Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cannot click next on System Restore...


  • This topic is locked This topic is locked
2 replies to this topic

#1 sammoore1212

sammoore1212

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:09:36 PM

Posted 10 February 2009 - 08:44 PM

I fixed all the problems except for the system restore one. I changed the file names of the other programs and they opened with no problem. Also, it somehow blocked my internet connection. I fixed the internet problem with this command in cmd:

netsh int ip reset rest.log
netsh winsock reset

Attached is the attach file from the DDS scan. Here's the other logs for Malwarebytes, HiJackThis, and DDS, in that order:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/10/2009 5:39:13 PM
mbam-log-2009-02-10 (17-39-07).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 187432
Time elapsed: 2 hour(s), 48 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Trojan.NtRootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\passthru (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\passthru (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\passthru (Backdoor.Bot) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\passthru (Backdoor.Bot) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Backdoor.Bot) -> No action taken.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> No action taken.
C:\WINDOWS\system32\c++.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> No action taken.
C:\WINDOWS\Temp\TMPA.tmp (Backdoor.Bot) -> No action taken.
C:\WINDOWS\system32\drivers\ndisio.sys (Backdoor.Bot) -> No action taken.
C:\WINDOWS\services.exe (Backdoor.ProRat) -> No action taken.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:11:39 PM, on 2/10/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Maxtor\Sync\MaxSync.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Malwarebytes' Anti-Malware\win.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\fire_fox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\Documents and Settings\Seán\qomx.exe \s
O1 - Hosts: 195.245.119.131 browser-security.microsoft.com
O3 - Toolbar: AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe"
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PromoReg] C:\WINDOWS\TEMP\TMPA.tmp
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [tjblfcql.exe] C:\WINDOWS\tjblfcql.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ntqgzmse.exe] C:\WINDOWS\ntqgzmse.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [xldlicwb.exe] C:\WINDOWS\xldlicwb.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [lfzbthil.exe] C:\WINDOWS\lfzbthil.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [fprubvoz.exe] C:\WINDOWS\fprubvoz.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [bndzhldr.exe] C:\WINDOWS\bndzhldr.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [tjblfcql.exe] C:\WINDOWS\tjblfcql.exe (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = ?
O9 - Extra button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: jgzfkj9w38rksndfi7r4 - {C5BF49A2-94F3-42BD-F434-3604812C8955} - (no file)
O22 - SharedTaskScheduler: erajhsf8743kjrngjnf - {D5BF4552-94F1-42BD-F434-3604812C807D} - (no file)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Maxtor Service (Maxtor Sync Service) - Seagate Technology LLC - C:\Program Files\Maxtor\Sync\SyncServices.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 7201 bytes


DDS (Ver_09-02-01.01) - NTFSx86
Run by Se n at 12:44:46.25 on Tue 02/10/2009
Internet Explorer: 7.0.5730.13 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1014.439 [GMT -8:00]


============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb12.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Maxtor\Sync\MaxSync.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logitech\khalshared\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
svchost.exe C:\WINDOWS\TEMP\VRT96.tmp
C:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
svchost.exe
C:\Program Files\Mozilla Firefox\fire_fox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Seán\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.ask.com/?o=101760&l=dis
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: AOLSearchHook Class: {54eb34ea-e6be-4cfd-9f4f-c4a0c2eafa22} - c:\program files\aim search\AOLSearch.dll
mURLSearchHooks: AIM Toolbar Search Class: {03402f96-3dc7-4285-bc50-9e81fefafe43} - c:\program files\aim toolbar\aimtb.dll
mWinlogon: Userinit=c:\windows\system32\userinit.exe,c:\documents and settings\seán\vqs.exe \s
TB: AIM Toolbar: {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
uRun: [BitTorrent DNA] "c:\program files\dna\btdna.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [AdaptecDirectCD] "c:\program files\roxio\easy cd creator 5\directcd\DirectCD.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb12.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [mxomssmenu] "c:\program files\maxtor\onetouch status\maxmenumgr.exe"
mRun: [PromoReg] c:\windows\temp\TMPA.tmp
dRun: [xldlicwb.exe] c:\windows\xldlicwb.exe
dRun: [lfzbthil.exe] c:\windows\lfzbthil.exe
dRun: [bndzhldr.exe] c:\windows\bndzhldr.exe
dRun: [fprubvoz.exe] c:\windows\fprubvoz.exe
dRun: [tjblfcql.exe] c:\windows\tjblfcql.exe
dRun: [ntqgzmse.exe] c:\windows\ntqgzmse.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~2.lnk - c:\program files\logitech\desktop messenger\8876480\program\LogitechDesktopMessenger.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\logite~1.lnk - c:\program files\logitech\setpoint\SetPoint.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0b83c99c-1efa-4259-858f-bcb33e007a5b} - {61539ecd-cc67-4437-a03c-9aaccbd14326} - c:\program files\aim toolbar\aimtb.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\logitech\desktop messenger\8876480\program\GAPlugProtocol-8876480.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
STS: {C5BF49A2-94F3-42BD-F434-3604812C8955} - No File
STS: {D5BF4552-94F1-42BD-F434-3604812C807D} - No File

