe+ 2008-01-21 22:21:36 61,440 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\NewShortcut7_8A9B8148DDD7448FBD6C358386D32354.exe- 2006-06-13 02:47:01 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe+ 2008-01-21 22:21:36 65,536 ----a-r C:\WINDOWS\Installer\{8A9B8148-DDD7-448F-BD6C-358386D32354}\Shortcut0.C3A146F5_4B48_11D5_A819_00B0D0428C0C.exe+ 2007-03-29 15:20:50 110,592 ----a-w C:\WINDOWS\system32\ActiveScan\as.dll+ 2006-10-05 22:15:26 233,472 ----a-w C:\WINDOWS\system32\ActiveScan\ascontrol.dll+ 2005-06-03 20:03:18 96,256 ----a-w C:\WINDOWS\system32\ActiveScan\asmdat.dll+ 2003-08-01 17:00:16 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\certdll.dll+ 2005-05-20 19:42:44 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\instlsp.dll+ 2007-11-12 15:46:18 26,112 ----a-w C:\WINDOWS\system32\ActiveScan\JID.dll+ 2006-02-17 00:20:20 4,608 ----a-w C:\WINDOWS\system32\ActiveScan\memvfile.dll+ 2005-10-26 00:08:32 348,160 ----a-w C:\WINDOWS\system32\ActiveScan\msvcr71.dll+ 2007-11-26 17:10:36 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\NanoWrapper.dll+ 2004-05-04 21:01:02 139,264 ----a-w C:\WINDOWS\system32\ActiveScan\pavaleas.dll+ 2006-07-14 19:04:10 45,056 ----a-w C:\WINDOWS\system32\ActiveScan\pavdr.exe+ 2006-04-10 16:50:02 159,832 ----a-w C:\WINDOWS\system32\ActiveScan\pavexcom.dll+ 2006-02-14 19:05:38 94,208 ----a-w C:\WINDOWS\system32\ActiveScan\pavinas.dll+ 2006-02-17 00:35:38 180,224 ----a-w C:\WINDOWS\system32\ActiveScan\pavoe.dll+ 2006-10-05 22:15:38 122,880 ----a-w C:\WINDOWS\system32\ActiveScan\pavpz.dll+ 2007-06-04 17:31:52 57,344 ----a-w C:\WINDOWS\system32\ActiveScan\pavsddl.dll+ 2006-06-30 20:13:38 8,704 ----a-w C:\WINDOWS\system32\ActiveScan\pfdnnt.exe+ 2004-02-04 20:08:42 49,152 ----a-w C:\WINDOWS\system32\ActiveScan\port32.dll+ 2007-10-30 16:04:14 36,864 ----a-w C:\WINDOWS\system32\ActiveScan\Prescan.dll+ 2006-08-01 19:23:10 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pscpu.dll+ 2007-11-21 16:00:06 376,832 ----a-w C:\WINDOWS\system32\ActiveScan\pskahk.dll+ 2007-10-31 19:05:06 32,768 ----a-w C:\WINDOWS\system32\ActiveScan\PSKAHKPRESCAN.dll+ 2006-08-17 17:38:14 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\pskalloc.dll+ 2006-09-04 17:49:54 61,440 ----a-w C:\WINDOWS\system32\ActiveScan\pskas.dll+ 2006-08-18 14:46:18 779,264 ----a-w C:\WINDOWS\system32\ActiveScan\pskavs.dll+ 2007-03-26 20:25:34 417,792 ----a-w C:\WINDOWS\system32\ActiveScan\pskcmp.dll+ 2006-08-09 16:42:24 90,112 ----a-w C:\WINDOWS\system32\ActiveScan\pskfss.dll+ 2006-07-19 16:55:58 208,896 ----a-w C:\WINDOWS\system32\ActiveScan\pskhtml.dll+ 2006-01-20 22:57:00 9,728 ----a-w C:\WINDOWS\system32\ActiveScan\pskmas.dll+ 2006-05-17 15:50:12 14,336 ----a-w C:\WINDOWS\system32\ActiveScan\pskmdfs.dll+ 2006-08-16 16:58:12 33,280 ----a-w C:\WINDOWS\system32\ActiveScan\pskpack.dll+ 2006-06-30 20:42:36 266,240 ----a-w C:\WINDOWS\system32\ActiveScan\pskscs.dll+ 2006-08-17 20:33:14 62,976 ----a-w C:\WINDOWS\system32\ActiveScan\pskutil.dll+ 2006-08-08 19:13:10 13,312 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfile.dll+ 2006-08-18 14:53:08 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\pskvfs.dll+ 2006-08-18 14:49:50 167,936 ----a-w C:\WINDOWS\system32\ActiveScan\pskvm.dll+ 2007-10-18 15:30:16 105,472 ----a-w C:\WINDOWS\system32\ActiveScan\psnahk.dll+ 2007-11-23 20:29:08 10,752 ----a-w C:\WINDOWS\system32\ActiveScan\psndsk.dll+ 2007-10-18 15:30:38 42,496 ----a-w C:\WINDOWS\system32\ActiveScan\psnflg.dll+ 2007-10-30 17:19:22 98,304 ----a-w C:\WINDOWS\system32\ActiveScan\psnglknt.dll+ 2007-08-22 14:52:00 20,272 ----a-w C:\WINDOWS\system32\ActiveScan\psnhsh.dll+ 2007-11-12 21:49:34 11,776 ----a-w C:\WINDOWS\system32\ActiveScan\psnjidsign.dll+ 2007-08-22 14:52:04 76,080 ----a-w C:\WINDOWS\system32\ActiveScan\psnkrnl.dll+ 2007-08-22 14:52:06 21,296 ----a-w C:\WINDOWS\system32\ActiveScan\psnmem.dll+ 2007-10-04 21:26:28 28,672 ----a-w C:\WINDOWS\system32\ActiveScan\PsnPen.dll+ 2007-10-23 17:40:10 86,016 ----a-w C:\WINDOWS\system32\ActiveScan\psntuc.dll+ 2007-05-24 17:27:36 27,136 ----a-w C:\WINDOWS\system32\ActiveScan\PSNXprs.dll+ 2007-04-18 23:16:04 353,840 ----a-w C:\WINDOWS\system32\ActiveScan\psscan.dll+ 2007-01-22 20:42:48 35,328 ----a-w