Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Next step for C;\autorun.exe trojan MOVED


  • Please log in to reply
1 reply to this topic

#1 hicktownmom

hicktownmom

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:00 PM

Posted 29 January 2010 - 08:15 PM

I started out reading another log that looked like they had the same worm as me. Followed the directions with the intention of returning to the original post and now I can't find it. I ran the SDFix and it looks like it also ran catchme and Rootscan. So what do I do next?

Thanks in advance for the help.

Here's a copy of the log:

SDFix: Version 1.240
Run by Administrator on Fri 01/29/2010 at 04:14 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\autorun.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-01-29 16:29:03
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Jason\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Program Files\\VTech\\Community\\System\\PCTray.exe"="C:\\Program Files\\VTech\\Community\\System\\PCTray.exe:*:Disabled:Vtech local server"
"C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll"="C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.dll:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe"="C:\\Documents and Settings\\Jason.D2C6Q7G1\\Local Settings\\Application Data\\Kamuse\\KCSTrayDownloader\\KCSTrayDownloaderEngine.exe:*:Enabled:KCSTrayDownloaderEngine"
"C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\\DOCUME~1\\JASON~1.D2C\\LOCALS~1\\Temp\\ctmons.exe"="C:\\DOCUME~1\\JASON~1.D2C\\LOCALS~1\\Temp\\ctmons.exe:*:Enabled:svhost"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PowerDVD.exe:*:Enabled:CyberLink PowerDVD DX"
"C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe"="C:\\Program Files\\CyberLink\\PowerDVD DX\\PDVDDXSrv.exe:*:Enabled:CyberLink PowerDVD DX Resident Program"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Thu 19 Nov 2009 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Sun 24 Jan 2010 233,473 ..SH. --- "C:\Documents and Settings\Marli\Application Data\lsass.exe"
Sun 24 Jan 2010 29,184 A.SHR --- "C:\Documents and Settings\Administrator\Application Data\spoolsc\spoolsc.exe"
Sat 3 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv02.tmp"
Sat 3 Oct 2009 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv03.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~10.tmp"
Sun 17 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~11.tmp"
Wed 20 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~12.tmp"
Sat 27 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~120.tmp"
Sat 2 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~13.tmp"
Tue 5 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~14.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~15.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~16.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~17.tmp"
Sun 31 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~18.tmp"
Sun 31 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~19.tmp"
Sat 16 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1A.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1B.tmp"
Mon 18 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1C.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1D.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1E.tmp"
Sun 31 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~1F.tmp"
Wed 10 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~20.tmp"
Fri 12 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~21.tmp"
Fri 12 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~22.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~23.tmp"
Tue 30 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~24.tmp"
Sun 31 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~25.tmp"
Tue 9 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~26.tmp"
Mon 8 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~27.tmp"
Sun 28 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~28.tmp"
Sun 28 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~29.tmp"
Sun 28 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2A.tmp"
Fri 26 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2A5.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2B.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2C.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2D.tmp"
Wed 1 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2E.tmp"
Thu 2 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~2F.tmp"
Fri 3 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~30.tmp"
Fri 3 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~31.tmp"
Fri 3 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~32.tmp"
Sat 4 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~33.tmp"
Sun 3 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~34.tmp"
Thu 11 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~35.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~36.tmp"
Fri 3 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~37.tmp"
Mon 6 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~38.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~39.tmp"
Thu 11 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3A.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3B.tmp"
Tue 2 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3C.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3D.tmp"
Mon 6 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3E.tmp"
Tue 19 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~3F.tmp"
Tue 26 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~40.tmp"
Wed 20 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~41.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~42.tmp"
Mon 8 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~43.tmp"
Sun 31 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~44.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~45.tmp"
Tue 30 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~46.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~47.tmp"
