Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Trojan attack


  • This topic is locked This topic is locked
2 replies to this topic

#1 nbkj651

nbkj651

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:03 PM

Posted 21 August 2011 - 01:23 AM

I believe I am the victim of a Trojan. I am unable to access the internet us my XP professional desktop, in fact it seems IE and my Norton are gone. I get a dialog box with the following message "Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item. I am sending this via an old laptop.

SDFix: Version 1.240
Run by Wi nston on Sat 08/20/2011 at 10:29 PM

Microsoft Windows XP [Version 5.1.2600]
Running From: C:\SDFix

Checking Services :


Restoring Default Security Values
Restoring Default Hosts File

Rebooting


Checking Files :

Trojan Files Found:

C:\WINDOWS\LOADER~1.EXE - Deleted
C:\WINDOWS\services32.exe - Deleted





Removing Temp Files

ADS Check :



Final Check :

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-20 22:36:35
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:00000090
"TracesSuccessful"=dword:00000001

scanning hidden files ...

C:\WINDOWS\4121522543:2425247242.exe 816 bytes executable
C:\WINDOWS\$NtUninstallKB14715$:SummaryInformation 0 bytes hidden from API
C:\WINDOWS\$NtUninstallKB14715$\1869720053
C:\WINDOWS\$NtUninstallKB14715$\1869720053\click(2).tlb 2144 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\click.tlb 2144 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\L
C:\WINDOWS\$NtUninstallKB14715$\1869720053\L\akygdmgo 64512 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\loader.tlb 2540 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@00000001 41360 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@000000c0 2560 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@000000cb 2048 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@000000cf 1536 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@80000000 25600 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@800000c0 33280 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@800000cb 27648 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\U\@800000cf 27648 bytes
C:\WINDOWS\$NtUninstallKB14715$\1869720053\{1B372133-BFFA-4dba-9CCF-5474BED6A9F6} 2048 bytes
C:\WINDOWS\$NtUninstallKB14715$\236903399 0 bytes

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 19


Remaining Services :




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\System32\\javaw.exe"="%WINDIR%\\System32\\javaw.exe:*:enabled:JavaW"
"%windir%\\System32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\_integra\\bin\\ccmada.exe"="c:\\_integra\\bin\\ccmada.exe:*:enabled:CCM Auto"
"C:\\_integra\\bin\\ccmagent.exe"="c:\\_integra\\bin\\ccmagent.exe:*:enabled:CCM Agent"
"C:\\Documents and Settings\\IBM User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"="C:\\Documents and Settings\\Wi nston\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe:*:Enabled:Google Talk Plugin"
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"="C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe:*:Enabled:EasyShare"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
"C:\\Program Files\\Norton Security Suite\\Engine\\4.0.0.127\\ccSvcHst.exe"="C:\\Program Files\\Norton Security Suite\\Engine\\4.0.0.127\\ccSvcHst.exe:*:Enabled:Symantec Service Framework"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\WINDOWS\\system32\\dlcicoms.exe"="C:\\WINDOWS\\system32\\dlcicoms.exe:*:Enabled:Dell 946 Server"
"C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcipswx.exe"="C:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\dlcipswx.exe:*:Enabled:Dell 946 Printer Status"
"C:\\WINDOWS\\services32.exe"="C:\\WINDOWS\\services32.exe:*:Enabled:C:\\WINDOWS\\services32.exe"
"C:\\WINDOWS\\update.1\\svchost.exe"="C:\\WINDOWS\\update.1\\svchost.exe:*:Enabled:C:\\WINDOWS\\update.1\\svchost.exe"
"C:\\WINDOWS\\update.tray-10-0\\svchost.exe"="C:\\WINDOWS\\update.tray-10-0\\svchost.exe:*:Enabled:C:\\WINDOWS\\update.tray-10-0\\svchost.exe"
"C:\\WINDOWS\\update.2\\svchost.exe"="C:\\WINDOWS\\update.2\\svchost.exe:*:Enabled:C:\\WINDOWS\\update.2\\svchost.exe"
"C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"="C:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe:*:Enabled:WebKit"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\\System32\\javaw.exe"="%WINDIR%\\System32\\javaw.exe:*:JavaW"
"%windir%\\System32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\_integra\\bin\\ccmada.exe"="c:\\_integra\\bin\\ccmada.exe:*:enabled:CCM Auto"
"C:\\_integra\\bin\\ccmagent.exe"="c:\\_integra\\bin\\ccmagent.exe:*:enabled:CCM Agent"
"C:\\Program Files\\funk software\\proxy host\\ph32svc.exe"="c:\\program files\\funk software\\proxy host\\ph32svc.exe:*:Funk Proxy"
"C:\\Program Files\\mci\\rmo\\jre\\bin\\javaw.exe"="c:\\program files\\mci\\rmo\\jre\\bin\\javaw.exe:*:Resource MGR Java"
"C:\\Program Files\\mci\\rmo\\rmo.exe"="c:\\program files\\mci\\rmo\\rmo.exe:*:Resource MGR Office"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program files\\Messenger\\msmsgs.exe:*:enabled:Windows Messenger"
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Program Files\\witness systems\\equality agent\\wcap32.exe"="c:\\program files\\witness systems\\equality agent\\wcap32.exe:*:Capture"
"C:\\RM-Mobile\\Mobile.exe"="C:\\RM-Mobile\\Mobile.exe:*:Resource MGR Mobile"
"C:\\Winnt\\PCHealth\\HelpCtr\\Binaries\\helpsvc.exe"="C:\\Winnt\\PCHealth\\HelpCtr\\Binaries\\helpsvc.exe:*:enabled:Offer Remote Assistance"

