Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

MBAM reports Hijack.TaskManager


  • This topic is locked This topic is locked
8 replies to this topic

#1 dbteepo

dbteepo

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 24 March 2010 - 02:44 PM

I have the dds.txt, but gmer won't run, I have a similar problem with mbam.

Attached Files



BC AdBot (Login to Remove)

 


#2 Blind Faith

Blind Faith

  • Malware Response Team
  • 4,101 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:11:11 AM

Posted 27 March 2010 - 12:15 PM

Hello and welcome to Bleeping Computer! welcome.gif

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.

Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine. Please perform the following scan:
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE

We also need a new log from the GMER anti-rootkit scanner. Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log





Elle
Can you hear it?It's all around!

Tomar ki manè acchè?
Yadi thakè, tahalè
Ki kshama kartè paro
?



If I haven't replied in 48 hours, please feel free to send me a PM.



Posted Image

#3 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 30 March 2010 - 01:39 AM

I've had it disconnected from the internet for the last few days, but I did log on earlier today for 20 minutes so that I could go download Rkill. I never downloaded the file though, because IE wouldn't load up the pages that I found results for. Instead it said I wasn't connected to the internet. Here's the latest DDS.txt


DDS (Ver_10-03-17.01) - NTFSx86
Run by Alonzo at 3:42:51.85 on Wed 11/10/2004
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1150.806 [GMT -6:00]


============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\DOCUME~1\Alonzo\LOCALS~1\Temp\diskperfxp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HPQ\shared\hpqwmi.exe
C:\Documents and Settings\Alonzo\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [diskperfxp.exe] c:\docume~1\alonzo\locals~1\temp\diskperfxp.exe
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [iTunesHelper] c:\program files\itunes\iTunesHelper.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [<NO NAME>]
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
uPolicies-system: DisableTaskMgr = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1102875485156
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: AtiExtEvent - Ati2evxx.dll

============= SERVICES / DRIVERS ===============

R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2004-12-7 200192]
S2 gupdate1ca811d6c6a136a;Google Update Service (gupdate1ca811d6c6a136a);c:\program files\google\update\GoogleUpdate.exe [2009-12-19 133104]