Sun 28 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~48.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~49.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4A.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4B.tmp"
Mon 6 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4C.tmp"
Sat 16 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4D.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4E.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~4F.tmp"
Wed 17 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~50.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~51.tmp"
Sat 13 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~52.tmp"
Sun 5 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~53.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~54.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~55.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~56.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~57.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~58.tmp"
Thu 2 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~59.tmp"
Mon 6 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5A.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5B.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5C.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5D.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5E.tmp"
Mon 29 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~5F.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~60.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~61.tmp"
Wed 15 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~62.tmp"
Thu 16 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~63.tmp"
Wed 15 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~66.tmp"
Wed 15 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~67.tmp"
Thu 16 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~68.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~69.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~6A.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~6E.tmp"
Sat 2 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~7.tmp"
Wed 15 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~71.tmp"
Sun 5 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~72.tmp"
Sun 17 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~7C.tmp"
Fri 10 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~7D.tmp"
Wed 27 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~8.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~83.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~8B.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~9.tmp"
Wed 27 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~92.tmp"
Thu 2 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~9D.tmp"
Sun 17 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~A.tmp"
Tue 16 Jun 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~A6.tmp"
Thu 16 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~A7.tmp"
Fri 15 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~AE.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~B.tmp"
Sun 12 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~B3.tmp"
Sun 10 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~BB.tmp"
Sun 3 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~C.tmp"
Tue 14 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~CF.tmp"
Sun 17 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~D.tmp"
Mon 13 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~D5.tmp"
Wed 1 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~DC.tmp"
Fri 29 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~E.tmp"
Sat 30 May 2009 243,712 A..H. --- "C:\Documents and Settings\Jason\Local Settings\temp\~F.tmp"
Mon 18 Jan 2010 29,184 A.SHR --- "C:\Documents and Settings\Jason.D2C6Q7G1\Application Data\HDIs\HDIs.exe"
Sun 24 Jan 2010 29,184 A.SHR --- "C:\Documents and Settings\Jason.D2C6Q7G1\Application Data\pluginwin\pluginwin.exe"
Sun 24 Jan 2010 29,184 A.SHR --- "C:\Documents and Settings\Jason.D2C6Q7G1\Application Data\spoolsc\spoolsc.exe"
Sat 1 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~10.tmp"
Thu 30 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~11.tmp"
Wed 29 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~12.tmp"
Thu 30 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~13.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~14.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~15.tmp"
Sun 2 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~16.tmp"
Sun 2 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~17.tmp"
Tue 4 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~18.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~19.tmp"
Sun 25 Oct 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~193.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1A.tmp"
Thu 6 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1B.tmp"
Sat 26 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1B6.tmp"
Sun 2 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1C.tmp"
Tue 4 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1D.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1E.tmp"
Thu 6 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~1F.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~20.tmp"
Mon 3 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~21.tmp"
Thu 6 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~22.tmp"
Thu 6 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~23.tmp"
Fri 7 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~24.tmp"
Fri 7 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~25.tmp"
Sun 9 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~26.tmp"
Sun 26 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~27.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~28.tmp"
Sun 26 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~29.tmp"
Wed 5 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2A.tmp"
Thu 13 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2B.tmp"
Thu 13 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2C.tmp"
Thu 20 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2D.tmp"