C:\WINDOWS\system32\ActiveScan\rawvfile.dll+ 2007-06-08 15:44:36 8,576 ----a-w C:\WINDOWS\system32\ActiveScan\RKPavProc.sys+ 2007-06-05 16:56:40 44,928 ----a-w C:\WINDOWS\system32\ActiveScan\sdthook.sys+ 1997-09-18 12:12:32 9,488 ----a-w C:\WINDOWS\system32\ActiveScan\sporder.dll+ 2006-02-28 23:23:40 69,632 ----a-w C:\WINDOWS\system32\ActiveScan\tcpvfile.dll+ 2007-09-17 15:14:08 126,976 ----a-w C:\WINDOWS\system32\ActiveScan\Tucan.dll- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\asferror.dll+ 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\asferror.dll+ 2006-08-02 18:39:06 73,728 ----a-w C:\WINDOWS\system32\asuninst.exe- 2004-09-15 17:28:06 480,768 ----a-w C:\WINDOWS\system32\Audiodev.dll+ 2006-10-19 03:47:08 276,992 ----a-w C:\WINDOWS\system32\audiodev.dll- 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\blackbox.dll+ 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\blackbox.dll- 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\cewmdm.dll+ 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\cewmdm.dll- 2006-02-09 22:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr+ 2006-02-09 23:41:58 491,520 ----a-w C:\WINDOWS\system32\Corel Photo Album 6.scr- 2006-02-09 22:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll+ 2006-02-09 23:36:18 225,280 ----a-w C:\WINDOWS\system32\cpascrrc6.dll- 2004-09-15 17:28:06 8,192 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll+ 2006-10-19 03:47:08 7,168 ----a-w C:\WINDOWS\system32\dllcache\asferror.dll- 2005-01-28 18:44:28 294,912 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll+ 2006-10-19 03:47:10 542,720 ----a-w C:\WINDOWS\system32\dllcache\blackbox.dll- 2005-01-28 18:44:28 164,864 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll+ 2006-10-19 03:47:10 229,376 ----a-w C:\WINDOWS\system32\dllcache\cewmdm.dll- 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll+ 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\dllcache\drmv2clt.dll- 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\dllcache\laprxy.dll+ 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\dllcache\LAPRXY.dll- 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe+ 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\dllcache\logagent.exe- 2004-09-15 17:27:52 344,064 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll+ 2006-10-19 03:47:14 243,712 ----a-w C:\WINDOWS\system32\dllcache\mpvis.dll- 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll+ 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\dllcache\msnetobj.dll- 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll+ 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\dllcache\mspmsnsv.dll- 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll+ 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\dllcache\mspmsp.dll- 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll+ 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\dllcache\msscp.dll- 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll+ 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\dllcache\mswmdm.dll- 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll+ 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\dllcache\qasf.dll- 2004-09-15 17:27:54 819,200 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe+ 2006-11-02 00:31:38 1,669,120 ----a-w C:\WINDOWS\system32\dllcache\setup_wm.exe- 2004-09-15 17:27:54 192,512 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe+ 2007-06-27 04:10:26 317,440 ----a-w C:\WINDOWS\system32\dllcache\unregmp2.exe- 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\dllcache\wmadmod.dll+ 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\dllcache\WMADMOD.dll- 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\dllcache\wmadmoe.dll+ 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\dllcache\WMADMOE.dll- 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll+ 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmlog.dll- 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll+ 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\dllcache\wmdmps.dll- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll+ 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\dllcache\wmerror.dll- 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll+ 