Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected with Backdoor.Tidserv!inf


  • This topic is locked This topic is locked
2 replies to this topic

#1 jimdav52

jimdav52

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Phoenix, AZ
  • Local time:03:41 PM

Posted 03 June 2010 - 08:42 AM

I seem to be infected with this Backdoor thing and wanted to make sure it was okay to delete this file A0011537.sys or please help me to clean my computer. Thanks in advance. I am posting and attaching required scan logs.

DDS.txt logs


DDS (Ver_10-03-17.01) - NTFSx86
Run by Jim Davolt at 6:07:06.04 on Thu 06/03/2010
Internet Explorer: 8.0.6001.18702
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.640.267 [GMT -7:00]

AV: Emsisoft Anti-Malware *On-access scanning disabled* (Updated) {0F8591BB-342B-4493-91C3-4E948ED21255}
AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Program Files\Emsisoft Anti-Malware\a2service.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Symantec AntiVirus\vpc32.exe
C:\Program Files\SlimBrowser\sbrowser.exe
C:\Documents and Settings\Jim Davolt\Local Settings\Temporary Internet Files\Content.IE5\V9ESN6GW\dds[1].scr

============== Pseudo HJT Report ===============

uStart Page = www.google.com
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: RoboForm: {724d43a9-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: &RoboForm: {724d43a0-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\roboform.dll
TB: {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No File
EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File
uRun: [RoboForm] "c:\program files\siber systems\ai roboform\RoboTaskBarIcon.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [a-squared] "c:\program files\emsisoft anti-malware\a2guard.exe" /d=60
IE: Customize Menu - file://c:\program files\siber systems\ai roboform\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F46} - c:\program files\siber systems\ai roboform\RoboFormComFillForms.html
IE: {320AF880-6646-11D3-ABEE-C5DBF3571F49} - c:\program files\siber systems\ai roboform\RoboFormComSavePass.html
IE: {724d43aa-0d85-11d4-9908-00400523e39a} - c:\program files\siber systems\ai roboform\RoboFormComShowToolbar.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1273598677334
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1273602163171
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Notify: NavLogon - c:\windows\system32\NavLogon.dll

============= SERVICES / DRIVERS ===============

R1 a2injectiondriver;a2injectiondriver;c:\program files\emsisoft anti-malware\a2dix86.sys [2010-6-2 39576]
R1 a2util;a-squared Malware-IDS utility driver;c:\program files\emsisoft anti-malware\a2util32.sys [2010-6-2 11776]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-2-4 324232]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-2-4 53896]
R2 a2AntiMalware;Emsisoft Anti-Malware 5.0 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2010-6-2 1916080]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-4-8 185968]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-4-8 161392]
R2 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-4-17 1706176]
R3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2010-6-2 71008]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20100528.002\naveng.sys [2010-5-28 85552]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20100528.002\navex15.sys [2010-5-28 1347504]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-5-11 135664]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-4-8 83568]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-4-17 124608]

