View Full Version : CnsMin - help please!
rick.thurlow
2007-07-23, 02:36
Hello!
I have any issue - my computer has CnsMin and I cannot seem to get rid of it - I have followed the spywareguide instructions of getting rid of it.... but they don't seem to work!
I have tried to get rid of it in safe mode and it states that "Access is Denied"...
Can you please look at my log file and tell me what to do?
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:01:45 AM, on 7/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode with network support
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\Rundll32.exe
C:\WINDOWS\system32\cmd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.pc-ap.fujitsu.com/
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\AtSwpNav.exe -run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [DriveCleaner 2006] "C:\Program Files\DriveCleaner 2006\DC2006.exe" /min
O4 - HKLM\..\Run: [DC6cw] "C:\Program Files\Common Files\DriveCleaner 2006\DC6cw.exe" -c
O4 - HKLM\..\Run: [iPassConnect] "C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectGUI.exe" /S
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...p;btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://adtaobao.allyes.com/main/adfclick?d...?allyesPara=816 (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...amp;btn=yassist (file missing)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...mp;btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...&btn=repair (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...s&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?sourc...s&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/Hus...ptionEngine.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherA...iomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jasnor.local
O17 - HKLM\Software\..\Telephony: DomainName = jasnor.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jasnor.local
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 10187 bytes
Cheers
Rick
Angelfire777
2007-07-23, 13:30
Hi, welcome to Safe Networking forums!
Next time, please post a hijackthis log taken from normal mode only..Some entries are not shown in safe mode..
Download combofix.exe (http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe)
1. Save it to your desktop.
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply along with a fresh HijackThis log.
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
rick.thurlow
2007-07-24, 02:30
"noel" - 2007-07-24 8:57:24 - ComboFix 07-07-24 - Service Pack 2 FAT32
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\ADMINI~1.JAS\APPLIC~1\DriveCleaner 2006
C:\DOCUME~1\ADMINI~1.JAS\APPLIC~1\DriveCleaner 2006\Logs\Activate.log
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006 Manual.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006 on the Web.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\Feedback on Support QualityFeedback on Support Quality.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\Report Software DefectReport Software Defect.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\Request for InstructionsRequest for Instructions.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\Share Your SuggestionsShare Your Suggestions.lnk
C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs\DriveCleaner 2006\Uninstall DriveCleaner 2006.lnk
C:\DOCUME~1\NOEL~1.JAS\APPLIC~1\DriveCleaner 2006
C:\DOCUME~1\NOEL~1.JAS\APPLIC~1\DriveCleaner 2006\activator_info.txt
C:\DOCUME~1\NOEL~1.JAS\APPLIC~1\DriveCleaner 2006\Logs\Activate.log
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinCgM[1].htm
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinM[1].htm
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinUp[1].htm
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4DQZKT63\CnsMinExM[1].htm
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4DQZKT63\CnsMinM[1].htm
C:\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4ZKTGNQ5\CnsMinExM[1].htm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin100.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin101.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin102.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin103.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin104.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin105.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin106.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin107.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin108.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin109.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin110.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin111.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin112.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin113.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin114.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin115.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin116.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin117.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin118.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin119.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin120.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin121.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin122.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin123.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin124.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin125.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin126.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin127.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin128.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin129.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin130.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin131.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin132.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin133.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin134.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin16.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin17.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin18.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin19.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin20.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin21.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin22.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin23.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin24.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin25.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin26.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin27.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin28.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin29.