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\dllcache\wmidx.dll- 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\dllcache\wmnetmgr.dll+ 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\dllcache\WMNetMgr.dll- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll+ 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\dllcache\wmp.dll- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll+ 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\dllcache\wmpasf.dll- 2004-09-15 17:28:00 77,824 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll+ 2006-10-19 03:47:20 96,256 ----a-w C:\WINDOWS\system32\dllcache\wmpband.dll- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll+ 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\dllcache\wmpdxm.dll- 2004-09-15 17:28:00 73,728 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe+ 2006-10-19 03:46:20 64,000 ----a-w C:\WINDOWS\system32\dllcache\wmplayer.exe- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll+ 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\dllcache\wmploc.dll- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll+ 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\dllcache\wmpshell.dll- 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmod.dll- 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmsdmoe2.dll- 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\dllcache\wmspdmod.dll+ 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOD.dll- 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\dllcache\wmspdmoe.dll+ 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\dllcache\WMSPDMOE.dll- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll+ 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\dllcache\wmvcore.dll- 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmod.dll- 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\dllcache\wmvdmoe2.dll+ 2006-10-19 03:47:22 671,232 ------w C:\WINDOWS\system32\drivers\UMDF\wpdmtpdr.dll- 2005-01-28 18:44:28 18,944 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys+ 2006-10-19 02:00:00 38,528 ----a-w C:\WINDOWS\system32\drivers\wpdusb.sys+ 2006-09-29 00:55:50 77,568 ------w C:\WINDOWS\system32\drivers\WudfPf.sys+ 2006-09-29 01:00:34 82,944 ------w C:\WINDOWS\system32\drivers\WudfRd.sys+ 2006-10-19 02:00:46 249,856 ------w C:\WINDOWS\system32\drmupgds.exe- 2005-01-28 18:44:28 502,272 ----a-w C:\WINDOWS\system32\drmv2clt.dll+ 2006-10-19 03:47:10 991,744 ----a-w C:\WINDOWS\system32\drmv2clt.dll+ 2005-05-24 18:27:16 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll+ 2007-08-29 21:47:20 94,208 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe+ 2007-08-29 21:49:54 950,272 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll- 2005-01-28 18:44:28 6,656 ----a-w C:\WINDOWS\system32\laprxy.dll+ 2006-10-19 03:47:14 11,264 ----a-w C:\WINDOWS\system32\LAPRXY.dll- 2005-01-28 18:44:28 96,768 ----a-w C:\WINDOWS\system32\logagent.exe+ 2006-10-19 02:03:58 100,864 ----a-w C:\WINDOWS\system32\logagent.exe+ 2006-10-19 03:47:14 212,992 ------w C:\WINDOWS\system32\MFPLAT.dll+ 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MP43DECD.dll- 2004-08-04 10:00:00 310,272 ----a-w C:\WINDOWS\system32\mp43dmod.dll+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP43DMOD.dll+ 2006-10-19 03:47:14 317,440 ------w C:\WINDOWS\system32\MP4SDECD.dll- 2004-08-04 10:00:00 384,512 ----a-w C:\WINDOWS\system32\mp4sdmod.dll+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MP4SDMOD.dll+ 2006-10-19 03:47:14 259,072 ------w C:\WINDOWS\system32\MPG4DECD.dll- 2004-08-04 10:00:00 240,640 ----a-w C:\WINDOWS\system32\mpg4dmod.dll+ 2006-10-19 03:47:14 4,096 ----a-w C:\WINDOWS\system32\MPG4DMOD.dll- 2008-01-02 18:21:36 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe+ 2008-01-02 16:21:38 17,642,616 ----a-w C:\WINDOWS\system32\MRT.exe+ 2006-10-02 21:28:42 312,128 ------w C:\WINDOWS\system32\msdelta.dll- 2005-01-28 18:44:28 142,336 ----a-w C:\WINDOWS\system32\msnetobj.dll+ 2006-10-19 03:47:16 179,712 ----a-w C:\WINDOWS\system32\msnetobj.dll- 2005-01-28 18:44:28 25,088 ----a-w C:\WINDOWS\system32\MsPMSNSv.dll+ 2006-10-19 03:47:16 27,136 ----a-w C:\WINDOWS\system32\mspmsnsv.dll- 2005-01-28 18:44:28 173,568 ----a-w