=============== Created Last 30 ================

2010-06-03 13:04:43 0 ----a-w- c:\documents and settings\jim davolt\defogger_reenable
2010-06-02 19:33:59 0 d-----w- c:\program files\Emsisoft Anti-Malware
2010-06-02 19:32:26 0 d-----w- c:\windows\SxsCaPendDel
2010-06-02 19:04:55 0 d-----w- c:\docume~1\jimdav~1\applic~1\WinPatrol
2010-06-02 19:04:41 0 d-----w- c:\program files\BillP Studios
2010-06-02 15:52:21 95024 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2010-05-31 19:35:56 0 d-----w- c:\program files\Cruise Clues - Caribbean Adventure
2010-05-31 19:02:35 0 d-----w- c:\program files\Faded Reality
2010-05-31 18:58:29 0 d-----w- c:\program files\Special Enquiry Detail - The Hand that Feeds
2010-05-31 14:53:34 0 d-----w- c:\docume~1\jimdav~1\applic~1\Boomzap
2010-05-31 14:47:56 0 d-----w- c:\program files\Antique Road Trip USA
2010-05-31 12:06:47 0 d-----w- c:\docume~1\jimdav~1\applic~1\Paige Harper and the Tome of Mystery
2010-05-31 04:12:22 0 d-----w- c:\program files\Banner Maker Pro 7
2010-05-31 03:47:01 0 d-----w- c:\docume~1\alluse~1\applic~1\Zylom
2010-05-31 03:46:40 0 d-----w- c:\program files\Zylom Games
2010-05-27 15:58:41 0 d-----w- c:\program files\Speccy
2010-05-27 15:33:11 0 d-----w- c:\program files\VDownloader
2010-05-24 20:29:58 3249 ----a-w- c:\windows\system32\wbem\Outlook_01cafb7fe069cff0.mof
2010-05-19 17:25:14 5632 ----a-w- c:\windows\system32\ptpusb.dll
2010-05-19 17:25:14 15104 -c--a-w- c:\windows\system32\dllcache\usbscan.sys
2010-05-19 17:25:14 15104 ----a-w- c:\windows\system32\drivers\usbscan.sys
2010-05-19 17:25:10 159232 ----a-w- c:\windows\system32\ptpusd.dll
2010-05-17 23:07:11 26368 -c--a-w- c:\windows\system32\dllcache\usbstor.sys
2010-05-17 20:25:25 0 d-sh--w- c:\docume~1\jimdav~1\applic~1\.#
2010-05-17 20:25:07 0 d-----w- c:\program files\Folder Lock 6
2010-05-17 01:06:19 1089593 -c----w- c:\windows\system32\dllcache\ntprint.cat
2010-05-17 00:16:37 0 d-----w- c:\docume~1\jimdav~1\applic~1\PhotoFiltre Studio X
2010-05-17 00:15:59 0 d-----w- c:\program files\PhotoFiltre Studio X
2010-05-16 07:22:52 0 d-----w- c:\windows\system32\XPSViewer
2010-05-16 07:21:39 89088 -c----w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2010-05-16 07:21:39 117760 ------w- c:\windows\system32\prntvpt.dll
2010-05-16 07:21:38 597504 -c----w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2010-05-16 07:21:38 575488 -c----w- c:\windows\system32\dllcache\xpsshhdr.dll
2010-05-16 07:21:38 575488 ------w- c:\windows\system32\xpsshhdr.dll
2010-05-16 07:21:37 1676288 -c----w- c:\windows\system32\dllcache\xpssvcs.dll
2010-05-16 07:21:37 1676288 ------w- c:\windows\system32\xpssvcs.dll
2010-05-16 07:21:36 0 d-----w- C:\277f2611476a29883213bc821f612bb0
2010-05-15 22:12:56 38 ----a-w- c:\windows\AviSplitter.INI
2010-05-15 03:34:13 0 d-----w- c:\program files\FreeTime
2010-05-13 13:12:46 0 d-----w- c:\windows\system32\LogFiles
2010-05-12 21:30:02 86016 ----a-w- c:\windows\unvise32.exe
2010-05-12 18:56:32 0 d-----w- c:\docume~1\alluse~1\applic~1\TreeCardGames
2010-05-12 18:56:31 0 d-----w- c:\docume~1\jimdav~1\applic~1\SolSuite
2010-05-12 18:55:26 0 d-----w- c:\program files\SolSuite
2010-05-12 18:34:42 0 d-----w- c:\docume~1\jimdav~1\applic~1\BitTorrent
2010-05-12 18:32:04 0 d-----w- c:\program files\BitTorrent
2010-05-12 18:30:24 0 d-----w- c:\program files\CCleaner
2010-05-12 17:56:02 114 ----a-w- c:\documents and settings\jim davolt\default.pls
2010-05-12 17:53:25 116 ----a-w- c:\windows\NeroDigital.ini
2010-05-12 16:06:19 0 d-sh--w- c:\documents and settings\jim davolt\IECompatCache
2010-05-12 15:53:07 47645 ------w- c:\windows\UNNMP.cfg
2010-05-12 15:53:05 2277376 ------w- c:\windows\UNNMP.exe
2010-05-12 15:50:21 155648 ----a-w- c:\windows\system32\NeroCheck.exe
2010-05-12 15:48:03 137588 ------w- c:\windows\UNNeroVision.cfg
2010-05-12 15:48:01 2465792 ------w- c:\windows\UNNeroVision.exe