============= SERVICES / DRIVERS ===============

R0 protect;protect;c:\windows\system32\drivers\protect.sys [2009-2-9 18944]
R0 tghrdphk;tghrdphk;c:\windows\system32\drivers\tghrdphk.sys [2009-2-8 33920]
R2 Maxtor Sync Service;Maxtor Service;c:\program files\maxtor\sync\SyncServices.exe [2008-7-21 193888]
S0 tpfrt;tpfrt;c:\windows\system32\drivers\egenfe.sys --> c:\windows\system32\drivers\egenfe.sys [?]
S0 zcul;zcul;c:\windows\system32\drivers\vfbcgfi.sys --> c:\windows\system32\drivers\vfbcgfI.sys [?]
S1 ethtynnx;ethtynnx;c:\windows\system32\drivers\ethtynnx.sys [2009-2-8 138336]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-1-23 45132]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2009-1-23 141056]

=============== Created Last 30 ================

2009-02-10 11:56 32,256 a---h--- c:\documents and settings\seán\vqs.exe
2009-02-10 11:56 25,601 a------- c:\windows\system32\A6.tmp
2009-02-10 11:51 164,708 a------- c:\windows\system32\9D.tmp
2009-02-10 11:51 128 a------- c:\windows\system32\9B.tmp
2009-02-10 11:50 42,497 a------- c:\windows\services.exe
2009-02-10 11:50 53,248 a------- c:\windows\system32\drivers\ndisio.sys
2009-02-10 11:49 25,601 a------- c:\windows\system32\9C.tmp
2009-02-10 11:49 3,584 a------- c:\windows\ntqgzmse.exe
2009-02-10 11:44 164,708 a------- c:\windows\system32\9A.tmp
2009-02-10 11:44 128 a------- c:\windows\system32\99.tmp
2009-02-09 20:24 <DIR> --d----- c:\program files\Trend Micro
2009-02-09 20:03 67,585 a------- c:\windows\system32\96.tmp
2009-02-09 20:03 0 a------- c:\windows\system32\98.tmp
2009-02-09 20:00 162,980 a------- c:\windows\system32\E.tmp
2009-02-09 20:00 29,184 a------- c:\windows\system32\9.tmp
2009-02-09 20:00 172 a------- c:\windows\system32\8.tmp
2009-02-09 19:41 67,585 a------- c:\windows\system32\A4.tmp
2009-02-09 19:41 0 a------- c:\windows\system32\A5.tmp
2009-02-09 19:38 163,364 a------- c:\windows\system32\97.tmp
2009-02-09 19:38 29,184 a------- c:\windows\system32\95.tmp
2009-02-09 19:38 172 a------- c:\windows\system32\94.tmp
2009-02-09 19:29 163,364 a------- c:\windows\system32\1F.tmp
2009-02-09 19:29 67,585 a------- c:\windows\system32\21.tmp
2009-02-09 19:29 0 a------- c:\windows\system32\22.tmp
2009-02-09 19:29 29,184 a------- c:\windows\system32\1E.tmp
2009-02-09 19:29 172 a------- c:\windows\system32\F.tmp
2009-02-09 19:27 64,512 a------- c:\windows\system32\c++.exe
2009-02-09 19:27 67,585 a------- c:\windows\system32\C.tmp
2009-02-09 19:27 0 a------- c:\windows\system32\D.tmp
2009-02-09 19:27 163,364 a------- c:\windows\system32\7.tmp
2009-02-09 19:27 29,184 a------- c:\windows\system32\6.tmp
2009-02-09 19:26 172 a------- c:\windows\system32\5.tmp
2009-02-09 19:25 0 a------- c:\windows\system32\B.tmp
2009-02-09 19:25 67,585 a------- c:\windows\system32\A.tmp
2009-02-09 19:25 3,584 a------- c:\windows\tjblfcql.exe
2009-02-09 19:23 163,364 a------- c:\windows\system32\4.tmp
2009-02-09 19:23 29,184 a------- c:\windows\system32\3.tmp
2009-02-09 19:23 172 a------- c:\windows\system32\2.tmp
2009-02-09 15:09 18,944 a---h--- c:\windows\system32\drivers\protect.sys
2009-02-08 19:07 <DIR> --d----- c:\docume~1\sen~1\applic~1\Malwarebytes
2009-02-08 18:36 64,000 a------- c:\windows\system32\vmware-ufad.exe
2009-02-08 18:36 163,716 a------- c:\windows\system32\1D.tmp
2009-02-08 18:36 67,585 a------- c:\windows\system32\1C.tmp
2009-02-08 18:36 168 a------- c:\windows\system32\1B.tmp
2009-02-08 18:35 14,352 a------- c:\windows\system32\1A.tmp