C:\WINDOWS\system32\MsPMSP.dll+ 2006-10-19 03:47:16 175,616 ----a-w C:\WINDOWS\system32\mspmsp.dll- 2005-01-28 18:44:28 364,784 ----a-w C:\WINDOWS\system32\MSSCP.dll+ 2006-12-04 22:21:50 414,720 ----a-w C:\WINDOWS\system32\msscp.dll- 2005-01-28 18:44:28 315,904 ----a-w C:\WINDOWS\system32\MSWMDM.dll+ 2006-10-19 03:47:16 321,536 ----a-w C:\WINDOWS\system32\mswmdm.dll- 2008-01-21 03:28:47 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat+ 2008-01-25 09:10:31 54,280 ----a-w C:\WINDOWS\system32\perfc009.dat- 2008-01-21 03:28:47 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat+ 2008-01-25 09:10:31 384,596 ----a-w C:\WINDOWS\system32\perfh009.dat- 2006-06-13 02:41:12 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll+ 2008-01-24 02:18:14 278,528 ----a-w C:\WINDOWS\system32\pncrt.dll- 2006-06-13 02:41:12 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll+ 2008-01-24 02:18:17 6,656 ----a-w C:\WINDOWS\system32\pndx5016.dll- 2006-06-13 02:41:12 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll+ 2008-01-24 02:18:17 5,632 ----a-w C:\WINDOWS\system32\pndx5032.dll+ 2006-10-19 03:47:18 284,160 ------w C:\WINDOWS\system32\PortableDeviceApi.dll+ 2006-10-19 03:47:18 101,888 ------w C:\WINDOWS\system32\PortableDeviceClassExtension.dll+ 2006-10-19 03:47:18 166,912 ------w C:\WINDOWS\system32\PortableDeviceTypes.dll+ 2006-10-19 03:47:18 132,096 ------w C:\WINDOWS\system32\PortableDeviceWiaCompat.dll+ 2006-10-19 03:47:18 199,168 ------w C:\WINDOWS\system32\PortableDeviceWMDRM.dll- 2006-11-21 18:53:06 158,456 ----a-w C:\WINDOWS\system32\pxwma.dll+ 2005-05-05 19:50:56 151,552 ----a-w C:\WINDOWS\system32\pxwma.dll- 2005-01-28 18:44:28 221,184 ----a-w C:\WINDOWS\system32\qasf.dll+ 2006-10-19 03:47:18 211,456 ----a-w C:\WINDOWS\system32\qasf.dll- 2006-06-13 02:41:17 157,696 ----a-w C:\WINDOWS\system32\rmoc3260.dll+ 2008-01-24 02:18:27 185,944 ----a-w C:\WINDOWS\system32\rmoc3260.dll- 2007-10-08 20:46:18 14,640 ------w C:\WINDOWS\system32\spmsg.dll+ 2006-09-25 23:58:48 14,640 ------w C:\WINDOWS\system32\spmsg.dll- 2005-06-28 15:21:34 22,752 ----a-w C:\WINDOWS\system32\spupdsvc.exe+ 2006-09-25 23:58:48 23,856 ----a-w C:\WINDOWS\system32\spupdsvc.exe- 2005-01-28 18:44:28 47,104 ----a-w C:\WINDOWS\system32\uwdf.exe+ 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\uwdf.exe- 2005-01-28 18:44:28 15,872 ----a-w C:\WINDOWS\system32\wdfapi.dll+ 2006-10-19 03:47:18 4,096 ----a-w C:\WINDOWS\system32\wdfapi.dll- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wdfmgr.exe+ 2006-10-19 03:58:00 8,704 ----a-w C:\WINDOWS\system32\wdfmgr.exe- 2005-01-28 18:44:28 396,528 ----a-w C:\WINDOWS\system32\wmadmod.dll+ 2006-10-19 03:47:18 757,248 ----a-w C:\WINDOWS\system32\wmadmod.dll- 2005-01-28 18:44:28 716,288 ----a-w C:\WINDOWS\system32\wmadmoe.dll+ 2006-10-19 03:47:18 1,117,696 ----a-w C:\WINDOWS\system32\WMADMOE.dll- 2005-01-28 18:44:28 28,160 ----a-w C:\WINDOWS\system32\WMDMLOG.dll+ 2006-10-19 03:47:18 33,792 ----a-w C:\WINDOWS\system32\wmdmlog.dll- 2005-01-28 18:44:28 33,792 ----a-w C:\WINDOWS\system32\WMDMPS.dll+ 2006-10-19 03:47:18 37,376 ----a-w C:\WINDOWS\system32\wmdmps.dll- 2005-01-28 18:44:28 335,872 ----a-w C:\WINDOWS\system32\WMDRMdev.dll+ 2006-10-19 03:47:18 429,056 ----a-w C:\WINDOWS\system32\wmdrmdev.dll- 2005-01-28 18:44:28 290,816 ----a-w C:\WINDOWS\system32\WMDRMNet.dll+ 2006-10-19 03:47:20 348,672 ----a-w C:\WINDOWS\system32\wmdrmnet.dll+ 2006-10-19 03:47:20 535,040 ------w C:\WINDOWS\system32\wmdrmsdk.dll- 2004-09-15 17:27:54 189,440 ----a-w C:\WINDOWS\system32\wmerror.dll+ 2006-10-19 03:47:20 227,328 ----a-w C:\WINDOWS\system32\wmerror.dll- 2005-01-28 18:44:28 150,016 ----a-w C:\WINDOWS\system32\wmidx.dll+ 2006-10-19 03:47:20 157,184 ----a-w C:\WINDOWS\system32\wmidx.dll- 2005-01-28 18:44:28 1,027,072 ----a-w C:\WINDOWS\system32\wmnetmgr.dll+ 2006-10-19 03:47:20 937,984 ----a-w C:\WINDOWS\system32\wmnetmgr.dll- 2007-04-30 13:20:24 5,537,792 ----a-w C:\WINDOWS\system32\wmp.dll+ 2007-06-12 05:51:12 10,834,944 ----a-w C:\WINDOWS\system32\wmp.dll- 2004-09-15 17:28:00 135,168 ----a-w C:\WINDOWS\system32\wmpasf.dll+ 2006-10-19 03:47:20 242,688 ----a-w C:\WINDOWS\system32\wmpasf.dll- 2004-09-15 17:28:00 282,624 ----a-w C:\WINDOWS\system32\wmpdxm.dll+ 2006-10-19 03:47:20 