=============== Created Last 30 ================

2010-03-23 03:22:43 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-03-23 01:26:24 0 d-----w- c:\program files\User Protection
2010-03-22 00:16:52 0 d-----w- c:\docume~1\alonzo\applic~1\Malwarebytes
2010-03-22 00:16:49 15504 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-03-22 00:16:46 38496 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-03-22 00:16:43 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-03-22 00:16:43 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes
2010-03-09 23:15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-06 19:02:22 0 d-----w- c:\program files\CCleaner
2010-02-21 19:35:02 0 d-sh--w- c:\windows\ftpcache
2010-02-21 19:33:46 0 d-----w- c:\program files\SuperiorCasino
2010-02-05 04:46:50 18374 ----a-w- c:\windows\DIIUnin.dat
2010-02-05 04:46:45 94208 ----a-w- c:\windows\DIIUnin.exe
2010-02-05 04:46:45 2829 ----a-w- c:\windows\DIIUnin.pif
2010-02-05 04:39:56 0 d-----w- c:\program files\Diablo II
2010-01-22 19:17:16 0 d-----w- c:\program files\The KMPlayer
2010-01-05 03:31:29 21840 ----atw- c:\windows\system32\SIntfNT.dll
2010-01-05 03:31:29 17212 ----atw- c:\windows\system32\SIntf32.dll
2010-01-05 03:31:29 12067 ----atw- c:\windows\system32\SIntf16.dll
2010-01-01 21:11:31 218 ----a-w- c:\windows\SIERRA.INI
2010-01-01 21:11:30 0 d-----w- C:\Sierra
2010-01-01 18:48:53 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2010-01-01 18:48:38 0 d-----w- c:\program files\DAEMON Tools Lite
2010-01-01 18:48:09 0 d-----w- c:\docume~1\alonzo\applic~1\DAEMON Tools Lite
2010-01-01 18:48:05 0 d-----w- c:\docume~1\alluse~1\applic~1\DAEMON Tools Lite
2010-01-01 16:46:05 0 d-----w- c:\program files\BitLord
2009-12-22 01:23:53 0 d-sh--w- c:\documents and settings\alonzo\IECompatCache
2009-12-22 00:53:06 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2009-12-22 00:53:06 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2009-12-22 00:52:12 32128 -c--a-w- c:\windows\system32\dllcache\usbccgp.sys
2009-12-22 00:52:12 32128 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2009-12-20 02:38:39 9464 ------w- c:\windows\system32\drivers\cdralw2k.sys
2009-12-20 02:38:39 9336 ------w- c:\windows\system32\drivers\cdr4_xp.sys
2009-12-20 02:38:38 129784 ------w- c:\windows\system32\pxafs.dll
2009-12-20 02:37:42 0 d-----w- c:\program files\common files\DivX Shared
2009-12-20 02:37:41 0 d-----w- c:\program files\DivX
2009-12-19 06:38:50 57344 ----a-w- c:\windows\rzrunins.exe
2009-12-19 06:36:26 0 d-----w- C:\Brood
2009-12-19 06:18:35 0 d-----w- c:\windows\system32\LogFiles
2009-12-19 03:42:35 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2009-12-19 03:42:35 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2009-12-19 03:42:31 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2009-12-19 03:42:31 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2009-12-18 23:50:32 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2009-12-17 22:14:06 0 d-----w- c:\program files\Voobly
2009-12-17 21:55:54 0 d-----w- c:\program files\Microsoft Games
2009-12-17 21:46:09 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2009-12-17 20:56:23 54156 ---ha-w- c:\windows\QTFont.qfn
2009-12-17 20:56:23 1409 ----a-w- c:\windows\QTFont.for
2009-12-17 20:45:55 0 d-----w- c:\program files\common files\xing shared
2009-12-17 20:45:30 499712 ----a-w- c:\windows\system32\msvcp71.dll
2009-12-17 20:45:30 348160 ----a-w- c:\windows\system32\msvcr71.dll
2009-12-17 20:45:25 0 d-----w- c:\program files\common files\Real
2009-12-17 20:38:53 0 d-----w- c:\windows\system32\scripting
2009-12-17 20:38:52 0 d-----w- c:\windows\system32\en
2009-12-17 20:38:52 0 d-----w- c:\windows\system32\bits
2009-12-17 20:38:52 0 d-----w- c:\windows\l2schemas
2009-12-17 20:33:40 0 d-----w- c:\windows\network diagnostic
2009-12-17 20:33:02 0 d-sh--w- c:\documents and settings\alonzo\PrivacIE
2009-12-17 20:29:42 0 d-----w- c:\windows\EHome
2009-12-17 20:23:16 0 d-sh--w- c:\documents and settings\alonzo\IETldCache
2009-12-17 20:21:28 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2009-12-17 20:21:27 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2009-12-17 20:21:27 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2009-12-17 20:21:27 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2009-12-17 20:21:27 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2009-12-17 20:21:27 11070464 -c----w- c:\windows\system32\dllcache\ieframe.dll
2009-12-17 20:21:24 0 d-----w- c:\windows\ie8updates
2009-12-17 20:20:58 92160 -c----w- c:\windows\system32\dllcache\iecompat.dll
2009-12-17 20:19:50 0 dc-h--w- c:\windows\ie8
2009-12-17 19:50:43 0 d-----w- c:\windows\ServicePackFiles
2009-12-17 19:26:19 73216 ------w- c:\windows\system32\drivers\atintuxx.sys
2009-12-17 19:09:31 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2009-12-17 19:09:31 272128 ------w- c:\windows\system32\drivers\bthport.sys
2009-12-17 19:05:47 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2009-12-17 19:05:46 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2009-12-17 19:05:46 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2009-12-17 19:05:46 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2009-12-17 19:05:46 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2009-12-17 19:05:46 110592 -c----w- c:\windows\system32\dllcache\services.exe