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin30.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin31.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin32.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin33.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin34.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin35.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin36.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin37.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin38.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin39.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin40.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin41.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin42.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin43.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin44.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin45.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin46.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin47.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin48.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin49.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin50.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin51.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin52.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin53.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin54.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin55.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin56.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin57.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin58.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin59.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin60.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin61.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin62.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin63.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin64.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin65.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin66.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin67.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin68.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin69.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin70.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin71.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin72.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin73.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin74.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin75.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin76.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin77.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin78.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin79.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin80.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin81.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin82.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin83.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin84.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin85.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin86.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin87.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin88.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin89.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin90.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin91.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin92.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin93.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin94.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin95.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin96.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin97.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin98.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin99.zip
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinAL[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinExM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinCgM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[4].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[5].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinExM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinUp[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinAL[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinCgM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinExM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinExM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HTXS5Q1T\CnsMinExM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinCgM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinExM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinExM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinUp[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinUp[2].htm
rick.thurlow
2007-07-24, 02:31
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinCgM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinExM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinHK[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinIO[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[2].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[4].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[1].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[3].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[5].htm
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinDT[1].cab
C:\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinM[2].htm
C:\Program Files\3721\3721\alliveex.dll
C:\Program Files\3721\3721\AutoLive.dll
C:\Program Files\3721\3721\Helper.dll
C:\Program Files\3721\3721\Notifier.dll
C:\Program Files\3721\alliveex.dll
C:\Program Files\3721\alrex.dll
C:\Program Files\3721\autolive.dll
C:\Program Files\3721\autolive.ini
C:\Program Files\3721\autolvsw.ini
C:\Program Files\3721\cns01.dat
C:\Program Files\3721\cns03.dat
C:\Program Files\3721\cnsm.dll
C:\Program Files\3721\CNSMIN.DAT
C:\Program Files\3721\Helper.dll
C:\Program Files\3721\notifier.dll
C:\Program Files\3721\windex.dat
C:\Program Files\3721\winhex.dat
C:\Program Files\baigoo
C:\WINDOWS\DOWNLO~1.\3721
C:\WINDOWS\DOWNLO~1.\3721\ListInfo.dat
C:\WINDOWS\DOWNLO~1.\keepmain.dll
C:\WINDOWS\DOWNLO~1.\keepmainm.cab
C:\WINDOWS\DOWNLO~1.\sms.ico
C:\WINDOWS\DOWNLO~1.\taobao.ico
C:\WINDOWS\DOWNLO~1.\yahoomsg.ico
C:\WINDOWS\DOWNLO~1.\ymail.ico
C:\WINDOWS\DOWNLO~1\CnsHook.dll
C:\WINDOWS\DOWNLO~1\CnsHook.dll.1.log
C:\WINDOWS\DOWNLO~1\cnsio.dll
C:\WINDOWS\DOWNLO~1\CnsMin.dll
C:\WINDOWS\DOWNLO~1\CnsMin.ini
C:\WINDOWS\DOWNLO~1\CnsMinCg.ini
C:\WINDOWS\DOWNLO~1\CnsMinEx.dll
