Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.
This topic is locked
I have recnetly download a keyboard macro program and got a crazy virus called HackTool.Rootkir virus.
Norton detected it then closed all programs and re opened them saying it is blocked and then in 2 seconds closing programs again because there was another attack and during that time I tried to run as many scans and do everything that i read on other forums to fix this but nothing worked.
Things that I did:
Disabled system restore
Scanned with norton and after it found viruses rebooted
Went into safe mode (same thing happening programs closing and opening)
Used the regedit, used the services.msc used task manager to find files relating to the program as were given by instructions and havent found anything.
I just ran hijackthis and havent found anything that was directed to fix.
Please someone help.
HiJackT DDS Log:
DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Ilya at 5:46:13.92 on Wed 01/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1589 [GMT -5:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ilya\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cyberspacehq.com\linktrader
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ilya\applic~1\mozilla\firefox\profiles\d18kdw3z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2008-10-13 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2008-10-13 19968]
S0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-2-16 273920]
S0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-10 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-10 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090109.001\IDSxpx86.sys [2009-1-12 274808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-12 99376]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090113.024\naveng.sys [2009-1-13 89104]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090113.024\navex15.sys [2009-1-13 876112]
S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-9-17 549159]
S4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-2-8 132400]
S4 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-2-8 99632]
S4 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-2-8 5504]
S4 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-2-9 143360]
S4 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-2-8 6528]
S4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-10 115560]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-2 24652]
=============== Created Last 30 ================
2009-01-14 05:13 <DIR> --d----- c:\program files\Trend Micro
2009-01-13 21:32 39,936 a------- c:\windows\Mxadusukase.dll
2009-01-13 21:32 2,213 a------- c:\windows\system32\TDSSixgp.dll
2009-01-13 21:32 61,440 a------- c:\windows\system32\TDSSnpur.dll
2009-01-13 21:32 441 a------- c:\windows\system32\TDSSmtpe.dat
2009-01-13 21:31 <DIR> --d----- c:\program files\Microsoft Common
2009-01-13 21:31 44,032 a------- C:\jhwknqbg.exe
2009-01-13 21:31 37,376 a------- c:\windows\9129837.exe
2009-01-13 21:31 705 a------- C:\tyvq.exe
2009-01-13 21:31 2 a------- C:\1144689357
2009-01-13 21:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Macro Mania
2009-01-13 21:30 28,672 a------- c:\windows\system32\Msghoo32.ocx
2009-01-13 21:30 200,704 a------- c:\windows\system32\threed32.ocx
2009-01-13 21:30 <DIR> --d----- c:\program files\Macro Mania
2009-01-13 21:30 15,000 a------- c:\windows\system32\hgfdge4unjdfdg.dll
2009-01-13 21:30 25,600 a------- C:\yeulwvc.exe
2009-01-13 21:26 3,277,322 a------- C:\windows.exe
2009-01-13 10:24 <DIR> --d----- c:\program files\LimeWire
2009-01-12 00:45 <DIR> --d----- c:\program files\InstantBooster
2009-01-12 00:45 <DIR> --d----- c:\program files\HitBooster
2009-01-12 00:45 <DIR> --d----- c:\program files\FeedBlast
2009-01-12 00:44 <DIR> --d----- c:\program files\BlogBlast
2009-01-11 23:29 <DIR> --d----- c:\program files\Forum Poster 3
2009-01-10 14:05 155,648 a------- c:\windows\system32\libssl32.dll
2009-01-10 14:05 <DIR> --d----- C:\OpenSSL
2009-01-09 01:52 <DIR> --d----- c:\docume~1\ilya\applic~1\BitTorrent
2009-01-09 01:51 <DIR> --d----- c:\program files\DNA
2009-01-09 01:51 <DIR> --d----- c:\docume~1\ilya\applic~1\DNA
2009-01-09 01:51 <DIR> --d----- c:\program files\BitTorrent
2009-01-09 01:51 <DIR> --d----- c:\program files\AskSearch
2009-01-08 23:10 <DIR> --d----- c:\program files\WinSCP
2009-01-07 08:50 <DIR> --d----- c:\program files\Bonjour
2009-01-05 14:27 <DIR> --d----- c:\program files\ICQ6Toolbar
2009-01-05 14:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ICQ
2009-01-05 14:26 <DIR> --d----- c:\program files\ICQ6.5
2009-01-03 00:47 11,614 a------- C:\warioland3.php
2008-12-30 23:39 131,072 a------- C:\SuperMarioBrothers4.gb
2008-12-30 00:28 11,198 a------- C:\mariotennis2.php