2010-05-12 15:48:01 24064 ------w- c:\windows\system32\msxml3a.dll
2010-05-12 15:46:54 364544 ------w- c:\windows\system32\TwnLib4.dll
2010-05-12 15:46:53 476320 ------w- c:\windows\system32\ImagXpr7.dll
2010-05-12 15:46:53 471040 ------w- c:\windows\system32\ImagXRA7.dll
2010-05-12 15:46:53 262144 ------w- c:\windows\system32\ImagXR7.dll
2010-05-12 15:46:53 1568768 ------w- c:\windows\system32\ImagX7.dll
2010-05-12 15:46:52 38912 ------w- c:\windows\system32\picn20.dll
2010-05-12 15:46:52 106496 ----a-w- c:\windows\system32\TwnLib20.dll
2010-05-12 15:42:04 30568 ----a-w- c:\windows\system32\mdimon.dll
2010-05-12 15:34:04 0 d-----w- c:\windows\SHELLNEW
2010-05-12 12:25:36 274288 ----a-w- c:\windows\system32\mucltui.dll
2010-05-12 12:25:36 16736 ----a-w- c:\windows\system32\mucltui.dll.mui
2010-05-12 01:07:39 0 d-----w- c:\windows\system32\appmgmt
2010-05-11 22:52:48 88566 ----a-w- c:\windows\system32\nvapps.xml
2010-05-11 22:52:46 208896 ----a-w- c:\windows\system32\nvudisp.exe
2010-05-11 22:52:46 17056 ----a-w- c:\windows\system32\nvdisp.nvu
2010-05-11 22:52:46 0 d-----w- c:\windows\nview
2010-05-11 22:51:49 208896 ----a-w- c:\windows\system32\NVUNINST.EXE
2010-05-11 22:51:25 0 d-----w- C:\NVIDIA
2010-05-11 22:38:11 0 d-----w- c:\windows\system32\Adobe
2010-05-11 21:38:26 0 d-----w- c:\windows\system32\scripting
2010-05-11 21:38:23 0 d-----w- c:\windows\l2schemas
2010-05-11 21:38:22 0 d-----w- c:\windows\system32\en
2010-05-11 21:29:28 0 d-----w- c:\windows\network diagnostic
2010-05-11 21:08:55 5290 -c----w- c:\windows\system32\dllcache\vidsamp.gif
2010-05-11 21:07:56 375519 -c----w- c:\windows\system32\dllcache\nuskin.wmv
2010-05-11 21:06:59 61440 ------w- c:\windows\system32\kmsvc.dll
2010-05-11 21:05:59 39936 ------w- c:\windows\system32\dimsroam.dll
2010-05-11 20:26:30 0 d-sh--w- c:\documents and settings\jim davolt\PrivacIE
2010-05-11 20:22:40 0 d-sh--w- c:\documents and settings\jim davolt\IETldCache
2010-05-11 20:10:31 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2010-05-11 20:10:30 594432 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2010-05-11 20:10:30 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2010-05-11 20:10:29 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2010-05-11 20:10:29 1985536 -c----w- c:\windows\system32\dllcache\iertutil.dll
2010-05-11 20:10:28 11070976 -c----w- c:\windows\system32\dllcache\ieframe.dll
2010-05-11 20:10:20 0 d-----w- c:\windows\ie8updates
2010-05-11 20:10:12 64000 -c----w- c:\windows\system32\dllcache\iecompat.dll
2010-05-11 20:08:19 0 dc-h--w- c:\windows\ie8
2010-05-11 19:55:03 0 d-----w- c:\program files\Microsoft CAPICOM 2.1.0.2
2010-05-11 19:51:45 455680 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2010-05-11 19:50:44 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-05-11 19:50:20 353792 -c----w- c:\windows\system32\dllcache\srv.sys
2010-05-11 19:48:47 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2010-05-11 19:48:47 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2010-05-11 19:48:37 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2010-05-11 19:45:19 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2010-05-11 19:43:53 2066432 -c----w- c:\windows\system32\dllcache\mstscax.dll
2010-05-11 19:43:41 128512 -c----w- c:\windows\system32\dllcache\dhtmled.ocx
2010-05-11 19:41:09 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2010-05-11 19:41:08 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2010-05-11 19:41:07 110592 -c----w- c:\windows\system32\dllcache\services.exe
2010-05-11 19:41:06 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2010-05-11 19:41:06 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2010-05-11 19:41:05 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2010-05-11 19:41:03 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2010-05-11 19:41:02 714752 -c----w- c:\windows\system32\dllcache\ntdll.dll