2009-02-08 18:35 3,584 a------- c:\windows\fprubvoz.exe
2009-02-08 18:32 163,716 a------- c:\windows\system32\19.tmp
2009-02-08 18:32 67,585 a------- c:\windows\system32\18.tmp
2009-02-08 18:32 168 a------- c:\windows\system32\17.tmp
2009-02-08 16:20 23,553 a------- c:\windows\system32\79.tmp
2009-02-08 16:18 0 a------- c:\windows\_id.dat
2009-02-08 16:17 164,708 a------- c:\windows\system32\16.tmp
2009-02-08 16:17 67,585 a------- c:\windows\system32\15.tmp
2009-02-08 16:17 64,512 a------- c:\windows\system32\deviceemulator.exe
2009-02-08 16:17 168 a------- c:\windows\system32\14.tmp
2009-02-08 16:16 130 a------- c:\windows\adobe.bat
2009-02-08 16:16 3,584 a------- c:\windows\bndzhldr.exe
2009-02-08 16:13 164,708 a------- c:\windows\system32\13.tmp
2009-02-08 16:13 67,585 a------- c:\windows\system32\12.tmp
2009-02-08 16:13 168 a------- c:\windows\system32\11.tmp
2009-02-08 16:09 123,873 a------- c:\windows\system32\10.tmp
2009-02-08 16:09 64,000 a------- c:\windows\system32\i386kd.exe
2009-02-08 16:02 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-02-08 16:02 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-02-08 16:02 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-02-08 16:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-02-08 15:30 64,512 a------- c:\windows\system32\undname.exe
2009-02-08 15:22 <DIR> --d----- c:\program files\Eusing Free Registry Cleaner
2009-02-08 15:12 64,000 a------- c:\windows\system32\hhupd.exe
2009-02-08 15:06 3,584 a------- c:\windows\lfzbthil.exe
2009-02-08 15:03 64,000 a------- c:\windows\system32\gcc.exe
2009-02-08 12:55 33,920 a------- c:\windows\system32\drivers\tghrdphk.sys
2009-02-08 12:48 32,256 a---h--- c:\documents and settings\seán\thkmgwg.exe
2009-02-08 12:48 66,560 ----h--- c:\windows\system32\secupdat.dat
2009-02-08 12:48 616 a------- c:\windows\system32\A2.tmp
2009-02-08 12:46 138,336 a------- c:\windows\system32\drivers\ethtynnx.sys
2009-02-08 12:46 3,584 a------- c:\windows\xldlicwb.exe
2009-02-08 12:45 15,000 a------- c:\windows\system32\_rah3b8ffdnd.dll
2009-02-08 12:45 9,216 a------- c:\windows\system32\_iehelper.dll
2009-02-08 12:42 163,364 a------- c:\windows\system32\85.tmp
2009-02-08 12:42 64,512 a------- c:\windows\system32\makehm.exe
2009-02-08 12:41 67,585 a------- c:\windows\system32\83.tmp
2009-02-08 12:41 168 a------- c:\windows\system32\82.tmp
2009-02-08 12:41 21,504 a------- C:\wppk.exe
2009-02-08 12:41 39,936 a------- C:\rhkhp.exe
2009-02-08 12:41 21,504 a------- C:\hhibl.exe
2009-02-08 12:41 2 a------- C:\-867200381
2009-02-08 12:41 62,464 a------- C:\tdyj.exe
2009-02-07 18:58 974,848 a------- c:\windows\system32\mfc70.dll
2009-02-07 18:58 487,424 a------- c:\windows\system32\msvcp70.dll
2009-02-07 18:58 344,064 a------- c:\windows\system32\msvcr70.dll
2009-02-07 18:56 <DIR> --d----- c:\docume~1\sen~1\applic~1\AVS4YOU
2009-02-07 18:56 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AVS4YOU
2009-02-07 18:56 24,576 a------- c:\windows\system32\msxml3a.dll
2009-02-07 18:56 <DIR> --d----- c:\program files\common files\AVSMedia
2009-02-07 18:55 <DIR> --d----- c:\program files\AVS4YOU
2009-02-06 11:17 <DIR> --d----- c:\program files\common files\Symantec Shared
2009-02-06 11:17 <DIR> --d----- c:\program files\Norton Security Scan
2009-02-06 00:48 <DIR> --d----- c:\windows\system32\Adobe
2009-02-06 00:18 <DIR> --d----- c:\program files\Data Realms
2009-02-05 23:44 16 a------- c:\windows\entpack.ini
2009-02-03 01:02 <DIR> --d----- c:\windows\Logs