2008-12-25 12:24 <DIR> --d----- c:\docume~1\ilya\applic~1\iPhoneRingToneMaker
2008-12-25 12:24 <DIR> --d----- c:\program files\iPhoneRingToneMaker
2008-12-22 21:45 608,448 a------- c:\windows\system32\comctl32.ocx
2008-12-22 21:45 <DIR> --d----- c:\program files\digiXMAS Article Submitter
2008-12-19 23:07 <DIR> --d----- c:\program files\DirectorySubmitter
2008-12-18 11:51 <DIR> --d--r-- c:\docume~1\ilya\applic~1\Brother
==================== Find3M ====================
2008-12-12 22:55 1,700,352 a------- c:\windows\system32\gdiplus.dll
2008-12-12 22:55 1,060,864 a------- c:\windows\system32\mfc71.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-05 05:02 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-04 20:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-02 10:13 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-01 21:16 737,280 a------- c:\windows\iun6002.exe
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-31 02:24 499,712 a------- c:\windows\system32\msvcp71.dll
2008-10-31 02:24 348,160 a------- c:\windows\system32\msvcr71.dll
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-26 21:06 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-17 08:16 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2005-02-14 14:09 111 a------- c:\program files\common files\Register.ini
2005-01-17 11:17 4,798,024 a------- c:\program files\common files\NetZeroCosmiSetup.exe
2004-11-08 12:10 1,115,136 a------- c:\program files\common files\Register.exe
============= FINISH: 5:46:17.75 ===============
Norton detected it then closed all programs and re opened them saying it is blocked and then in 2 seconds closing programs again because there was another attack and during that time I tried to run as many scans and do everything that i read on other forums to fix this but nothing worked.
Things that I did:
Disabled system restore
Scanned with norton and after it found viruses rebooted
Went into safe mode (same thing happening programs closing and opening)
Used the regedit, used the services.msc used task manager to find files relating to the program as were given by instructions and havent found anything.
I just ran hijackthis and havent found anything that was directed to fix.
Please someone help.
HiJackT DDS Log:
DDS (Ver_09-01-07.01) - NTFSx86 NETWORK
Run by Ilya at 5:46:13.92 on Wed 01/14/2009
Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2029.1589 [GMT -5:00]
AV: Norton Internet Security *On-access scanning enabled* (Updated)
FW: Norton Internet Security *enabled*
============== Running Processes ===============
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Documents and Settings\Ilya\Desktop\dds.scr
============== Pseudo HJT Report ===============
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
uURLSearchHooks: DefaultSearchHook Class: {c94e154b-1459-4a47-966b-4b843befc7db} - c:\program files\asksearch\bin\DefaultSearch.dll
BHO: Symantec NCO BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\program files\norton internet security\engine\16.2.0.7\IPSBHO.DLL
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\norton internet security\engine\16.2.0.7\coIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [{B179023B-6238-4499-8F26-CD73E9D90E0A}] "c:\program files\mediafour\macdrive 7\MacDrive.exe"
mRun: [MDGetStarted.exe] "c:\program files\mediafour\macdrive 7\MDGetStarted.exe" /auto
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {E59EB121-F339-4851-A3BA-FE49C35617C2} - c:\program files\icq6.5\ICQ.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
Trusted Zone: cyberspacehq.com\linktrader
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton internet security\engine\16.2.0.7\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: c:\windows\system32\hgfdge4unjdfdg.dll: {c5bf49a2-94f3-42bd-f434-3604812c8955} - c:\windows\system32\hgfdge4unjdfdg.dll
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Authentication Packages = msv1_0 nwprovau
================= FIREFOX ===================
FF - ProfilePath - c:\docume~1\ilya\applic~1\mozilla\firefox\profiles\d18kdw3z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.search.selectedEngine - Ask
FF - prefs.js: browser.startup.homepage - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF - prefs.js: keyword.URL - hxxp://toolbar.ask.com/toolbarv/askRedirect?o=101757&gct=&gc=1&q=
FF - plugin: c:\program files\mozilla firefox\plugins\npbittorrent.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\viewpoint\viewpoint media player\npViewpoint.dll
---- FIREFOX POLICIES ----
============= SERVICES / DRIVERS ===============
R0 SymEFA;Symantec Extended File Attributes;\SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS --> \SystemRoot\\SystemRoot\System32\Drivers\NIS\1002000.007\SYMEFA.SYS [?]