314,880 ----a-w C:\WINDOWS\system32\wmpdxm.dll+ 2006-10-19 03:47:20 295,936 ------w C:\WINDOWS\system32\wmpeffects.dll- 2004-09-15 17:28:00 1,589,760 ----a-w C:\WINDOWS\system32\wmpencen.dll+ 2006-10-19 03:47:20 1,661,440 ----a-w C:\WINDOWS\system32\wmpencen.dll- 2004-09-15 17:28:00 3,371,008 ----a-w C:\WINDOWS\system32\wmploc.dll+ 2006-10-19 03:47:20 8,231,936 ----a-w C:\WINDOWS\system32\wmploc.dll+ 2006-10-19 03:47:20 613,376 ------w C:\WINDOWS\system32\wmpmde.dll+ 2006-10-19 03:47:20 130,048 ------w C:\WINDOWS\system32\wmpps.dll- 2004-09-15 17:28:00 86,016 ----a-w C:\WINDOWS\system32\wmpshell.dll+ 2006-10-19 03:47:20 99,840 ----a-w C:\WINDOWS\system32\wmpshell.dll- 2004-09-15 17:28:00 175,104 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll+ 2006-10-19 03:47:20 204,288 ----a-w C:\WINDOWS\system32\wmpsrcwp.dll- 2005-01-28 18:44:28 774,904 ----a-w C:\WINDOWS\system32\wmsdmod.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmod.dll- 2005-01-28 18:44:28 1,119,744 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmsdmoe2.dll- 2005-01-28 18:44:28 413,944 ----a-w C:\WINDOWS\system32\wmspdmod.dll+ 2006-10-19 03:47:22 603,648 ----a-w C:\WINDOWS\system32\WMSPDMOD.dll- 2005-01-28 18:44:28 940,544 ----a-w C:\WINDOWS\system32\wmspdmoe.dll+ 2006-10-19 03:47:22 1,329,152 ----a-w C:\WINDOWS\system32\WMSPDMOE.dll- 2005-01-28 18:44:28 1,218,808 ----a-w C:\WINDOWS\system32\wmvadvd.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVD.dll- 2005-01-28 18:44:28 1,512,448 ----a-w C:\WINDOWS\system32\WMVADVE.DLL+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\WMVADVE.DLL- 2006-12-07 05:29:34 2,374,472 ----a-w C:\WINDOWS\system32\wmvcore.dll+ 2006-10-19 03:47:22 2,450,944 ----a-w C:\WINDOWS\system32\wmvcore.dll+ 2006-10-19 03:47:22 1,543,680 ------w C:\WINDOWS\system32\WMVDECOD.dll- 2005-01-28 18:44:28 895,736 ----a-w C:\WINDOWS\system32\wmvdmod.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmod.dll- 2005-01-28 18:44:28 1,003,008 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll+ 2006-10-19 03:47:22 4,096 ----a-w C:\WINDOWS\system32\wmvdmoe2.dll+ 2006-10-19 03:47:22 1,574,912 ------w C:\WINDOWS\system32\WMVENCOD.dll+ 2006-10-19 03:47:22 1,382,912 ------w C:\WINDOWS\system32\WMVSDECD.dll+ 2006-10-19 03:47:22 767,488 ------w C:\WINDOWS\system32\WMVSENCD.dll+ 2006-10-19 03:47:22 656,896 ------w C:\WINDOWS\system32\WMVXENCD.dll- 2005-01-28 18:44:28 38,912 ----a-w C:\WINDOWS\system32\wpd_ci.dll+ 2006-10-19 03:47:22 629,760 ----a-w C:\WINDOWS\system32\wpd_ci.dll- 2005-01-28 18:44:28 61,952 ----a-w C:\WINDOWS\system32\wpdconns.dll+ 2006-10-19 03:47:22 35,840 ----a-w C:\WINDOWS\system32\wpdconns.dll- 2005-01-28 18:44:28 114,176 ----a-w C:\WINDOWS\system32\wpdmtp.dll+ 2006-10-19 03:47:22 154,624 ----a-w C:\WINDOWS\system32\wpdmtp.dll- 2005-01-28 18:44:28 66,560 ----a-w C:\WINDOWS\system32\wpdmtpus.dll+ 2006-10-19 03:47:22 63,488 ----a-w C:\WINDOWS\system32\wpdmtpus.dll+ 2006-10-19 03:47:22 2,603,008 ------w C:\WINDOWS\system32\WpdShext.dll+ 2006-10-19 02:00:14 17,408 ------w C:\WINDOWS\system32\wpdshextautoplay.exe+ 2006-10-19 03:47:22 38,400 ------w C:\WINDOWS\system32\wpdshextres.dll+ 2006-10-19 03:47:22 133,632 ------w C:\WINDOWS\system32\WPDShServiceObj.dll- 2005-01-28 18:44:28 331,264 ----a-w C:\WINDOWS\system32\wpdsp.dll+ 2006-10-19 03:47:22 356,352 ----a-w C:\WINDOWS\system32\wpdsp.dll+ 2006-09-29 02:13:26 95,344 ------w C:\WINDOWS\system32\WUDFCoinstaller.dll+ 2006-09-29 00:56:38 146,432 ------w C:\WINDOWS\system32\WudfHost.exe+ 2006-09-29 00:56:16 165,376 ------w C:\WINDOWS\system32\WudfPlatform.dll+ 2006-09-29 00:56:14 55,808 ------w C:\WINDOWS\system32\WudfSvc.dll+ 2006-09-29 00:56:38 316,416 ------w C:\WINDOWS\system32\WUDFx.dll- 2005-08-31 15:35:40 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll+ 2006-02-09 23:13:56 279,392 ----a-w C:\WINDOWS\system32\XceedFtp.dll+ 2003-03-26 00:53:50 11,776 ----a-w C:\WINDOWS\system32\ZPORT4AS.dll.-- Snapshot reset to current date --.((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))..