2009-02-03 01:02 <DIR> --d----- c:\program files\Utherverse Digital Inc
2009-02-02 14:44 <DIR> --d----- c:\program files\Bonjour
2009-01-29 20:50 <DIR> --d----- c:\docume~1\sen~1\applic~1\NCH Software
2009-01-28 19:50 4,710 a------- c:\windows\system32\fc.ico
2009-01-28 19:50 2,528 a------- c:\windows\FCIC.INI
2009-01-28 19:50 <DIR> --d----- c:\docume~1\alluse~1\applic~1\FirstClass
2009-01-28 19:50 <DIR> --d----- c:\program files\FirstClass
2009-01-28 18:12 <DIR> --d----- c:\program files\NCH Swift Sound
2009-01-28 18:12 <DIR> --d----- c:\program files\NCH Software
2009-01-28 00:47 <DIR> --d----- c:\program files\Maxtor
2009-01-28 00:47 <DIR> --d----- c:\windows\SxsCaPendDel
2009-01-27 16:14 <DIR> --d----- c:\program files\AskBarDis
2009-01-26 18:29 1,645,320 a------- c:\windows\system32\GdiPlus.dll
2009-01-26 18:28 11,776 a------- c:\windows\system32\drivers\afc.sys
2009-01-26 18:28 258,352 a------- c:\windows\system32\unicows.dll
2009-01-26 18:28 212,480 a------- c:\windows\PCDLIB32.DLL
2009-01-26 18:27 765,952 a------- c:\windows\system32\xvidcore.dll
2009-01-26 18:27 180,224 a------- c:\windows\system32\xvidvfw.dll
2009-01-26 18:27 77,824 a------- c:\windows\system32\xvid.ax
2009-01-26 15:16 221,184 a------- c:\windows\system32\wmpns.dll
2009-01-26 12:27 <DIR> --d----- c:\windows\system32\scripting
2009-01-26 12:27 <DIR> --d----- c:\windows\l2schemas
2009-01-26 12:27 <DIR> --d----- c:\windows\system32\en
2009-01-26 12:27 <DIR> --d----- c:\windows\system32\bits
2009-01-26 12:26 <DIR> --d----- c:\windows\ServicePackFiles
2009-01-26 12:20 <DIR> --d----- c:\windows\EHome
2009-01-26 01:12 <DIR> --d----- c:\program files\DivX
2009-01-24 17:41 <DIR> --d----- c:\windows\network diagnostic
2009-01-24 16:07 <DIR> --d----- C:\Sierra
2009-01-24 16:07 <DIR> --d----- c:\program files\WON
2009-01-24 10:06 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-24 10:06 73,728 a------- c:\windows\system32\javacpl.cpl
2009-01-23 21:08 <DIR> --d----- c:\program files\MSXML 4.0
2009-01-23 17:55 <DIR> --d----- c:\program files\common files\Software Update Utility
2009-01-23 17:55 <DIR> --d----- c:\program files\AIM Toolbar
2009-01-23 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\AIM Toolbar
2009-01-23 17:55 <DIR> --d----- c:\program files\AIM Search
2009-01-23 17:55 <DIR> --d----- c:\program files\Viewpoint
2009-01-23 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Viewpoint
2009-01-23 17:55 <DIR> --d----- c:\docume~1\alluse~1\applic~1\acccore
2009-01-23 17:55 <DIR> --d----- c:\program files\common files\AOL
2009-01-23 17:54 <DIR> --d----- c:\program files\AIM6
2009-01-23 17:54 466 a---h--- C:\IPH.PH
2009-01-23 16:15 68,222 -------- c:\windows\system32\drivers\StMp3Rec.sys
2009-01-23 16:15 <DIR> --d----- c:\program files\Oakley
2009-01-23 11:24 5,504 a------- c:\windows\system32\drivers\mstee.sys
2009-01-23 11:24 10,880 a------- c:\windows\system32\drivers\ndisip.sys
2009-01-23 11:24 16,384 a------- c:\windows\system32\ipsink.ax
2009-01-23 11:24 15,232 a------- c:\windows\system32\drivers\streamip.sys
2009-01-23 11:24 11,136 a------- c:\windows\system32\drivers\slip.sys
2009-01-23 11:24 19,200 a------- c:\windows\system32\drivers\wstcodec.sys
2009-01-23 11:24 85,248 a------- c:\windows\system32\drivers\nabtsfec.sys
2009-01-23 11:24 17,024 a------- c:\windows\system32\drivers\ccdecode.sys
2009-01-23 11:24 26,624 ac------ c:\windows\system32\dllcache\icam3ext.dll
2009-01-23 11:24 26,624 a------- c:\windows\system32\Icam3EXT.dll