2010-05-11 19:41:02 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2010-05-11 19:40:59 2146304 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2010-05-11 19:40:57 2189952 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2010-05-11 19:40:54 2024448 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2010-05-11 19:40:45 2560 ------w- c:\windows\system32\xpsp4res.dll
2010-05-11 19:40:44 1206508 -c----w- c:\windows\system32\dllcache\sysmain.sdb
2010-05-11 19:40:43 215552 -c----w- c:\windows\system32\dllcache\wordpad.exe
2010-05-11 19:39:13 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2010-05-11 19:39:09 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2010-05-11 19:37:42 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2010-05-11 19:37:36 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2010-05-11 19:13:20 0 d-----w- c:\windows\system32\wbem\AutoRecover
2010-05-11 19:07:53 316640 ----a-w- c:\windows\WMSysPr9.prx
2010-05-11 19:05:57 0 d-----w- c:\windows\peernet
2010-05-11 19:05:55 0 d-----w- c:\windows\provisioning
2010-05-11 19:00:46 0 d-----w- c:\windows\ServicePackFiles
2010-05-11 18:55:38 0 d-----w- c:\windows\system32\ReinstallBackups
2010-05-11 18:51:16 0 d-----w- c:\windows\EHome
2010-05-11 18:39:07 11264 ------w- c:\windows\system32\spnpinst.exe
2010-05-11 18:39:06 7208 ------w- c:\windows\system32\secupd.sig
2010-05-11 18:39:06 67866 ------w- c:\windows\system32\drivers\netwlan5.img
2010-05-11 18:39:06 4569 ------w- c:\windows\system32\secupd.dat
2010-05-11 17:31:45 0 ----a-w- c:\windows\vpc32.INI
2010-05-11 17:30:15 0 d-s---w- c:\windows\system32\Microsoft
2010-05-11 17:29:38 0 d-----w- c:\windows\system32\PreInstall
2010-05-11 17:29:36 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2010-05-11 17:29:34 0 d--h--w- c:\windows\$hf_mig$
2010-05-11 17:28:34 0 d-----w- c:\windows\system32\bits
2010-05-11 17:28:15 8192 ------w- c:\windows\system32\bitsprx2.dll
2010-05-11 17:28:15 7168 ------w- c:\windows\system32\bitsprx3.dll
2010-05-11 17:28:15 438784 ------w- c:\windows\system32\xpob2res.dll
2010-05-11 17:28:15 354816 ----a-w- c:\windows\system32\winhttp.dll
2010-05-11 17:28:15 18944 ----a-w- c:\windows\system32\qmgrprxy.dll
2010-05-11 17:25:13 21728 ----a-w- c:\windows\system32\wucltui.dll.mui
2010-05-11 17:25:13 17632 ----a-w- c:\windows\system32\wuaueng.dll.mui
2010-05-11 17:25:12 217816 ----a-w- c:\windows\system32\wuaucpl.cpl
2010-05-11 17:25:12 15072 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2010-05-11 17:25:12 15064 ----a-w- c:\windows\system32\wuapi.dll.mui
2010-05-11 17:24:34 0 d-sh--w- c:\documents and settings\jim davolt\UserData
2010-05-11 16:58:41 0 d-----w- c:\program files\Siber Systems
2010-05-11 16:58:33 0 d-----w- c:\docume~1\jimdav~1\applic~1\SlimBrowser
2010-05-11 16:56:44 0 d-----w- c:\program files\SlimBrowser
2010-05-11 16:52:35 0 d-----w- c:\program files\Symantec
2010-05-11 16:52:26 0 d-----w- c:\program files\Symantec AntiVirus
2010-05-11 16:52:26 0 d-----w- c:\program files\common files\Symantec Shared
2010-05-11 16:52:26 0 d-----w- c:\docume~1\alluse~1\applic~1\Symantec
2010-05-11 16:29:20 0 d-sh--w- c:\documents and settings\all users\DRM
2010-05-11 16:27:17 0 d-----w- c:\program files\common files\MSSoap
2010-05-11 16:25:55 0 d--h--w- c:\program files\WindowsUpdate
2010-05-11 16:25:55 0 d-----w- c:\program files\Online Services
2010-05-11 16:25:49 0 d-----w- c:\program files\Messenger
2010-05-11 16:25:43 0 d-----w- c:\program files\MSN Gaming Zone
2010-05-11 16:24:53 0 d-----w- c:\program files\Windows NT
2010-05-11 08:11:52 0 d-----w- c:\program files\common files\ODBC
2010-05-11 08:11:48 0 d-----w- c:\program files\common files\SpeechEngines
2010-05-11 08:11:19 0 d-----r- c:\documents and settings\all users\Documents