*Note* empty entries & legit default entries are not shown REGEDIT4[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"Creative Detector"="C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" [2004-12-02 17:23 102400]"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-03-27 14:22 4670968][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-05 20:05 344064]"CTSysVol"="C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" [2005-09-15 08:47 57344]"VoiceCenter"="C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" [2005-09-19 06:42 1159168]"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2005-08-12 15:16 1121792]"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exe" [2003-03-09 14:30 188416]"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 17:30 517768]"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [2007-03-19 06:58 291760]"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [2007-03-19 06:59 304048]"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [2007-03-19 06:58 82864]"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-11-21 06:27 106496]"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-06-10 09:44 81920]"ISUSPM Startup"="c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" [2005-06-10 09:44 249856]"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]"Corel Photo Downloader"="C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exe" [2006-02-09 17:34 106496]"WinVNC"="C:\Program Files\RealVNC\WinVNC\WinVNC.exe" [2003-03-05 13:49 335872]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-01-23 20:18 185896][HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2007-12-18 19:47 8720384]C:\Documents and Settings\All Users\Start Menu\Programs\Startup\hpoddt01.exe.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-04-06 00:06:58 28672]VPN Client.lnk - C:\WINDOWS\Installer\{B8221906-224A-4494-BB97-55FC63740019}\Icon3E5562ED7.ico [2006-06-16 16:41:59 6144][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist]C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dll 2008-01-21 16:00 10792 C:\Program Files\Citrix\GoToAssist\480\g2awinlogon.dll[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]"AppInit_DLLs"=C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnkbackup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnkbackup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Snapfish PictureMover.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnkbackup=C:\WINDOWS\pss\Snapfish PictureMover.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6][HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]--a------ 2006-06-12 20:50 169472 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]--a------ 2006-05-09 18:24 50760 C:\Program Files\Common Files\AOL\1150556000\ee\AOLSoftware.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]--a------ 2006-02-17 10:59 124520 C:\Program Files\Common Files\AOL\IPHSend\IPHSend.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]--a------ 2008-01-15 03:22 267048 C:\Program Files\iTunes\iTunesHelper.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MBMon]--a------ 2005-05-19 07:54 1345520 C:\WINDOWS\system32\CTMBHA.DLL[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoUpdate]--a------ 2007-12-20 09:50 283207 C:\Program Files\Plaxo\3.7.1.2\PlaxoHelper_en.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]--a------ 2008-01-23 20:18 214560 C:\Program Files\Real\RealPlayer\RealPlay.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefaultMIDI]--a------ 2004-12-22 16:40 24576 C:\WINDOWS\MIDIDEF.EXE[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SigmatelSysTrayApp]--a------ 2005-03-22 23:20 339968 C:\WINDOWS\stsystra.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]--a------ 2007-06-18 07:47 68856 C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]--------- 2000-05-11 00:00 90112 C:\WINDOWS\UpdReg.EXER2 Viewpoint Manager Service;Viewpoint Manager Service;"C:\Program Files\Viewpoint\Common\ViewpointService.exe" [2007-01-04 15:38]S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys [2003-12-19 20:15]S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2004-06-12 04:27]S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2004-01-10 03:28]S3 GoToAssist;GoToAssist;"C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service [][HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{83014ce5-c0a3-11dc-8362-00059a3c7800}]\Shell\AutoRun\command - J:\LaunchU3.exe -a*Newly Created Service* - COMHOST .Contents of the 'Scheduled Tasks' folder"2008-01-23 00:43:02 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"- C:\Program Files\Apple Software Update\SoftwareUpdate.exe"2008-01-22 18:32:01 C:\WINDOWS\Tasks\EasyShare Registration Task.job"- C:\WINDOWS\system32\rundll32.exelC:\DOCUME~1\ALLUSE~1\APPLIC~1\Kodak\EasyShareSetup\$REGIS~1\Registration_7.4.20.2.sxt _RegistrationOffer@16"2008-01-26 07:37:50 C:\WINDOWS\Tasks\MP Scheduled Scan.job"- C:\Program Files\Windows Defender\MpCmdRun.exe.