2009-01-23 11:23 141,056 ac------ c:\windows\system32\dllcache\icam3.sys
2009-01-23 11:23 141,056 a------- c:\windows\system32\drivers\Icam3.sys
2009-01-23 11:23 91,136 a------- c:\windows\system32\kswdmcap.ax
2009-01-23 11:23 28,672 a------- c:\windows\system32\vidcap.ax
2009-01-23 11:23 61,952 a------- c:\windows\system32\kstvtune.ax
2009-01-23 11:23 53,760 a------- c:\windows\system32\vfwwdm32.dll
2009-01-23 11:23 43,008 a------- c:\windows\system32\ksxbar.ax
2009-01-23 11:07 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Maxtor
2009-01-23 11:07 <DIR> --d----- c:\windows\Downloaded Installations
2009-01-23 11:07 <DIR> --d----- c:\program files\MSXML 6.0
2009-01-23 11:06 <DIR> --dsh--- c:\windows\ftpcache
2009-01-23 11:04 147,514 -----r-- c:\windows\bwUnin-8.1.1.50-8876480SL.exe
2009-01-23 11:03 0 a---h--- c:\windows\system32\drivers\Msft_Kernel_LMouFilt_01005.Wdf
2009-01-23 11:03 0 a---h--- c:\windows\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2009-01-23 11:02 1,419,024 a------- c:\windows\system32\WdfCoInstaller01005.dll
2009-01-23 11:02 101,136 a------- c:\windows\KHALMNPR.Exe
2009-01-23 11:02 34,576 a------- c:\windows\system32\drivers\LHidFilt.Sys
2009-01-23 11:02 33,296 a------- c:\windows\system32\drivers\LMouFilt.Sys
2009-01-23 11:02 163,840 a------- c:\windows\system32\kemutb.dll
2009-01-23 11:02 135,168 a------- c:\windows\system32\KemUtil.dll
2009-01-23 11:02 110,592 a------- c:\windows\system32\KemWnd.dll
2009-01-23 11:02 69,632 a------- c:\windows\system32\KemXML.dll
2009-01-23 11:02 <DIR> --d----- c:\program files\common files\Logitech
2009-01-23 10:54 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-01-23 10:47 <DIR> --d----- c:\program files\Skype
2009-01-23 10:12 <DIR> --d----- c:\program files\DNA
2009-01-23 10:12 <DIR> --d----- c:\docume~1\sen~1\applic~1\DNA
2009-01-23 09:31 104,960 -------- c:\windows\system32\drivers\atinrvxx.sys
2009-01-23 09:16 107,368 a------- c:\windows\system32\GEARAspi.dll
2009-01-23 09:16 15,464 a------- c:\windows\system32\drivers\GEARAspiWDM.sys
2009-01-23 09:15 <DIR> --d----- c:\program files\iPod
2009-01-23 09:15 <DIR> --d----- c:\program files\iTunes
2009-01-23 09:15 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-23 09:14 32,000 a------- c:\windows\system32\drivers\usbaapl.sys
2009-01-23 09:13 272,128 -c------ c:\windows\system32\dllcache\bthport.sys
2009-01-23 09:13 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-01-23 09:03 1,846,400 -c------ c:\windows\system32\dllcache\win32k.sys
2009-01-23 09:03 2,189,184 -c------ c:\windows\system32\dllcache\ntoskrnl.exe
2009-01-23 09:03 2,145,280 -c------ c:\windows\system32\dllcache\ntkrnlmp.exe
2009-01-23 09:03 2,023,936 -c------ c:\windows\system32\dllcache\ntkrpamp.exe
2009-01-23 09:03 2,066,048 -c------ c:\windows\system32\dllcache\ntkrnlpa.exe
2009-01-23 09:01 203,136 -c------ c:\windows\system32\dllcache\rmcast.sys
2009-01-23 09:01 455,296 -c------ c:\windows\system32\dllcache\mrxsmb.sys
2009-01-23 09:01 333,952 -c------ c:\windows\system32\dllcache\srv.sys
2009-01-23 09:01 691,712 -c------ c:\windows\system32\dllcache\inetcomm.dll
2009-01-23 09:00 337,408 -c------ c:\windows\system32\dllcache\netapi32.dll
2009-01-23 08:58 <DIR> --d----- c:\windows\system32\PreInstall
2009-01-23 08:58 26,488 a------- c:\windows\system32\spupdsvc.exe
2009-01-22 15:08 <DIR> --d----- c:\program files\common files\HP
2009-01-22 15:06 <DIR> --d----- c:\program files\common files\Hewlett-Packard