2009-12-17 19:05:45 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2009-12-17 19:05:45 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2009-12-17 19:05:45 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2009-12-17 19:05:44 2145280 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-12-17 19:05:43 2189184 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2009-12-17 19:05:42 2023936 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2009-12-17 19:00:16 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2009-12-17 19:00:11 455424 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2009-12-17 19:00:05 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2009-12-17 18:59:52 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-12-17 18:59:30 691712 -c----w- c:\windows\system32\dllcache\inetcomm.dll
2009-12-17 18:54:01 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2009-12-17 18:53:43 2560 ------w- c:\windows\system32\xpsp4res.dll
2009-12-17 18:53:40 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2009-12-17 18:53:39 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-12-17 18:53:39 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-12-17 18:33:44 201728 ----a-w- c:\windows\creator
2009-12-17 18:33:43 0 d-----w- c:\program files\SP36691
2009-12-17 18:33:05 885824 ----a-w- c:\windows\system32\oem17.inf
2009-12-17 18:32:57 91376 ----a-w- c:\windows\system32\bcmwlcoi.dll
2009-12-17 18:32:56 0 d-----w- c:\program files\Broadcom
2009-12-17 18:27:44 0 d-----w- c:\program files\Hp
2009-12-17 18:27:40 0 d-----w- c:\windows\system32\PreInstall
2009-12-17 18:27:39 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2009-12-17 18:27:32 0 d-----w- c:\docume~1\alonzo\applic~1\HpUpdate
2009-12-17 18:23:31 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2009-12-17 18:23:30 274288 ----a-w- c:\windows\system32\mucltui.dll
2009-12-16 18:43:27 343040 -c----w- c:\windows\system32\dllcache\mspaint.exe
2009-12-14 07:08:23 33280 -c----w- c:\windows\system32\dllcache\csrsrv.dll
2009-12-08 09:23:28 474112 -c----w- c:\windows\system32\dllcache\shlwapi.dll
2009-11-27 17:11:44 17920 -c----w- c:\windows\system32\dllcache\msyuv.dll
2009-11-27 16:07:35 8704 -c----w- c:\windows\system32\dllcache\tsbyuv.dll
2009-11-27 16:07:34 48128 -c----w- c:\windows\system32\dllcache\iyuv_32.dll
2009-11-27 16:07:34 11264 -c----w- c:\windows\system32\dllcache\msrle32.dll
2009-11-14 00:47:32 90112 ----a-w- c:\windows\system32\dpl100.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx0c.dll
2009-11-14 00:47:28 856064 ----a-w- c:\windows\system32\divx_xx07.dll
2009-11-14 00:47:28 847872 ----a-w- c:\windows\system32\divx_xx0a.dll
2009-11-14 00:47:28 843776 ----a-w- c:\windows\system32\divx_xx16.dll
2009-11-14 00:47:28 839680 ----a-w- c:\windows\system32\divx_xx11.dll
2009-11-14 00:47:28 696320 ----a-w- c:\windows\system32\DivX.dll
2009-10-21 05:38:36 75776 -c----w- c:\windows\system32\dllcache\strmfilt.dll
2009-10-21 05:38:36 25088 -c----w- c:\windows\system32\dllcache\httpapi.dll
2009-10-20 16:20:16 265728 -c----w- c:\windows\system32\dllcache\http.sys
2009-10-13 10:30:16 270336 -c----w- c:\windows\system32\dllcache\oakley.dll
2009-10-12 13:38:19 149504 -c----w- c:\windows\system32\dllcache\rastls.dll
2009-10-12 13:38:18 79872 -c----w- c:\windows\system32\dllcache\raschap.dll
2009-09-04 21:03:36 58880 -c----w- c:\windows\system32\dllcache\msasn1.dll
2009-08-27 04:41:08 49920 ----a-w- c:\windows\system32\drivers\HPZid412.sys
2009-08-27 04:40:06 21568 ----a-w- c:\windows\system32\drivers\HPZius12.sys
2009-08-27 04:39:52 286720 ----a-w- c:\windows\system32\HPZc3212.dll
2009-08-14 13:21:25 1850624 -c----w- c:\windows\system32\dllcache\win32k.sys
2009-08-07 01:24:18 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2009-08-07 01:24:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2009-08-07 01:24:06 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2009-08-07 01:24:00 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2009-08-07 01:23:26 215904 ----a-w- c:\windows\system32\muweb.dll
2009-08-05 09:01:48 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-29 04:37:01 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2009-07-29 04:37:01 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2009-07-17 16:22:18 1435648 -c----w- c:\windows\system32\dllcache\query.dll
2009-06-25 08:25:26 54272 -c----w- c:\windows\system32\dllcache\wdigest.dll
2009-06-25 08:25:26 301568 -c----w- c:\windows\system32\dllcache\kerberos.dll
2009-06-25 08:25:26 136192 -c----w- c:\windows\system32\dllcache\msv1_0.dll
2009-06-24 11:18:41 92928 -c----w- c:\windows\system32\dllcache\ksecdd.sys
2009-06-12 12:31:39 76288 -c----w- c:\windows\system32\dllcache\telnet.exe
2009-06-10 14:13:29 84992 -c----w- c:\windows\system32\dllcache\avifil32.dll
2009-06-10 06:14:49 132096 -c----w- c:\windows\system32\dllcache\wkssvc.dll
2009-06-03 19:09:37 1291776 -c----w- c:\windows\system32\dllcache\quartz.dll
2009-05-07 15:32:35 345600 -c----w- c:\windows\system32\dllcache\localspl.dll