R3 IRRemoteFlt;IR Receiver Filter Driver;c:\windows\system32\drivers\IRFilter.sys [2008-10-13 16512]
R3 KeyMagic;USB Keyboard HID Filter;c:\windows\system32\drivers\KeyMagic.sys [2008-10-13 19968]
S0 MDFSYSNT;MacDrive file system driver;c:\windows\system32\drivers\MDFSYSNT.SYS [2007-2-16 273920]
S0 MDPMGRNT;MDPMGRNT;c:\windows\system32\drivers\MDPMGRNT.sys [2007-2-28 19072]
S1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\nis\1002000.007\BHDrvx86.sys [2008-12-10 255536]
S1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\nis\1002000.007\cchpx86.sys [2008-12-10 362544]
S1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\ipsdefs\20090109.001\IDSxpx86.sys [2009-1-12 274808]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-10-12 99376]
S3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090113.024\naveng.sys [2009-1-13 89104]
S3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\definitions\virusdefs\20090113.024\navex15.sys [2009-1-13 876112]
S4 .norton2009Reset;Norton2009 Reset;c:\program files\Norton2009Reset.exe [2008-9-17 549159]
S4 AppleOSSMgr;Apple OS Switch Manager;c:\windows\system32\AppleOSSMgr.exe [2008-2-8 132400]
S4 AppleTimeSrv;Apple Time Service;c:\windows\system32\AppleTimeSrv.exe [2008-2-8 99632]
S4 KeyAgent;KeyAgent;c:\windows\system32\drivers\KeyAgent.sys [2008-2-8 5504]
S4 MacDriveService;MacDriveService;c:\program files\mediafour\macdrive 7\MacDriveService.exe [2007-2-9 143360]
S4 MacHALDriver;Mac HAL;c:\windows\system32\drivers\MacHALDriver.sys [2008-2-8 6528]
S4 Norton Internet Security;Norton Internet Security;c:\program files\norton internet security\engine\16.2.0.7\ccSvcHst.exe [2008-12-10 115560]
S4 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2008-11-2 24652]
=============== Created Last 30 ================
2009-01-14 05:13 <DIR> --d----- c:\program files\Trend Micro
2009-01-13 21:32 39,936 a------- c:\windows\Mxadusukase.dll
2009-01-13 21:32 2,213 a------- c:\windows\system32\TDSSixgp.dll
2009-01-13 21:32 61,440 a------- c:\windows\system32\TDSSnpur.dll
2009-01-13 21:32 441 a------- c:\windows\system32\TDSSmtpe.dat
2009-01-13 21:31 <DIR> --d----- c:\program files\Microsoft Common
2009-01-13 21:31 44,032 a------- C:\jhwknqbg.exe
2009-01-13 21:31 37,376 a------- c:\windows\9129837.exe
2009-01-13 21:31 705 a------- C:\tyvq.exe
2009-01-13 21:31 2 a------- C:\1144689357
2009-01-13 21:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Macro Mania
2009-01-13 21:30 28,672 a------- c:\windows\system32\Msghoo32.ocx
2009-01-13 21:30 200,704 a------- c:\windows\system32\threed32.ocx
2009-01-13 21:30 <DIR> --d----- c:\program files\Macro Mania
2009-01-13 21:30 15,000 a------- c:\windows\system32\hgfdge4unjdfdg.dll
2009-01-13 21:30 25,600 a------- C:\yeulwvc.exe
2009-01-13 21:26 3,277,322 a------- C:\windows.exe
2009-01-13 10:24 <DIR> --d----- c:\program files\LimeWire
2009-01-12 00:45 <DIR> --d----- c:\program files\InstantBooster