2009-01-22 15:06 16,496 a----r-- c:\windows\system32\drivers\HPZipr12.sys
2009-01-22 15:06 51,120 a----r-- c:\windows\system32\drivers\HPZid412.sys
2009-01-22 15:06 21,744 a----r-- c:\windows\system32\drivers\HPZius12.sys
2009-01-22 15:06 15,104 a------- c:\windows\system32\drivers\usbscan.sys
2009-01-22 15:05 278,584 a------- c:\windows\system32\HPZidr12.dll
2009-01-22 15:05 204,800 a------- c:\windows\system32\HPZipr12.dll
2009-01-22 15:05 94,208 a------- c:\windows\system32\HPZipt12.dll
2009-01-22 15:05 90,112 a------- c:\windows\system32\HPZipm12.exe
2009-01-22 15:05 81,920 a------- c:\windows\system32\HPZinw12.exe
2009-01-22 15:05 57,344 a------- c:\windows\system32\HPZisn12.dll
2009-01-22 15:05 323,584 a------- c:\windows\IsUninst.exe
2009-01-22 15:04 <DIR> --d----- c:\program files\HP
2009-01-22 15:03 112,924 a------- c:\windows\hpoins07.dat
2009-01-22 15:03 21,124 -------- c:\windows\hpomdl07.dat
2009-01-22 14:53 6,272 a------- c:\windows\system32\drivers\splitter.sys
2009-01-22 14:53 83,072 a------- c:\windows\system32\drivers\wdmaud.sys
2009-01-22 14:53 52,864 a------- c:\windows\system32\drivers\dmusic.sys
2009-01-22 14:53 56,576 a------- c:\windows\system32\drivers\swmidi.sys
2009-01-22 14:53 6,656 a------- c:\windows\system32\drivers\aec.sys
2009-01-22 14:53 172,416 a------- c:\windows\system32\drivers\kmixer.sys
2009-01-22 14:53 2,944 a------- c:\windows\system32\drivers\drmkaud.sys
2009-01-22 14:53 60,800 a------- c:\windows\system32\drivers\sysaudio.sys
2009-01-22 14:50 60,160 a------- c:\windows\system32\drivers\drmk.sys
2009-01-22 14:50 109,056 a------- c:\windows\system32\staco.dll
2009-01-22 14:49 1,022,040 a------- c:\windows\system32\drivers\sthda.sys
2009-01-22 14:49 155,648 a------- c:\windows\system32\stacapi.dll
2009-01-22 14:49 <DIR> --d----- c:\program files\SigmaTel
2009-01-22 14:42 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-01-22 14:42 1,902 -------- c:\windows\system32\SetupBD.din
2009-01-22 14:41 155,648 ac------ c:\windows\system32\dllcache\e100b325.sys
2009-01-22 14:41 155,648 a------- c:\windows\system32\drivers\e100b325.sys
2009-01-22 14:41 147,456 a------- c:\windows\system32\Prounstl.exe
2009-01-22 14:41 36,864 a------- c:\windows\system32\e100bmsg.dll
2009-01-22 14:41 19,456 a------- c:\windows\system32\IntelNic.dll
2009-01-22 14:41 5,110 a------- c:\windows\system32\e100b325.din
2009-01-22 14:41 <DIR> --d----- C:\drvrtmp
2009-01-22 12:11 135,168 a------- c:\windows\system32\igfxres.dll
2009-01-21 20:56 1,060,864 a------- c:\windows\system32\MFC71.dll
2009-01-21 20:56 1,047,552 a------- c:\windows\system32\MFC71u.dll
2009-01-21 20:56 499,712 a------- c:\windows\system32\msvcp71.dll
2009-01-21 20:56 348,160 a------- c:\windows\system32\msvcr71.dll
2009-01-21 20:56 89,088 a------- c:\windows\system32\atl71.dll
2009-01-21 20:53 77,824 a------- c:\windows\uneng.exe
2009-01-21 20:53 <DIR> --d----- c:\program files\Roxio
2009-01-21 20:53 <DIR> --d----- c:\program files\common files\Adaptec Shared
2009-01-21 20:47 2,289,664 a------- c:\windows\system32\ialmgicd.dll
2009-01-21 20:47 512,000 a------- c:\windows\system32\ialmgdev.dll
2009-01-21 20:47 61,440 a------- c:\windows\system32\iAlmCoIn_v4299.dll
2009-01-21 20:43 7,552 a------- c:\windows\system32\drivers\mskssrv.sys
2009-01-21 20:43 <DIR> --d----- c:\program files\CONEXANT
2009-01-21 20:38 <DIR> --d----- c:\windows\system32\ReinstallBackups
2009-01-21 20:29 <DIR> --d----- c:\windows\system32\vmm32