2009-04-15 14:51:25 585216 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2009-03-21 14:06:58 989696 -c----w- c:\windows\system32\dllcache\kernel32.dll
2009-03-08 20:22:46 1241088 ------w- c:\windows\system32\ieframe.dll.mui
2009-03-08 20:22:30 49152 ------w- c:\windows\system32\msrating.dll.mui
2009-03-08 20:22:18 2560 ------w- c:\windows\system32\mshta.exe.mui
2009-03-08 20:21:06 4096 ------w- c:\windows\system32\ie4uinit.exe.mui
2009-03-08 20:21:06 10240 ------w- c:\windows\system32\advpack.dll.mui
2009-03-08 20:20:54 81920 ------w- c:\windows\system32\iedkcs32.dll.mui
2009-02-13 04:20:42 5630 ------w- c:\windows\system32\IE8Eula.rtf
2009-02-08 01:02:58 2066048 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-02-03 19:59:07 56832 -c----w- c:\windows\system32\dllcache\secur32.dll
2009-01-08 00:20:54 134144 -c----w- c:\windows\system32\dllcache\sqmapi.dll
2009-01-08 00:20:38 24576 ----a-w- c:\windows\system32\nlsdl.dll
2009-01-08 00:20:36 66384 ----a-w- c:\windows\system32\normnfkc.nls
2009-01-08 00:20:36 60294 ----a-w- c:\windows\system32\normnfkd.nls
2009-01-08 00:20:36 59342 ----a-w- c:\windows\system32\normidna.nls
2009-01-08 00:20:36 45794 ----a-w- c:\windows\system32\normnfc.nls
2009-01-08 00:20:36 39284 ----a-w- c:\windows\system32\normnfd.nls
2009-01-08 00:20:36 26112 ----a-w- c:\windows\system32\idndl.dll
2009-01-08 00:20:36 23552 ----a-w- c:\windows\system32\normaliz.dll
2009-01-08 00:20:20 8798 ----a-w- c:\windows\system32\icrav03.rat
2009-01-08 00:20:20 1988 ------w- c:\windows\system32\ticrf.rat
2009-01-08 00:20:18 265720 ----a-w- c:\windows\system32\msdbg2.dll
2008-12-16 12:30:34 354816 -c----w- c:\windows\system32\dllcache\winhttp.dll
2008-12-05 06:54:55 147456 -c----w- c:\windows\system32\dllcache\schannel.dll
2008-10-23 12:36:14 286720 -c----w- c:\windows\system32\dllcache\gdi32.dll
2008-07-07 20:26:58 253952 -c----w- c:\windows\system32\dllcache\es.dll
2008-06-24 16:43:16 74240 -c----w- c:\windows\system32\dllcache\mscms.dll
2008-06-20 17:46:57 245248 -c----w- c:\windows\system32\dllcache\mswsock.dll
2008-06-20 17:46:57 147968 -c----w- c:\windows\system32\dllcache\dnsapi.dll
2008-06-20 11:51:12 361600 -c----w- c:\windows\system32\dllcache\tcpip.sys
2008-06-20 11:40:08 138496 -c----w- c:\windows\system32\dllcache\afd.sys
2008-06-20 11:08:27 225856 -c----w- c:\windows\system32\dllcache\tcpip6.sys
2008-06-17 19:02:19 8461312 -c----w- c:\windows\system32\dllcache\shell32.dll
2008-06-12 14:23:32 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2008-06-12 14:23:32 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2008-06-12 14:23:32 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2008-06-12 14:23:32 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2008-06-12 14:23:32 428032 -c----w- c:\windows\system32\dllcache\msdtcprx.dll
2008-06-12 14:23:32 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2008-05-09 23:23:42 135168 -c----w- c:\windows\system32\dllcache\wshom.ocx
2008-05-09 10:53:40 90112 -c----w- c:\windows\system32\dllcache\wshext.dll
2008-05-09 10:53:40 172032 -c----w- c:\windows\system32\dllcache\scrrun.dll
2008-05-09 10:53:39 180224 -c----w- c:\windows\system32\dllcache\scrobj.dll
2008-05-08 11:24:44 155648 -c----w- c:\windows\system32\dllcache\wscript.exe
2008-05-07 09:07:23 135168 -c----w- c:\windows\system32\dllcache\cscript.exe
2008-04-14 00:11:57 397312 ------w- c:\windows\system32\mmcex.dll
2008-04-14 00:09:55 6144 ------w- c:\windows\system32\kbdpash.dll
2008-04-14 00:09:55 6144 ------w- c:\windows\system32\kbdnepr.dll
2008-04-14 00:09:55 6144 ------w- c:\windows\system32\kbdiultn.dll
2008-04-14 00:09:55 6144 ------w- c:\windows\system32\kbdbhc.dll
2008-04-13 18:56:49 30592 ------w- c:\windows\system32\drivers\rndismpx.sys
2008-04-13 18:56:49 12800 ------w- c:\windows\system32\drivers\usb8023x.sys
2008-04-13 18:51:34 101120 ------w- c:\windows\system32\drivers\bthpan.sys
2008-04-13 18:46:33 37888 ------w- c:\windows\system32\drivers\bthmodem.sys
2008-04-13 18:46:33 17024 ------w- c:\windows\system32\drivers\bthenum.sys
2008-04-13 18:46:32 59136 ------w- c:\windows\system32\drivers\rfcomm.sys
2008-04-13 18:46:31 36480 ------w- c:\windows\system32\drivers\bthprint.sys
2008-04-13 18:46:30 25600 ------w- c:\windows\system32\drivers\hidbth.sys
2008-04-13 18:46:29 18944 ------w- c:\windows\system32\drivers\bthusb.sys
2008-04-13 18:46:20 121984 ------w- c:\windows\system32\drivers\usbvideo.sys
2008-04-13 18:45:26 19200 ------w- c:\windows\system32\drivers\hidir.sys
2008-04-13 18:43:55 14208 ------w- c:\windows\system32\drivers\wacompen.sys
2008-04-13 18:43:55 12672 ------w- c:\windows\system32\drivers\mutohpen.sys
2008-04-13 18:40:48 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2008-04-13 18:36:40 46464 ------w- c:\windows\system32\drivers\gagp30kx.sys
2008-04-13 18:36:40 44672 ------w- c:\windows\system32\drivers\uagp35.sys
2008-04-13 18:36:40 42240 ------w- c:\windows\system32\drivers\viaagp.sys
2008-04-13 18:36:39 44928 ------w- c:\windows\system32\drivers\agpcpq.sys
2008-04-13 18:36:39 43008 ------w- c:\windows\system32\drivers\amdagp.sys
2008-04-13 18:36:39 40960 ------w- c:\windows\system32\drivers\sisagp.sys