==================== Find3M ====================

2094-01-20 03:55:14 48268 ----a-w- c:\windows\fonts\Anke Print.TTF
2012-12-18 08:11:34 9056 ----a-w- c:\windows\fonts\NothingNet.ttf
2010-06-02 13:50:40 8832 ----a-w- c:\windows\system32\drivers\rasacd.sys
2010-06-01 13:00:59 2678 ----a-w- c:\windows\fonts\abacl___.PFM
2010-06-01 13:00:56 2301 ----a-w- c:\windows\fonts\abace___.PFM
2010-06-01 13:00:52 2674 ----a-w- c:\windows\fonts\abacb___.PFM
2010-06-01 13:00:49 2670 ----a-w- c:\windows\fonts\abac____.PFM
2010-06-01 13:00:46 2280 ----a-w- c:\windows\fonts\ababi___.PFM
2010-06-01 13:00:43 2062 ----a-w- c:\windows\fonts\abab____.PFM
2010-06-01 13:00:41 2229 ----a-w- c:\windows\fonts\aba_____.PFM
2010-06-01 12:59:45 3573 ----a-w- c:\windows\fonts\ysi_____.PFM
2010-06-01 12:59:30 2381 ----a-w- c:\windows\fonts\wlmi____.PFM
2010-06-01 12:59:28 2363 ----a-w- c:\windows\fonts\wlm_____.PFM
2010-06-01 12:59:25 2236 ----a-w- c:\windows\fonts\wli_____.PFM
2010-06-01 12:59:22 2409 ----a-w- c:\windows\fonts\wl______.PFM
2010-06-01 12:59:09 2613 ----a-w- c:\windows\fonts\wds_____.PFM
2010-06-01 12:57:56 2224 ----a-w- c:\windows\fonts\svi_____.PFM
2010-06-01 12:57:54 2236 ----a-w- c:\windows\fonts\svbi____.PFM
2010-06-01 12:57:51 2458 ----a-w- c:\windows\fonts\svb_____.PFM
2010-06-01 12:57:48 2517 ----a-w- c:\windows\fonts\sv______.PFM
2010-06-01 12:57:38 2003 ----a-w- c:\windows\fonts\strxi___.PFM
2010-06-01 12:57:35 2065 ----a-w- c:\windows\fonts\strx____.PFM
2010-06-01 12:57:30 2225 ----a-w- c:\windows\fonts\strl____.PFM
2010-06-01 12:57:25 2216 ----a-w- c:\windows\fonts\stri____.PFM
2010-06-01 12:57:22 2220 ----a-w- c:\windows\fonts\strbi___.PFM
2010-06-01 12:57:20 2382 ----a-w- c:\windows\fonts\strb____.PFM
2010-06-01 12:57:17 2385 ----a-w- c:\windows\fonts\str_____.PFM
2010-06-01 12:56:56 2832 ----a-w- c:\windows\fonts\spwi____.PFM
2010-06-01 12:56:54 2610 ----a-w- c:\windows\fonts\spwb____.PFM
2010-06-01 12:56:51 2497 ----a-w- c:\windows\fonts\spw_____.PFM
2010-06-01 12:56:47 2754 ----a-w- c:\windows\fonts\spti____.PFM
2010-06-01 12:56:45 2456 ----a-w- c:\windows\fonts\sptb____.PFM
2010-06-01 12:56:42 2527 ----a-w- c:\windows\fonts\spt_____.PFM
2010-06-01 12:56:38 2805 ----a-w- c:\windows\fonts\spri____.PFM
2010-06-01 12:56:36 2815 ----a-w- c:\windows\fonts\sprb____.PFM
2010-06-01 12:56:33 2470 ----a-w- c:\windows\fonts\spr_____.PFM