**************************************************************************catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.netRootkit scan 2008-01-26 17:50:30Windows 5.1.2600 Service Pack 2 NTFSscanning hidden processes ... scanning hidden autostart entries ...HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXCTCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? scanning hidden files ... scan completed successfully hidden files: 0 **************************************************************************.Completion time: 2008-01-26 17:51:12ComboFix-quarantined-files.txt 2008-01-26 23:51:09ComboFix2.txt 2008-01-21 03:47:29.2008-01-25 15:13:19 --- E O F --- hijack below:Logfile of HijackThis v1.99.1Scan saved at 5:52:14 PM, on 1/26/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Windows Defender\MsMpEng.exeC:\WINDOWS\System32\svchost.exeC:\Program Files\Common Files\Symantec Shared\ccSvcHst.exeC:\WINDOWS\system32\brss01a.exeC:\WINDOWS\system32\spoolsv.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\Program Files\Cisco Systems\VPN Client\cvpnd.exeC:\WINDOWS\system32\lxctcoms.exeC:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Viewpoint\Common\ViewpointService.exeC:\Program Files\Common Files\Symantec Shared\ccApp.exeC:\Program Files\RealVNC\WinVNC\WinVNC.exeC:\Program Files\Lexmark 5400 Series\lxctmon.exeC:\Program Files\Lexmark 5400 Series\ezprint.exeC:\Program Files\Common Files\InstallShield\UpdateService\issch.exeC:\Program Files\Windows Defender\MSASCui.exeC:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeC:\WINDOWS\system32\fxssvc.exeC:\Program Files\Java\jre1.6.0_03\bin\jusched.exeC:\Program Files\Creative\MediaSource\Detector\CTDetect.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Yahoo!\Messenger\ymsgr_tray.exeC:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeC:\Program Files\Cisco Systems\VPN Client\vpngui.exeC:\Program Files\MSN Messenger\msnmsgr.exeC:\Program Files\MSN Messenger\usnsvc.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXEC:\WINDOWS\explorer.exeC:\WINDOWS\system32\notepad.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Documents and Settings\Jennifer Mackin\Desktop\HijackThis.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.htmlR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaul...//www.yahoo.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dllO2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dllO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dllO2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /rO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstallO4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb07.exeO4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"O4 - HKLM\..\Run: [symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /sO4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -startO4 - HKLM\..\Run: [iSUSPM Startup] "c:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -startupO4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hideO4 - HKLM\..\Run: [Corel Photo Downloader] C:\Program Files\Corel\Corel Photo Album 6\MediaDetect.exeO4 - HKLM\..