2008-04-13 18:36:38 42752 ------w- c:\windows\system32\drivers\alim1541.sys
2008-04-13 18:36:38 42368 ------w- c:\windows\system32\drivers\agp440.sys
2008-04-13 18:36:34 5888 ------w- c:\windows\system32\drivers\smbali.sys
2008-04-13 18:14:58 76800 ------w- c:\windows\system32\msshavmsg.dll
2008-04-13 17:27:18 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2008-04-13 17:27:18 79872 ------w- c:\windows\system32\msxml6r.dll
2008-04-13 16:36:05 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2007-09-17 08:48:10 1261 ------w- c:\windows\system32\pid.inf
2007-06-08 19:52:16 638 ------w- c:\windows\system32\wbem\napclientprov.mof
2007-06-08 19:52:16 3990 ------w- c:\windows\system32\wbem\napclientschema.mof
2006-12-28 19:01:31 19569 ----a-w- c:\windows\002568_.tmp
2006-12-22 18:28:12 271360 ----a-w- c:\windows\system32\mscoree.dll
2005-08-26 21:28:34 143360 ----a-w- c:\windows\unzip.exe
2005-08-26 21:27:58 45056 ----a-w- c:\windows\devenum.exe
2005-04-11 14:13:18 221184 ----a-w- c:\windows\system32\ATIDEMGR.dll
2005-04-11 13:51:14 6684672 ----a-w- c:\windows\system32\atioglxx.dll
2005-04-11 13:34:12 225792 -c--a-w- c:\windows\system32\dllcache\ati2dvag.dll
2005-04-11 13:34:12 225792 ----a-w- c:\windows\system32\ati2dvag.dll
2005-04-11 13:33:52 1035264 -c--a-w- c:\windows\system32\dllcache\ati2mtag.sys
2005-04-11 13:33:52 1035264 ----a-w- c:\windows\system32\drivers\ati2mtag.sys
2005-04-11 13:31:40 73728 ----a-w- c:\windows\system32\Oemdspif.dll
2005-04-11 13:31:36 25088 ----a-w- c:\windows\system32\Ati2mdxx.exe
2005-04-11 13:31:34 39936 ----a-w- c:\windows\system32\ati2edxx.dll
2005-04-11 13:31:30 46080 ----a-w- c:\windows\system32\ati2evxx.dll
2005-04-11 13:31:26 360448 ----a-w- c:\windows\system32\ati2evxx.exe
2005-04-11 13:31:04 53248 ----a-w- c:\windows\system32\ATIDDC.DLL
2005-04-11 13:30:32 2294848 -c--a-w- c:\windows\system32\dllcache\ati3duag.dll
2005-04-11 13:30:32 2294848 ----a-w- c:\windows\system32\ati3duag.dll
2005-04-11 13:25:44 609184 -c--a-w- c:\windows\system32\dllcache\ativvaxx.dll
2005-04-11 13:25:44 609184 ----a-w- c:\windows\system32\ativvaxx.dll
2005-04-11 13:20:38 135168 ----a-w- c:\windows\system32\atikvmag.dll
2005-04-11 13:20:18 36864 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2005-04-11 13:20:12 17408 ----a-w- c:\windows\system32\atitvo32.dll
2005-04-11 13:18:26 204800 -c--a-w- c:\windows\system32\dllcache\ati2cqag.dll
2005-04-11 13:18:26 204800 ----a-w- c:\windows\system32\ati2cqag.dll
2005-02-12 08:33:06 0 ----a-w- c:\windows\system32\px.ini
2005-01-26 20:36:48 151552 ------w- c:\windows\system32\pxwma.dll
2005-01-26 08:03:00 43528 ------w- c:\windows\system32\drivers\pxhelp20.sys
2004-12-10 15:43:05 0 d-----w- c:\windows\system32\SoftwareDistribution
2004-12-07 20:54:00 0 d-sh--w- c:\documents and settings\alonzo\UserData
2004-12-07 20:51:38 0 d-----w- c:\docume~1\alluse~1\applic~1\hpqwmi
2004-12-07 20:48:37 0 d-----w- c:\windows\Hewlett-Packard
2004-12-07 20:48:24 204800 ----a-w- c:\windows\system32\IVIresizeW7.dll
2004-12-07 20:48:24 20480 ----a-w- c:\windows\system32\IVIresize.dll
2004-12-07 20:48:24 200704 ----a-w- c:\windows\system32\IVIresizeA6.dll
2004-12-07 20:48:24 192512 ----a-w- c:\windows\system32\IVIresizeP6.dll
2004-12-07 20:48:24 192512 ----a-w- c:\windows\system32\IVIresizeM6.dll
2004-12-07 20:48:24 188416 ----a-w- c:\windows\system32\IVIresizePX.dll
2004-12-07 20:48:15 0 d-----w- c:\program files\InterVideo
2004-12-07 20:47:49 221184 ----a-w- c:\windows\system32\wmpns.dll
2004-12-07 20:46:49 0 d-----w- c:\windows\RegisteredPackages
2004-12-07 20:46:27 81920 ----a-w- c:\windows\system32\WACntlPnl.cpl
2004-12-07 20:45:07 0 d-----w- c:\program files\common files\SureThing Shared
2004-12-07 20:43:27 0 d-----w- c:\program files\common files\TiVo Shared
2004-12-07 20:43:26 0 d-----w- c:\program files\Sonic
2004-12-07 20:41:59 0 d-----w- c:\program files\common files\Sonic Shared
2004-12-07 20:38:49 0 d--h--w- c:\windows\$hf_mig$
2004-12-07 20:38:13 1564 --sha-r- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion ze2000 (EC205UA#ABA)_YN_0Pavi_QCNF5371X0T_EU_46_I3096_SQuanta_V47.0D_BF.11_T050804_WXH2_L409_M1151_J40_7AMD_8Sempron_91.59_#041207_N10EC8139_(EC205UA#ABA)_XMOBILE_CN10_Z10024378_2Rev 1.MRK
2004-12-07 20:38:12 32356 ------w- c:\windows\system32\pusbfd1.sys
2004-12-07 20:38:12 26629 ------w- c:\windows\system32\pusbfd2.vxd
2004-12-07 20:38:12 0 d-----w- C:\swsetup
2004-12-07 20:36:45 65536 ----a-w- c:\windows\system32\hpqactn.dll
2004-12-07 20:36:45 425984 ----a-w- c:\windows\system32\hpqPres.dll
2004-12-07 20:36:45 32768 ----a-w- c:\windows\system32\eabhbrn8.dll
2004-12-07 20:36:45 225280 ----a-w- c:\windows\system32\cpqinfo.dll
2004-12-07 20:36:24 7432 ----a-w- c:\windows\system32\drivers\eabfiltr.sys
2004-12-07 20:36:24 5220 ----a-w- c:\windows\system32\drivers\EabUsb.sys
2004-12-07 20:35:59 120056 ------w- c:\windows\system32\pxcpyi64.exe
2004-12-07 20:35:58 118520 ------w- c:\windows\system32\pxinsi64.exe
2004-12-07 20:35:40 0 d-----w- c:\program files\muvee Technologies
2004-12-07 20:35:40 0 d-----w- c:\program files\common files\muvee Technologies
2004-12-07 20:34:52 0 d-----w- c:\program files\Zone.com
2004-12-07 20:31:24 15669 ----a-w- c:\windows\system32\oeminfo.ini