Sun 9 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2E.tmp"
Thu 20 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~2F.tmp"
Mon 27 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3.tmp"
Thu 20 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~30.tmp"
Thu 20 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~31.tmp"
Fri 21 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~32.tmp"
Fri 14 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~33.tmp"
Tue 25 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~34.tmp"
Fri 28 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~35.tmp"
Sun 16 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~36.tmp"
Fri 28 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~37.tmp"
Sat 29 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~38.tmp"
Sat 29 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~39.tmp"
Sat 1 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3A.tmp"
Wed 12 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3B.tmp"
Fri 28 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3C.tmp"
Sat 29 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3D.tmp"
Sat 29 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3E.tmp"
Wed 16 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~3F.tmp"
Wed 16 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~40.tmp"
Wed 16 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~41.tmp"
Sun 20 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~42.tmp"
Sun 20 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~43.tmp"
Sun 20 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~44.tmp"
Mon 21 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~45.tmp"
Sat 26 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~46.tmp"
Sun 27 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~47.tmp"
Tue 29 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~48.tmp"
Thu 29 Oct 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~49.tmp"
Tue 4 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4A.tmp"
Mon 2 Nov 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4B.tmp"
Sun 23 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4C.tmp"
Sat 29 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4D.tmp"
Mon 2 Nov 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4E.tmp"
Thu 5 Nov 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~4F.tmp"
Sat 10 Oct 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~5.tmp"
Mon 30 Nov 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~50.tmp"
Sun 20 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~51.tmp"
Sat 14 Nov 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~53.tmp"
Sun 9 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~55.tmp"
Sun 20 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~56.tmp"
Mon 10 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~5A.tmp"
Mon 27 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~6.tmp"
Sat 22 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~64.tmp"
Wed 19 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~6A.tmp"
Sat 8 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~6F.tmp"
Thu 30 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~7.tmp"
Sun 13 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~7F.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~8.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~9.tmp"
Thu 10 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~9F.tmp"
Mon 27 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~A.tmp"
Sat 17 Oct 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~AB.tmp"
Mon 27 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~B.tmp"
Fri 28 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~B2.tmp"
Mon 21 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~B4.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~C.tmp"
Wed 12 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~CA.tmp"
Fri 31 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~D.tmp"
Wed 16 Sep 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~DC.tmp"
Sat 1 Aug 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~E.tmp"
Mon 27 Jul 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~F.tmp"
Mon 14 Dec 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~F4.tmp"
Wed 7 Oct 2009 243,712 A..H. --- "C:\Documents and Settings\Jason.D2C6Q7G1\Local Settings\Temp\~F5.tmp"
Wed 18 May 2005 547,840 A.SHR --- "C:\Documents and Settings\Marli\Application Data\Cerberus\server.exe"
Sat 23 Jan 2010 204,800 ...H. --- "C:\Documents and Settings\Marli\Application Data\Microsoft\svchost.exe"
Sun 24 Jan 2010 25,600 ..SHR --- "C:\Documents and Settings\Marli\Application Data\Microsoft\winlogon.exe"
Sun 24 Jan 2010 545,034 ...H. --- "C:\Documents and Settings\Marli\Application Data\schost\svchost.exe"
Sun 5 Jul 2009 1,977 ...HR --- "C:\Documents and Settings\Jason\Application Data\SecuROM\UserData\securom_v7_01.bak"
Fri 29 Jan 2010 2,834 ...HR --- "C:\Documents and Settings\Jason.D2C6Q7G1\Application Data\SecuROM\UserData\securom_v7_01.bak"
Sat 31 Jan 2009 1,977 ...HR --- "C:\Documents and Settings\Kobi\Application Data\SecuROM\UserData\securom_v7_01.bak"
Mon 18 Jan 2010 1,977 ...HR --- "C:\Documents and Settings\Marli\Application Data\SecuROM\UserData\securom_v7_01.bak"
Tue 2 Jun 2009 1,977 ...HR --- "C:\Documents and Settings\Zayne\Application Data\SecuROM\UserData\securom_v7_01.bak"

Finished!

Edited by garmanma, 29 January 2010 - 08:51 PM.


BC AdBot (Login to Remove)

 


#2 hamluis

hamluis

    Moderator


  • Moderator
  • 55,248 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:04:00 PM

Posted 29 January 2010 - 08:19 PM

FWIW: If you have a malware situation...it's probably inadvisable to take someone else's post...and try to apply it to yourself. It may be that easy, but it's unlikely, IMO.

I suggest that you initiate a post at the Am I Infected Forum, following the guidelines spelled out there.

BleepingComputer.com - Am I infected What do I do - http://www.bleepingcomputer.com/forums/f/103/am-i-infected-what-do-i-do/

Louis




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users