2010-06-01 12:55:58 2746 ----a-w- c:\windows\fonts\spoi____.PFM
2010-06-01 12:55:56 2444 ----a-w- c:\windows\fonts\spob____.PFM
2010-06-01 12:55:52 2459 ----a-w- c:\windows\fonts\spo_____.PFM
2010-06-01 12:55:49 2844 ----a-w- c:\windows\fonts\spfi____.PFM
2010-06-01 12:55:46 2578 ----a-w- c:\windows\fonts\spfb____.PFM
2010-06-01 12:55:44 2605 ----a-w- c:\windows\fonts\spf_____.PFM
2010-06-01 12:54:13 2153 ----a-w- c:\windows\fonts\sabsc___.PFM
2010-06-01 12:54:10 2435 ----a-w- c:\windows\fonts\sabs____.PFM
2010-06-01 12:54:07 2442 ----a-w- c:\windows\fonts\sabos___.PFM
2010-06-01 12:54:05 2407 ----a-w- c:\windows\fonts\saboi___.PFM
2010-06-01 12:54:02 2400 ----a-w- c:\windows\fonts\sabi____.PFM
2010-06-01 12:53:59 2469 ----a-w- c:\windows\fonts\sab_____.PFM
2010-06-01 12:53:53 2349 ----a-w- c:\windows\fonts\RONDO___.PFM
2010-06-01 12:52:52 2774 ----a-w- c:\windows\fonts\pysi____.PFM
2010-06-01 12:52:49 2840 ----a-w- c:\windows\fonts\pys_____.PFM
2010-06-01 12:52:47 2744 ----a-w- c:\windows\fonts\pyli____.PFM
2010-06-01 12:52:42 2834 ----a-w- c:\windows\fonts\pyl_____.PFM
2010-06-01 12:52:40 2820 ----a-w- c:\windows\fonts\pyi_____.PFM
2010-06-01 12:52:37 2807 ----a-w- c:\windows\fonts\pyei____.PFM
2010-06-01 12:52:34 2925 ----a-w- c:\windows\fonts\pye_____.PFM
2010-06-01 12:52:30 2576 ----a-w- c:\windows\fonts\pybi____.PFM
2010-06-01 12:52:27 2746 ----a-w- c:\windows\fonts\pyb_____.PFM
2010-06-01 12:52:24 2717 ----a-w- c:\windows\fonts\py______.PFM
2010-06-01 12:51:41 2659 ----a-w- c:\windows\fonts\pol_____.PFM
2010-06-01 12:51:15 3456 ----a-w- c:\windows\fonts\plt_____.PFM
2010-06-01 12:50:46 2182 ----a-w- c:\windows\fonts\plccb___.PFM
2010-06-01 12:50:44 2310 ----a-w- c:\windows\fonts\plcc____.PFM
2010-06-01 12:49:48 2471 ----a-w- c:\windows\fonts\phubi___.PFM
2010-06-01 12:49:43 2389 ----a-w- c:\windows\fonts\phub____.PFM
2010-06-01 12:49:40 2457 ----a-w- c:\windows\fonts\phsbi___.PFM
2010-06-01 12:49:37 2387 ----a-w- c:\windows\fonts\phsb____.PFM
2010-06-01 12:49:35 2417 ----a-w- c:\windows\fonts\phrg____.PFM
2010-06-01 12:49:31 2472 ----a-w- c:\windows\fonts\phi_____.PFM
2010-06-01 12:49:28 2424 ----a-w- c:\windows\fonts\phbi____.PFM
2010-06-01 12:49:26 2394 ----a-w- c:\windows\fonts\phb_____.PFM
2010-06-01 12:49:13 2691 ----a-w- c:\windows\fonts\pertl___.PFM
2010-06-01 12:49:11 2667 ----a-w- c:\windows\fonts\pertb___.PFM
2010-06-01 12:49:08 2674 ----a-w- c:\windows\fonts\pert____.PFM