2004-12-07 20:30:13 86016 ----a-w- c:\windows\unvise32qt.exe
2004-12-07 20:30:04 0 d-----w- c:\windows\system32\QuickTime
2004-12-07 20:29:50 0 d-----w- c:\program files\iTunes
2004-12-07 20:29:50 0 d-----w- c:\program files\iPod
2004-12-07 20:29:34 0 d-----w- c:\windows\Downloaded Installations
2004-12-07 20:26:45 0 d-----w- c:\windows\system32\URTTemp
2004-12-07 20:22:57 5430 ----a-r- c:\windows\AG-Rose.ico
2004-12-07 20:22:57 4286 ----a-r- c:\windows\hpmusic.ico
2004-12-07 20:22:57 22198 ----a-r- c:\windows\system32\OEMLogo.bmp
2004-12-07 20:22:57 13942 ----a-r- c:\windows\accessories.ico
2004-12-07 20:22:55 5760056 ----a-r- c:\windows\Blue Sonic.bmp
2004-12-07 20:22:54 5760056 ----a-r- c:\windows\Crystal Rush.bmp
2004-12-07 20:22:48 5760056 ----a-r- c:\windows\Fractal Blue.bmp
2004-12-07 20:22:47 0 d-----w- c:\program files\HPQ
2004-12-07 20:22:16 176128 ----a-w- c:\windows\system32\bcmwlu00.EXE
2004-12-07 20:22:15 69632 ----a-w- c:\windows\system32\bcmwlD2K.EXE
2004-12-07 20:22:15 1950336 ----a-w- c:\windows\system32\drivers\BCMWL5.SYS
2004-12-07 20:21:41 9684 ----a-r- c:\windows\system32\atifglpf.xml
2004-12-07 20:21:41 81342 ----a-r- c:\windows\system32\atiicdxx.dat
2004-12-07 20:21:41 299008 ----a-r- c:\windows\system32\atiiiexx.dll
2004-12-07 20:21:25 0 d-----w- c:\program files\ATI Technologies
2004-12-07 20:20:39 69724 ----a-w- c:\windows\system32\SynTPFcs.dll
2004-12-07 20:20:38 90204 ----a-w- c:\windows\system32\SynTPAPI.dll
2004-12-07 20:20:38 82015 ----a-w- c:\windows\system32\SynCOM.dll
2004-12-07 20:20:38 81920 ----a-w- c:\windows\system32\SynTPCo2.dll
2004-12-07 20:20:38 191456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2004-12-07 20:20:38 114688 ----a-w- c:\windows\system32\SynCtrl.dll
2004-12-07 20:20:37 0 d-----w- c:\program files\Synaptics
2004-12-07 20:20:20 74496 ----a-w- c:\windows\system32\drivers\Rtlnicxp.sys
2004-12-07 20:20:20 0 d-----w- c:\windows\OPTIONS
2004-12-07 20:18:59 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2004-12-07 20:18:59 129536 ----a-w- c:\windows\system32\ksproxy.ax
2004-12-07 20:18:37 0 d-----w- c:\windows\system32\ReinstallBackups
2004-12-07 20:18:35 39424 ----a-w- c:\windows\system32\drivers\AmdK8.sys
2004-12-07 20:18:35 0 d-----w- c:\program files\AMD
2004-12-07 20:18:10 0 d-----w- c:\program files\CONEXANT
2004-12-07 20:18:04 86016 ----a-w- c:\windows\system32\mdmxsdk.dll
2004-12-07 20:18:04 39018 ----a-w- c:\windows\system32\hsfci012.dll
2004-12-07 20:18:04 200192 ----a-w- c:\windows\system32\drivers\HSFHWATI.sys
2004-12-07 20:18:04 13059 ----a-w- c:\windows\system32\drivers\mdmxsdk.sys
2004-12-07 20:18:04 129045 ----a-w- c:\windows\system32\drivers\HSFProf.cty
2004-12-07 20:18:04 1038208 ----a-w- c:\windows\system32\drivers\HSF_DP.sys
2004-12-07 20:18:03 703232 ----a-w- c:\windows\system32\drivers\HSF_CNXT.sys
2004-12-07 20:17:19 0 d-----w- C:\SYSTEM.SAV
2004-12-07 20:11:50 0 d-s---w- c:\windows\system32\Microsoft
2004-12-07 19:17:31 0 d-sh--w- c:\documents and settings\all users\DRM
2004-12-07 19:17:06 0 d--h--w- c:\program files\WindowsUpdate
2004-12-07 19:16:07 0 d-----w- c:\program files\common files\MSSoap
2004-12-07 19:14:30 0 d-----w- c:\program files\Online Services
2004-12-07 19:14:24 0 d-----w- c:\program files\Messenger
2004-12-07 19:14:20 0 d-----w- c:\program files\MSN Gaming Zone
2004-12-07 19:13:33 0 d-----w- c:\program files\Windows NT
2004-12-07 18:03:35 0 d-----w- c:\program files\common files\ODBC
2004-12-07 18:03:30 0 d-----w- c:\program files\common files\SpeechEngines
2004-12-07 18:00:53 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2009-12-31 16:50:03 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2009-12-21 19:14:05 916480 ----a-w- c:\windows\system32\wininet.dll
2009-12-16 18:43:27 343040 ----a-w- c:\windows\system32\mspaint.exe
2009-12-14 07:08:23 33280 ----a-w- c:\windows\system32\csrsrv.dll
2009-12-08 19:27:51 2189184 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-12-08 18:43:50 2066048 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-12-04 18:22:22 455424 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2009-11-27 17:11:44 17920 ----a-w- c:\windows\system32\msyuv.dll
2009-11-27 17:11:44 1291776 ----a-w- c:\windows\system32\quartz.dll
2009-11-27 16:07:35 8704 ----a-w- c:\windows\system32\tsbyuv.dll
2009-11-27 16:07:35 28672 ----a-w- c:\windows\system32\msvidc32.dll
2009-11-27 16:07:34 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-11-27 16:07:34 48128 ----a-w- c:\windows\system32\iyuv_32.dll
2009-11-27 16:07:34 11264 ----a-w- c:\windows\system32\msrle32.dll
2009-10-21 05:38:36 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 05:38:36 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 16:20:16 265728 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-15 16:28:26 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-10-15 16:28:26 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-10-13 10:30:16 270336 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:38:19 149504 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:38:18 79872 ----a-w- c:\windows\system32\raschap.dll