Remaining Files :


File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes :

Sun 13 Apr 2008 60,416 A.SH. --- "C:\Program Files\Outlook Express\msimn.exe"
Sat 20 Aug 2011 1,216,000 ...H. --- "C:\WINDOWS\update.tray-10-0\svchost.exe"
Sun 15 May 2011 74,240 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL0288.tmp"
Sun 15 May 2011 72,192 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL0845.tmp"
Mon 4 Apr 2011 22,528 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL0882.tmp"
Sun 15 May 2011 71,680 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL1757.tmp"
Sun 15 May 2011 71,680 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL1868.tmp"
Sun 15 May 2011 71,680 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL1927.tmp"
Sun 15 May 2011 73,216 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2094.tmp"
Thu 12 May 2011 97,280 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2170.tmp"
Sun 15 May 2011 72,192 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2527.tmp"
Sun 15 May 2011 72,704 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2653.tmp"
Tue 28 Jun 2011 37,376 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2687.tmp"
Sun 15 May 2011 74,240 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL2744.tmp"
Tue 28 Jun 2011 39,424 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL3035.tmp"
Sun 15 May 2011 71,168 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL3190.tmp"
Sun 15 May 2011 71,168 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL3256.tmp"
Sun 15 May 2011 68,096 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\~WRL3648.tmp"
Thu 31 Mar 2011 666,624 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL0005.tmp"
Thu 28 Apr 2011 39,936 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL0307.tmp"
Wed 6 Apr 2011 37,888 A..H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL0553.tmp"
Wed 27 Apr 2011 38,912 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL0659.tmp"
Mon 4 Apr 2011 34,816 A..H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL0950.tmp"
Fri 24 Jun 2011 38,400 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL1225.tmp"
Thu 26 May 2011 46,592 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL1935.tmp"
Fri 24 Jun 2011 51,200 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2220.tmp"
Wed 27 Apr 2011 41,472 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2395.tmp"
Wed 27 Apr 2011 40,448 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2423.tmp"
Thu 28 Apr 2011 42,496 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2455.tmp"
Tue 5 Apr 2011 36,864 A..H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2952.tmp"
Thu 28 Apr 2011 41,472 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL2990.tmp"
Wed 27 Apr 2011 40,960 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3035.tmp"
Thu 28 Apr 2011 40,960 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3162.tmp"
Wed 27 Apr 2011 40,448 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3318.tmp"
Sat 28 May 2011 47,616 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3523.tmp"
Tue 12 Apr 2011 37,888 A..H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3713.tmp"
Thu 28 Apr 2011 41,984 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3847.tmp"
Wed 27 Apr 2011 39,936 ...H. --- "C:\Documents and Settings\Wi nston\Desktop\Work\~WRL3886.tmp"
Thu 24 Mar 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0003.tmp"
Mon 11 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0004.tmp"
Sat 30 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0005.tmp"
Wed 4 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0006.tmp"
Sat 7 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0007.tmp"
Mon 30 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0008.tmp"
Wed 29 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0009.tmp"
Thu 14 Jul 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0010.tmp"
Thu 28 Jul 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0011.tmp"
Sun 7 Aug 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0012.tmp"
Mon 15 Aug 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0013.tmp"
Fri 19 Aug 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0014.tmp"
Mon 2 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0225.tmp"
Wed 27 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0253.tmp"
Mon 11 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0401.tmp"
Sun 13 Mar 2011 28,160 A..H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0520.tmp"
Tue 31 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0686.tmp"
Tue 29 Mar 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL0748.tmp"
Sat 11 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1121.tmp"
Mon 13 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1375.tmp"
Mon 4 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1429.tmp"
Sat 20 Aug 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1435.tmp"
Fri 15 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1512.tmp"
Mon 23 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1513.tmp"
Thu 7 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL1791.tmp"
Sat 16 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2158.tmp"
Tue 22 Mar 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2593.tmp"
Tue 28 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2662.tmp"
Sun 29 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2696.tmp"
Tue 2 Aug 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2724.tmp"
Sun 8 May 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL2813.tmp"
Tue 28 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3070.tmp"
Mon 20 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3129.tmp"
Thu 28 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3533.tmp"
Fri 15 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3607.tmp"
Sun 12 Jun 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3750.tmp"
Sat 9 Apr 2011 28,160 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Templates\~WRL3978.tmp"
Sun 27 Mar 2011 109,056 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0016.tmp"
Thu 28 Apr 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0018.tmp"
Wed 18 May 2011 36,352 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0268.tmp"
Thu 21 Jul 2011 46,592 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0493.tmp"
Thu 21 Jul 2011 45,056 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0606.tmp"
Wed 13 Apr 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0625.tmp"
Tue 19 Jul 2011 20,480 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0646.tmp"
Wed 27 Apr 2011 39,936 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0657.tmp"
Wed 1 Jun 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0705.tmp"
Tue 19 Jul 2011 20,992 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL0911.tmp"
Thu 28 Apr 2011 41,984 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1191.tmp"
Sun 15 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1222.tmp"
Thu 21 Jul 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1640.tmp"
Thu 21 Jul 2011 19,968 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1664.tmp"
Thu 7 Apr 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1701.tmp"
Tue 5 Apr 2011 22,528 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1782.tmp"
Mon 20 Jun 2011 24,576 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1793.tmp"
Fri 15 Apr 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1818.tmp"
Mon 11 Jul 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1825.tmp"
Thu 21 Jul 2011 47,104 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1908.tmp"
Wed 6 Apr 2011 37,888 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL1964.tmp"
Thu 7 Apr 2011 19,968 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2090.tmp"
Wed 6 Apr 2011 34,816 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2096.tmp"
Fri 15 Apr 2011 20,480 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2186.tmp"
Fri 24 Jun 2011 54,272 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2264.tmp"
Thu 28 Apr 2011 22,016 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2310.tmp"
Mon 23 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2322.tmp"
Thu 21 Apr 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2703.tmp"
Fri 24 Jun 2011 40,960 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2722.tmp"
Sun 1 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2816.tmp"
Tue 5 Apr 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL2933.tmp"
Thu 26 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3003.tmp"
Thu 21 Jul 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3052.tmp"
Thu 21 Jul 2011 46,592 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3108.tmp"
Thu 28 Apr 2011 42,496 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3277.tmp"
Wed 11 May 2011 20,480 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3316.tmp"
Tue 24 May 2011 21,504 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3327.tmp"
Tue 19 Jul 2011 20,480 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3518.tmp"
Tue 10 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3585.tmp"
Wed 6 Jul 2011 22,528 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3635.tmp"
Wed 6 Jul 2011 19,456 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3751.tmp"
Tue 17 May 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL3943.tmp"
Sun 10 Apr 2011 27,136 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL4009.tmp"
Mon 20 Jun 2011 23,552 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL4015.tmp"
Thu 7 Apr 2011 20,480 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL4038.tmp"
Tue 24 May 2011 185,856 ...H. --- "C:\Documents and Settings\Wi nston\Application Data\Microsoft\Word\~WRL4092.tmp"
Sun 11 Jan 2009 3,493,888 A..H. --- "C:\Documents and Settings\Wi nston\Application Data\U3\temp\Launchpad Removal.exe"