2009-01-12 00:45 <DIR> --d----- c:\program files\HitBooster
2009-01-12 00:45 <DIR> --d----- c:\program files\FeedBlast
2009-01-12 00:44 <DIR> --d----- c:\program files\BlogBlast
2009-01-11 23:29 <DIR> --d----- c:\program files\Forum Poster 3
2009-01-10 14:05 155,648 a------- c:\windows\system32\libssl32.dll
2009-01-10 14:05 <DIR> --d----- C:\OpenSSL
2009-01-09 01:52 <DIR> --d----- c:\docume~1\ilya\applic~1\BitTorrent
2009-01-09 01:51 <DIR> --d----- c:\program files\DNA
2009-01-09 01:51 <DIR> --d----- c:\docume~1\ilya\applic~1\DNA
2009-01-09 01:51 <DIR> --d----- c:\program files\BitTorrent
2009-01-09 01:51 <DIR> --d----- c:\program files\AskSearch
2009-01-08 23:10 <DIR> --d----- c:\program files\WinSCP
2009-01-07 08:50 <DIR> --d----- c:\program files\Bonjour
2009-01-05 14:27 <DIR> --d----- c:\program files\ICQ6Toolbar
2009-01-05 14:27 <DIR> --d----- c:\docume~1\alluse~1\applic~1\ICQ
2009-01-05 14:26 <DIR> --d----- c:\program files\ICQ6.5
2009-01-03 00:47 11,614 a------- C:\warioland3.php
2008-12-30 23:39 131,072 a------- C:\SuperMarioBrothers4.gb
2008-12-30 00:28 11,198 a------- C:\mariotennis2.php
2008-12-25 12:24 <DIR> --d----- c:\docume~1\ilya\applic~1\iPhoneRingToneMaker
2008-12-25 12:24 <DIR> --d----- c:\program files\iPhoneRingToneMaker
2008-12-22 21:45 608,448 a------- c:\windows\system32\comctl32.ocx
2008-12-22 21:45 <DIR> --d----- c:\program files\digiXMAS Article Submitter
2008-12-19 23:07 <DIR> --d----- c:\program files\DirectorySubmitter
2008-12-18 11:51 <DIR> --d--r-- c:\docume~1\ilya\applic~1\Brother
==================== Find3M ====================
2008-12-12 22:55 1,700,352 a------- c:\windows\system32\gdiplus.dll
2008-12-12 22:55 1,060,864 a------- c:\windows\system32\mfc71.dll
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll
2008-12-05 05:02 36,272 a----r-- c:\windows\system32\drivers\SymIM.sys
2008-12-04 20:02 107,888 a------- c:\windows\system32\CmdLineExt.dll
2008-12-02 10:13 453,152 a------- c:\windows\system32\NVUNINST.EXE
2008-12-01 21:16 737,280 a------- c:\windows\iun6002.exe
2008-11-10 05:43 410,984 a------- c:\windows\system32\deploytk.dll
2008-10-31 02:24 499,712 a------- c:\windows\system32\msvcp71.dll
2008-10-31 02:24 348,160 a------- c:\windows\system32\msvcr71.dll
2008-10-28 17:41 14,303,392 a------- c:\windows\system32\xlive.dll
2008-10-28 17:41 13,643,936 a------- c:\windows\system32\xlivefnt.dll
2008-10-26 21:06 86,327 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2008-10-23 07:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-09-17 08:16 549,159 a--shr-- c:\program files\Norton2009Reset.exe
2005-02-14 14:09 111 a------- c:\program files\common files\Register.ini
2005-01-17 11:17 4,798,024 a------- c:\program files\common files\NetZeroCosmiSetup.exe
2004-11-08 12:10 1,115,136 a------- c:\program files\common files\Register.exe
============= FINISH: 5:46:17.75 ===============
Attached File(s)
-
Attach.txt (13.16K)
Number of downloads: 3
Back to top