2009-09-11 14:18:39 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-04 21:03:36 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-08-26 08:00:21 247326 ----a-w- c:\windows\system32\strmdll.dll
2009-08-25 09:17:27 354816 ----a-w- c:\windows\system32\winhttp.dll
2009-08-14 13:21:25 1850624 ----a-w- c:\windows\system32\win32k.sys
2009-08-05 09:01:48 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-31 16:05:44 1372672 ------w- c:\windows\system32\msxml6.dll
2009-07-31 04:35:42 1172480 ----a-w- c:\windows\system32\msxml3.dll
2009-07-17 19:01:06 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-17 16:22:18 1435648 ----a-w- c:\windows\system32\query.dll
2009-07-13 16:08:14 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-25 08:25:26 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25:26 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25:26 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25:26 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25:26 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-24 11:18:41 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-12 12:31:39 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 15:19:38 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:14:49 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-05-07 15:32:35 345600 ----a-w- c:\windows\system32\localspl.dll
2009-04-15 14:51:25 585216 ----a-w- c:\windows\system32\rpcrt4.dll
2009-04-10 07:01:42 530280 ----a-w- c:\windows\system32\wmspdmod.dll
2009-03-08 10:34:30 43008 ----a-w- c:\windows\system32\licmgr10.dll
2009-03-08 10:33:40 18944 ----a-w- c:\windows\system32\corpol.dll
2009-03-08 10:33:06 420352 ----a-w- c:\windows\system32\vbscript.dll
2009-03-08 10:32:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-03-08 10:32:50 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-03-08 10:31:38 34816 ----a-w- c:\windows\system32\imgutil.dll
2009-03-08 10:31:18 48128 ----a-w- c:\windows\system32\mshtmler.dll
2009-03-08 10:31:02 45568 ----a-w- c:\windows\system32\mshta.exe
2009-03-08 10:22:38 156160 ----a-w- c:\windows\system32\msls31.dll
2009-03-06 14:22:18 284160 ----a-w- c:\windows\system32\pdh.dll
2009-02-09 12:10:48 714752 ----a-w- c:\windows\system32\ntdll.dll
2009-02-09 12:10:48 617472 ----a-w- c:\windows\system32\advapi32.dll
2009-02-09 12:10:48 473600 ----a-w- c:\windows\system32\wbem\fastprox.dll
2009-02-09 12:10:48 453120 ----a-w- c:\windows\system32\wbem\wmiprvsd.dll
2009-02-09 12:10:48 401408 ----a-w- c:\windows\system32\rpcss.dll
2009-02-06 11:11:05 110592 ----a-w- c:\windows\system32\services.exe
2009-02-06 10:39:08 35328 ----a-w- c:\windows\system32\sc.exe
2009-02-06 10:10:02 227840 ----a-w- c:\windows\system32\wbem\wmiprvse.exe
2008-10-23 12:36:14 286720 ----a-w- c:\windows\system32\gdi32.dll
2008-08-14 10:04:36 138496 ----a-w- c:\windows\system32\drivers\afd.sys
2008-07-07 20:26:58 253952 ----a-w- c:\windows\system32\es.dll
2008-06-24 16:43:16 74240 ----a-w- c:\windows\system32\mscms.dll
2008-06-20 17:46:57 245248 ----a-w- c:\windows\system32\mswsock.dll
2008-06-20 11:51:12 361600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2008-06-20 11:08:27 225856 ----a-w- c:\windows\system32\drivers\tcpip6.sys
2008-06-12 14:23:32 956928 ----a-w- c:\windows\system32\msdtctm.dll
2008-06-12 14:23:32 91648 ----a-w- c:\windows\system32\mtxoci.dll
2008-06-12 14:23:32 66560 ----a-w- c:\windows\system32\mtxclu.dll
2008-06-12 14:23:32 58880 ----a-w- c:\windows\system32\msdtclog.dll
2008-06-12 14:23:32 428032 ----a-w- c:\windows\system32\msdtcprx.dll
2008-06-12 14:23:32 161792 ----a-w- c:\windows\system32\msdtcuiu.dll
2008-06-10 17:37:02 1026048 ----a-w- c:\windows\system32\WMNetmgr.dll
2008-06-10 15:17:42 96768 ----a-w- c:\windows\system32\logagent.exe
2008-05-09 10:53:40 90112 ----a-w- c:\windows\system32\wshext.dll
2008-05-09 10:53:40 172032 ----a-w- c:\windows\system32\scrrun.dll
2008-05-09 10:53:39 180224 ----a-w- c:\windows\system32\scrobj.dll
2008-05-08 14:02:52 203136 ----a-w- c:\windows\system32\drivers\rmcast.sys
2008-05-08 11:24:44 155648 ----a-w- c:\windows\system32\wscript.exe
2008-05-07 09:07:23 135168 ----a-w- c:\windows\system32\cscript.exe
2008-04-14 11:42:38 11264 ----a-w- c:\windows\system32\spnpinst.exe
2008-04-14 11:42:06 985088 ----a-w- c:\windows\system32\setupapi.dll
2008-04-14 11:41:58 423936 ----a-w- c:\windows\system32\licdll.dll
2008-04-14 00:25:26 1804 ----a-w- c:\windows\system32\dcache.bin
2008-04-14 00:16:51 329728 ----a-w- c:\windows\system32\netsetup.exe
2008-04-14 00:13:22 92424 ----a-w- c:\windows\system32\rdpdd.dll
2008-04-14 00:13:22 87176 ----a-w- c:\windows\system32\rdpwsx.dll
2008-04-14 00:13:22 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2008-04-14 00:13:21 21896 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2008-04-14 00:13:21 12168 ----a-w- c:\windows\system32\tsddd.dll
2008-04-14 00:13:20 40840 ----a-w- c:\windows\system32\drivers\termdd.sys
2008-04-14 00:13:20 12040 ----a-w- c:\windows\system32\drivers\tdpipe.sys
2008-04-14 00:11:59 997376 ----a-w- c:\windows\system32\msgina.dll
2008-04-14 00:10:31 53279 ----a-w- c:\windows\system32\odbcji32.dll
2008-04-14 00:10:08 4126 ----a-w- c:\windows\system32\msdxmlc.dll
2008-04-14 00:10:06 3584 ----a-w- c:\windows\system32\msafd.dll