2009-01-21 20:29 <DIR> --d----- c:\program files\Dell
2009-01-21 16:09 <DIR> --dsh--- c:\documents and settings\seán\Cookies
2009-01-21 16:09 <DIR> --d-hr-- c:\documents and settings\seán\Application Data
2009-01-21 16:09 <DIR> --d--r-- c:\documents and settings\seán\Favorites
2009-01-21 16:09 <DIR> --d----- c:\documents and settings\seán\Desktop
2009-01-21 16:08 2,359,296 a---h--- c:\documents and settings\seán\NTUSER.DAT
2009-01-21 16:08 <DIR> --d-hr-- c:\documents and settings\seán\SendTo
2009-01-21 16:08 <DIR> --d-hr-- c:\documents and settings\seán\Recent
2009-01-21 16:08 <DIR> --d-h--- c:\documents and settings\seán\Templates
2009-01-21 16:08 <DIR> --d-h--- c:\documents and settings\seán\PrintHood
2009-01-21 16:08 <DIR> --d-h--- c:\documents and settings\seán\NetHood
2009-01-21 16:08 <DIR> --d-h--- c:\documents and settings\seán\Local Settings
2009-01-21 16:08 <DIR> --d--r-- c:\documents and settings\seán\Start Menu
2009-01-21 16:08 <DIR> --d--r-- c:\documents and settings\seán\My Documents
2009-01-21 16:08 <DIR> --d----- c:\documents and settings\Seán
2009-01-21 16:07 <DIR> --ds---- c:\windows\system32\Microsoft
2009-01-21 16:07 8,192 a------- c:\windows\REGLOCS.OLD
2009-01-21 16:05 30,208 ac------ c:\windows\system32\dllcache\sm87w.dll
2009-01-21 16:04 195,618 ac------ c:\windows\system32\dllcache\c_10002.nls
2009-01-21 16:03 <DIR> --dsh--- c:\documents and settings\all users\DRM
2009-01-21 16:03 488 a---hr-- c:\windows\system32\WindowsLogon.manifest
2009-01-21 16:03 488 a---hr-- c:\windows\system32\logonui.exe.manifest
2009-01-21 16:03 <DIR> --ds---- c:\windows\Downloaded Program Files
2009-01-21 16:03 <DIR> --d--r-- c:\windows\Offline Web Pages
2009-01-21 16:03 749 a---hr-- c:\windows\WindowsShell.Manifest
2009-01-21 16:03 749 a---hr-- c:\windows\system32\wuaucpl.cpl.manifest
2009-01-21 16:03 749 a---hr-- c:\windows\system32\sapi.cpl.manifest
2009-01-21 16:03 749 a---hr-- c:\windows\system32\nwc.cpl.manifest
2009-01-21 16:03 749 a---hr-- c:\windows\system32\ncpa.cpl.manifest
2009-01-21 16:03 749 a---hr-- c:\windows\system32\cdplayer.exe.manifest
2009-01-21 16:03 <DIR> --d-h--- c:\program files\WindowsUpdate
2009-01-21 16:03 4,399,505 ac------ c:\windows\system32\dllcache\nls302en.lex
2009-01-21 16:02 <DIR> --d----- c:\program files\common files\MSSoap
2009-01-21 16:01 <DIR> --d----- c:\program files\Online Services
2009-01-21 16:01 <DIR> --d----- c:\program files\Messenger
2009-01-21 16:01 <DIR> --d----- c:\program files\MSN Gaming Zone
2009-01-21 16:00 <DIR> --d----- c:\program files\Windows NT
2009-01-21 07:52 <DIR> --d----- c:\program files\common files\ODBC
2009-01-21 07:52 <DIR> --d----- c:\program files\common files\SpeechEngines
2009-01-21 07:52 <DIR> --d--r-- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-02-09 19:41 64,512 a------- c:\windows\system32\regwiz.exe
2009-02-08 15:44 90,112 a------- c:\windows\DUMP4dc2.tmp
2009-01-26 12:29 77,423 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-01-21 20:53 206,464 a------- c:\windows\system32\drivers\udfreadr_xp.sys
2009-01-21 20:53 143,834 a------- c:\windows\system32\drivers\pwd_2K.sys
2009-01-21 20:53 30,630 a------- c:\windows\system32\drivers\Mmc_2k.sys
2009-01-21 20:53 25,898 a------- c:\windows\system32\drivers\Dvd_2k.sys
2009-01-21 16:01 21,640 a------- c:\windows\system32\emptyregdb.dat
2008-12-12 11:18 87,336 a------- c:\windows\system32\dns-sd.exe
2008-12-12 11:11 61,440 a------- c:\windows\system32\dnssd.dll