\Run: [WinVNC] "C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -servicehelperO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /RO4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quietO4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: VPN Client.lnk = ?O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLLO9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - https://www.plaxo.com/down/latest/PlaxoInstall.cabO16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cabO16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cabO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www1.snapfish.com/SnapfishActivia.cabO16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} (Slide Image Uploader Control) - http://www.slide.com/uploader/SlideImageUploader.cabO16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase4009.cabO16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1200877146656O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cabO16 - DPF: {D1D98C0F-A339-42AB-BD5F-EA0FF5D0E65F} (RockYou Image Uploader Control) - http://rockyou.com/RockYouImageUploader.cabO16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/install/gtdownde.cabO17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.comO17 - HKLM\System\CCS\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = voicetext.comO17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: Domain = voicetext.comO17 - HKLM\System\CS1\Services\Tcpip\..\{BCE4E240-4224-4A89-B0AF-EF39C41645AB}: NameServer = 192.168.100.2O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = voicetext.comO18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLLO20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLLO20 - Winlogon Notify: GoToAssist - C:\Program Files\Citrix\GoToAssist\480\G2AWinLogon.dllO20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dllO21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dllO23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exeO23 - Service: Brother Popup Suspend service for Resource manager (brmfrmps) - Unknown owner - C:\WINDOWS\system32\Brmfrmps.exe" -service (file missing)O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exeO23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exeO23 - Service: GoToAssist - Unknown owner - C:\Program Files\Citrix\GoToAssist\480\g2aservice.exe" Start=service (file missing)O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXEO23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exeO23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exeO23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exeO23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exeO23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\RealVNC\WinVNC\WinVNC.exe" -service (file missing) Link to post Share on other sites
rmurphy Posted January 27, 2008 Report Share Posted January 27, 2008 Yeap, just that one item to be deleted.Everything looks good except we need to get the recovery console installed on your computer.Go to Microsoft's website => http://support.microsoft.com/kb/310994Select the download that's appropriate for your Operating System. Download the file & save it as it's originally named, next to ComboFix.exe. Now close all open windows and programs, then drag the setup package onto ComboFix.exe and drop it. Follow the prompts to start ComboFix and when prompted, agree to the End-User License Agreement to install the Microsoft Recovery Console. When complete, a log named CF_RC.txt will open. Please post the contents of that log.Please do not reboot your machine until we have reviewed the log.Other than that, everything looks good. How is the computer running?-Ryan Link to post Share on other sites
jmackin Posted January 27, 2008 Author Report Share Posted January 27, 2008 Ryan,I think I got pretty much everything out by scanning the hell out of it like five million times with five million programs ;-)Thanks for checking on itI will restart when you say - PS I did like your blogsWindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe[boot loader]timeout=2default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS[operating systems]multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetectC:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons Link to post Share on other sites
rmurphy Posted January 27, 2008 Report Share Posted January 27, 2008 Congratulations, your log is clean For information on how to protect yourself in the future, read Infection PreventionDo you have any other questions or concerns? This thread will be left open for a few more days, so feel free to ask.-Ryan Link to post Share on other sites
rmurphy Posted February 4, 2008 Report Share Posted February 4, 2008 Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic. Link to post Share on other sites
Recommended Posts