Finished!

Edit: Moved topic from XP to the more appropriate forum. Also merged topic and reply by member into one post for log forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 25 August 2011 - 09:13 PM

Hello and welcome. Please follow these guidelines while we work on your PC:
  • Malware removal is a sometimes lengthy and tedious process. Please stick with the thread until Iíve given you the ďAll clear.Ē Absence of symptoms does not mean your machine is clean!
  • Please do not run any scans or install/uninstall any applications without being directed to do so.
  • Please note that the forum is very busy and if I don't hear from you within five days this thread will be closed.
Please subscribe to this thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe.

Posted Image Download ComboFix from one of the following locations:
Link 1
Link 2

VERY IMPORTANT !!! Save ComboFix.exe to your Desktop

* IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link
  • Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

  • Click on Yes, to continue scanning for malware.
When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
Notes:
1. Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. Do not "re-run" Combofix. If you have a problem, reply back for further instructions.


Please include the following in your next post:
  • ComboFix log

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif


#3 RPMcMurphy

RPMcMurphy

    Bleeping *^#@%~


  • Malware Response Team
  • 3,970 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:03 PM

Posted 31 August 2011 - 10:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.

Threads are closed after 5 days of inactivity.

ASAP & UNITE Member


The help you receive here is free. If you wish to show your appreciation, then you may btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users