============= FINISH: 12:45:32.46 ===============

Edit: This is the log from after the Malwarebytes's scan:

Malwarebytes' Anti-Malware 1.33
Database version: 1654
Windows 5.1.2600 Service Pack 3

2/10/2009 5:49:43 PM
mbam-log-2009-02-10 (17-49-43).txt

Scan type: Full Scan (C:\|D:\|E:\|)
Objects scanned: 187432
Time elapsed: 2 hour(s), 48 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 19

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\protect (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\passthru (Backdoor.Bot) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\passthru (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\passthru (Backdoor.Bot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\passthru (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\PromoReg (Backdoor.Bot) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\system32\drivers\protect.sys (Trojan.NtRootkit.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\c++.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\2.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\3.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\4.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\5.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\6.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\7.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\8.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\9.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\A.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\D.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\E.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\F.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\Temp\TMPA.tmp (Backdoor.Bot) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\drivers\ndisio.sys (Backdoor.Bot) -> Delete on reboot.
C:\WINDOWS\services.exe (Backdoor.ProRat) -> Quarantined and deleted successfully.

Attached Files


Edited by sammoore1212, 10 February 2009 - 08:52 PM.


BC AdBot (Login to Remove)

 


#2 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:36 AM

Posted 22 February 2009 - 09:43 AM

Welcome to the BleepingComputer Forums.

Since it has been a few days since you scanned your computer with HijackThis, we will need a new HijackThis log. If you have not already downloaded Random's System Information Tool (RSIT), please download Random's System Information Tool (RSIT) by random/random which includes a HijackThis log and save it to your desktop. If you have RSIT already on your computer, please run it again.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Please post the contents of log.txt.
Thank you for your patience.

Please see Preparation Guide for use before posting about your potential Malware problem.

If you have already posted this log at another forum or if you decide to seek help at another forum, please let us know. There is a shortage of helpers and taking the time of two volunteer helpers means that someone else may not be helped.

Please post your HijackThis log as a reply to this thread and not as an attachment. I am always leery of opening attachments so I always request that HijackThis logs are to be posted as a reply to the thread. I do not think that you are attaching anything scary but others may do so.

While we are working on your HijackThis log, please:
  • Reply to this thread; do not start another!
  • Do not make any changes on your computer during the cleaning process or download/add programs on your computer unless instructed to do so.
  • Do not run any other tool until instructed to do so!
  • Let me know if any of the links do not work or if any of the tools do not work.
  • Tell me about problems or symptoms that occur during the fix.
  • Do not run any other programs or open any other windows while doing a fix.
  • Ask any questions that you have regarding the fix(es), the infection(s), the performance of your computer, etc.
Thanks.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.

#3 suebaby41

suebaby41

    W.A.M. (Women Against Malware)


  • Malware Response Team
  • 6,248 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:South Carolina, USA
  • Local time:01:36 AM

Posted 01 March 2009 - 07:05 AM

This subject is now closed. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter. Everyone else please begin a New Topic.
You don't stop laughing when you get old; you get old when you stop laughing.
A Member of U-N-I-T-E (Unified Network of Instructors and Trained Eliminators)
Malware Removal University Masters Graduate

Posted Image
Join The Fight Against Malware
No reply within 5 days will result in your topic being closed. If you need more time, please let me know by posting in this topic so that your topic will not be closed.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users