============= FINISH: 3:44:13.62 ===============

Also I've extracted Gmer from the zipped file, but nothing happens.

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 01 April 2010 - 08:23 PM

Hi dbteepo,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. welcome.gif
My name is sundavis, I will be helping you to deal with your Malware problems today.

Let's try to fix your connection problem. if still not working, please download the necessary file and transfer it to your sick computer via flash drive or usb.

Step1

1.Click on Start button.
2.Type Cmd into the run box.
3.Type the following bolded command one at a time in the Command Prompt, and then press Enter. After that, Restart the computer.

netsh int ip reset
netsh winsock reset



Open IE, select Tools > Internet Options. Select the Connections tab.
  1. If you are using LAN, click "LAN Settings" button. If you are using Dial-up or Virtual Private Network connection, select necessary connection and click "Settings" button.
  2. In the "Proxy Server" area, uncheck the check mark next to Use a proxy server for ....
  3. Click OK.
  4. Click Advanced tab and click on Reset button
  5. In the Reset Internet Explorer Settings dialog box, click Reset to confirm.
Step2
  1. If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  2. Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  3. Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  4. Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  5. Click Yes to allow Combofix to continue scanning for malware.
  6. When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply.
  7. Do not mouse click on Combofix while it is running. That may cause it to stall.
Step3

Please uninstall MBAM via Add/Remove Programs. Download and run this utility to clean leftovers--> mbam-clean.exe .

Please download Malwarebytes' Anti-Malware from Here or Here
  1. Double Click mbam-setup.exe to install the application.
  2. Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  3. If an update is found, it will download and install the latest version.
  4. Once the program has loaded, select "Perform Quick Scan", then click Scan.
  5. The scan may take some time to finish,so please be patient.
  6. When the scan is complete, click OK, then Show Results to view the results.
  7. Make sure that everything is checked, and click Remove Selected.
  8. When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  9. The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  10. C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  11. You can refer to this tutorial
Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.


In your next reply, please post back:


1.ComboFix log
2.MBAM log
3.New DDS log Thanks

Edited by sundavis, 01 April 2010 - 08:25 PM.


#5 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 04 April 2010 - 10:09 PM

Thanks for you help, that cleaned up alot of the spam. It was restarting every hour or so, so hopefully that's been fixed too. Here are the logs you asked for.

Attached Files



#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 05 April 2010 - 12:24 AM

Hi dbteepo,



Please uninstall outdated java (J2SE Runtime Environment 5.0 Update 2) via Add/Remove Programs and Go into the Control Panel (Classic View) and double-click the Java Icon. (looks like a coffee cup)

On the Update tab, click on Update Now buttons. When done, press Apply and OK the button. Then clear your java cache as instructed in this thread .


Step1
  1. Close any open browsers
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. Go to Here for your reference.
  3. Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text inside the code box below:
CODE
DDS::
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=pavilion&pf=laptop
File::
C:\Documents and Settings\All Users\Desktop\spam001.exe
C:\Documents and Settings\All Users\Desktop\spam003.exe
C:\Documents and Settings\All Users\Desktop\troj000.exe
Registry::
[-HKEY_CURRENT_USER\Software\Malware Defense]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Paladin Antivirus]
[-HKEY_CURRENT_USER\SOFTWARE\Paladin Antivirus]


Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop



Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you at "C:\ComboFix.txt". Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.


Step2
  1. Please download TFC to your desktop.
  2. Close any open windows. Double click the TFC icon to run the program.
  3. TFC will close all open programs itself in order to run.
  4. Click the Start button to begin the process.
  5. Allow TFC to run unhindered.
  6. The program should not take long to finish it's job
  7. Once its finished it should automatically reboot your machine,
  8. If it doesn't, manually reboot to ensure a complete clean

Step3

Please perform an online scan with Firefox or Internet Explorer at Kaspersky Online Scanner.
  1. Please go to Kaspersky Online Scanner and perform an online antivirus scan.
  2. Click Accept button on the "Requirements and limitations".
  3. When Java warning " The applcation digital signature has been verified. Do you want to run the application " appears, Click on "Run" button.
  4. It will be Downloading and installing the program and Updating the database.
  5. When Updating the database have finished, click on Settings.
  6. Make sure all boxes are checked. then click on the Save button.
  7. Click on My Computer under Scan menu. It will start scanning, so be patient and let it run.
  8. Once the scan is completed, Click on View Scan Report.
  9. You may see a list of infected items over there. Click on Save Report As.
  10. Click "Desktop" , Name the file as "KAS", Change the Files of type to Text file (.txt) and Click on Save button.
  11. Please post the contents in your next reply.
  12. You can refer to this animation

Note for Internet Explorer 8 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.

In your next reply, please post back:

1.ComboFix log
2.Kas Online Scan Report.

Tell me if you have any remaining issues on your pc.

#7 dbteepo

dbteepo
  • Topic Starter

  • Members
  • 42 posts
  • OFFLINE
  •  
  • Local time:02:11 AM

Posted 05 April 2010 - 10:10 PM

Thanks, Kaspersky reported some things back to me. Looks like it's going to take a little more.

Attached Files



#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 05 April 2010 - 10:25 PM

Hi dbteepo,



As far as those infected objects listed in the Kaspersky report, those can be safely removed in ComboFix's quarantine folder or in old System Restore Caches, which we will be taking care of now.

Other than that, your system appears to be clean now. thumbup.gif If you have no remaining issues on your pc, let's do some tidy up and you should be good to go.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the x and the /Uninstall, it needs to be there.



This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.


Step2

Download OTC by OldTimer and save it to your desktop.
  1. Double click OTC and let it run
  2. Then Click the Cleanup button.
  3. You will get a prompt saying "Being Cleanup Process". Please select Yes.
  4. Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:
  1. Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  2. Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  3. Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!


#9 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:11 AM

Posted 13 April 2010 - 06:34 PM

Since this issue appears resolved ... this Topic is closed.

Glad to have helped.

Everyone else please begin a New Topic.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users