2010-06-01 12:47:58 2482 ----a-w- c:\windows\fonts\oebi____.PFM
2010-06-01 12:47:55 2412 ----a-w- c:\windows\fonts\oeb_____.PFM
2010-06-01 12:47:33 2469 ----a-w- c:\windows\fonts\nrr_____.PFM
2010-06-01 12:47:30 2436 ----a-w- c:\windows\fonts\nri_____.PFM
2010-06-01 12:47:28 2492 ----a-w- c:\windows\fonts\nrbi____.PFM
2010-06-01 12:47:25 2506 ----a-w- c:\windows\fonts\nrb_____.PFM
2010-06-01 12:47:22 2677 ----a-w- c:\windows\fonts\npli____.PFM
2010-06-01 12:47:20 2681 ----a-w- c:\windows\fonts\nplbi___.PFM
2010-06-01 12:47:17 2675 ----a-w- c:\windows\fonts\nplb____.PFM
2010-06-01 12:47:14 2670 ----a-w- c:\windows\fonts\npl_____.PFM
2010-06-01 12:47:10 2303 ----a-w- c:\windows\fonts\nmwdi___.PFM
2010-06-01 12:47:05 2119 ----a-w- c:\windows\fonts\nmexi___.PFM
2010-06-01 12:46:52 2243 ----a-w- c:\windows\fonts\nmbi____.PFM
2010-06-01 12:46:46 2666 ----a-w- c:\windows\fonts\nimi____.PFM
2010-06-01 12:46:40 2670 ----a-w- c:\windows\fonts\nimbi___.PFM
2010-06-01 12:46:35 2664 ----a-w- c:\windows\fonts\nimb____.PFM
2010-06-01 12:46:32 2659 ----a-w- c:\windows\fonts\nim_____.PFM
2010-06-01 12:46:29 2675 ----a-w- c:\windows\fonts\ngoi____.PFM
2010-06-01 12:46:13 2685 ----a-w- c:\windows\fonts\ngocb___.PFM
2010-06-01 12:46:10 2681 ----a-w- c:\windows\fonts\ngoc____.PFM
2010-06-01 12:46:07 2673 ----a-w- c:\windows\fonts\ngob____.PFM
2010-06-01 12:45:59 2440 ----a-w- c:\windows\fonts\ngo_____.PFM
2010-06-01 12:45:45 2433 ----a-w- c:\windows\fonts\nclb____.PFM
2010-06-01 12:45:41 2404 ----a-w- c:\windows\fonts\ncl_____.PFM
2010-06-01 12:45:26 2511 ----a-w- c:\windows\fonts\mtci____.PFM
2010-06-01 12:45:23 2497 ----a-w- c:\windows\fonts\mtc_____.PFM

============= FINISH: 6:09:09.60 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 jimdav52

jimdav52
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Location:Phoenix, AZ
  • Local time:03:41 PM

Posted 05 June 2010 - 10:18 AM

Thanks everyone but you can close this one out. I decided last night to just reformat my computer and wipe it out that way...

#3 Noviciate

Noviciate

  • Malware Response Team
  • 5,277 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Numpty HQ
  • Local time:10:41 PM

Posted 05 June 2010 - 01:49 PM

Thanks for letting us know. As the issue has been resolved this thread is now closed.

So long, and thanks for all the fish.

 

 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users