C:\WINDOWS\DOWNLO~1\CnsMinEx.ini
C:\WINDOWS\DOWNLO~1\CnsMinIO.dll
C:\WINDOWS\DOWNLO~1\CnsUp.ini
C:\WINDOWS\DOWNLO~1\UWA6P_0001_N91M1807NetInstaller.exe
C:\WINDOWS\DOWNLO~1\UWAS6_0001_N68M2301NetInstaller.exe
C:\WINDOWS\system32\cns.dat
C:\WINDOWS\system32\cns.dll
C:\WINDOWS\system32\cns.exe
C:\WINDOWS\system32\drivers\CnsMinKP.sys
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
-------\LEGACY_CNSMINKP
-------\CnsMinKP
((((((((((((((((((((((((( Files Created from 2007-06-23 to 2007-07-23 )))))))))))))))))))))))))))))))
2007-07-24 08:56 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-24 08:51 47,104 --a------ C:\WINDOWS\system32\drivers\lgljni.sys
2007-07-19 14:54 <DIR> d-------- C:\DOCUME~1\ADMINI~1.JAS\APPLIC~1\SPAMfighter
2007-07-10 19:36 <DIR> d-------- C:\WINDOWS\system32\3721
2007-07-04 10:59 <DIR> d-------- C:\Program Files\Yahoo!
2007-07-04 10:58 <DIR> d-------- C:\Program Files\CCleaner
2007-06-27 08:22 <DIR> d-------- C:\Program Files\Common Files\Ankiro
2007-06-27 08:21 <DIR> d-------- C:\Program Files\Common Files\Application
2007-06-27 08:20 <DIR> d-------- C:\Program Files\SPAMfighter
2007-06-25 15:04 1,184,400 --a------ C:\WINDOWS\system32\FreeImage.dll
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2007-07-23 22:51:48 5 ----a-w C:\WINDOWS\ycns.dat
2007-05-16 15:12:02 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-04-25 14:21:16 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AGRSMMSG"="AGRSMMSG.exe" [2004-06-07 10:15 C:\WINDOWS\AGRSMMSG.exe]
"LtMoh"="C:\Program Files\ltmoh\Ltmoh.exe" [2003-09-05 17:16]
"Apoint"="C:\Program Files\Apoint2K\Apoint.exe" [2003-07-16 21:19]
"IndicatorUtility"="C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe" [2004-08-04 16:19]
"ATSwpNav"="C:\Program Files\Fingerprint Sensor\AtSwpNav.exe" [2004-06-26 14:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2004-08-16 10:04]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2004-08-16 10:07]
"OfficeScanNT Monitor"="C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2005-11-03 00:32]
"Synchronization Manager"="%SystemRoot%\system32\mobsync.exe" []
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [2004-05-12 15:18]
"DXDllRegExe"="dxdllreg.exe" []
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2005-02-16 23:11]
"iPassConnect"="C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectGUI.exe" [2006-07-27 20:04]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 10:22]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 14:25]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 14:45]
"BrMfcWnd"="C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe" [2006-06-28 07:46]
"SetDefPrt"="C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe" [2005-01-26 18:02]
"ControlCenter3"="C:\Program Files\Brother\ControlCenter3\brctrcen.exe" [2006-06-29 12:18]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-01 16:51]
"SPAMfighter Agent"="C:\Program Files\SPAMfighter\SFAgent.exe" [2007-06-25 15:03]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"H/PC Connection Agent"="C:\PROGRA~1\MICROS~2\wcescomm.exe" [2005-11-15 19:44]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-08 11:45]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2003-07-07 01:20:40]
Cisco Systems VPN Client.lnk - C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe [2005-06-17 13:56:41]
Microsoft Office.lnk - C:\Program Files\Microsoft Office XP\Office10\OSA.EXE [2001-02-13 01:01:04]
Desktop Manager.lnk - C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe [2006-08-27 11:38:50]
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-01-15 13:09:42]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IntelWireless]
C:\Program Files\Intel\Wireless\Bin\LgNotify.dll 2004-08-16 10:03 110592 C:\Program Files\Intel\Wireless\Bin\LgNotify.dll
R1 sscdbhk5;sscdbhk5;C:\WINDOWS\system32\drivers\sscdbhk5.sys
R1 ssrtln;ssrtln;C:\WINDOWS\system32\drivers\ssrtln.sys
R2 CVPND;Cisco Systems, Inc. VPN Service;"C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe"
R2 CVPNDRV;Cisco Systems IPsec Driver;\??\C:\WINDOWS\system32\Drivers\CVPNDRV.sys
R2 drvnddm;drvnddm;C:\WINDOWS\system32\drivers\drvnddm.sys
R2 iPassP;iPass Protocol (IEEE 802.1x) v3.5.1.0;C:\WINDOWS\system32\DRIVERS\iPassP.sys
R2 iPassPeriodicUpdateService;iPassPeriodicUpdateService;"C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateService.exe"
R2 Machnm32;Machnm32 Driver;\??\C:\WINDOWS\system32\Machnm32.sys
R2 ntrtscan;Trend Micro Client/Server Security Agent RealTime Scan;C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
R2 s24trans;WLAN Transport;C:\WINDOWS\system32\DRIVERS\s24trans.sys
R2 tfsnboio;tfsnboio;C:\WINDOWS\system32\dla\tfsnboio.sys
R2 tfsncofs;tfsncofs;C:\WINDOWS\system32\dla\tfsncofs.sys
R2 tfsndrct;tfsndrct;C:\WINDOWS\system32\dla\tfsndrct.sys
R2 tfsndres;tfsndres;C:\WINDOWS\system32\dla\tfsndres.sys
R2 tfsnifs;tfsnifs;C:\WINDOWS\system32\dla\tfsnifs.sys
R2 tfsnopio;tfsnopio;C:\WINDOWS\system32\dla\tfsnopio.sys
R2 tfsnpool;tfsnpool;C:\WINDOWS\system32\dla\tfsnpool.sys
R2 tfsnudf;tfsnudf;C:\WINDOWS\system32\dla\tfsnudf.sys
R2 tfsnudfa;tfsnudfa;C:\WINDOWS\system32\dla\tfsnudfa.sys
R2 TM_CFW;Common Firewall Driver;\??\C:\Program Files\Trend Micro\OfficeScan Client\tm_cfw.sys
R2 TmFilter;Trend Micro Filter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmXPFlt.sys
R2 tmlisten;Trend Micro Client/Server Security Agent Listener;C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
R2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
R2 VSApiNt;Trend Micro VSAPI NT;\??\C:\Program Files\Trend Micro\OfficeScan Client\VSApiNt.sys
R3 {E2B953A6-195A-44F9-9BA3-3D5F4E32BB55};AIM 3.0 Part 01 Codec Driver CH-7009-A/CH-7011;C:\WINDOWS\system32\drivers\wA301a.sys
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver;C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys
R3 DNE;Deterministic Network Enhancer Miniport;C:\WINDOWS\system32\DRIVERS\dne2000.sys
R3 IWCA;Intel Wireless Connection Agent Miniport for Win XP;C:\WINDOWS\system32\DRIVERS\iwca.sys
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys
R3 RimVSerPort;RIM Virtual Serial Port v2;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
R3 ROOTMODEM;Microsoft Legacy Modem Driver;C:\WINDOWS\system32\Drivers\RootMdm.sys
R3 w29n51;Intel(R) PRO/Wireless 2200BG Network Connection Driver for Windows XP;C:\WINDOWS\system32\DRIVERS\w29n51.sys
S3 ATSWPDRV;AuthenTec TruePrint USB Driver (AES2500);C:\WINDOWS\system32\Drivers\ATSwpDrv.sys
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys
S3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys
S3 COMSysApp;COM+ System Application;C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
S3 iPassPeriodicUpdateApp;iPassPeriodicUpdateApp;"C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateApp.exe"
S3 k750bus;Sony Ericsson 750 driver (WDM);C:\WINDOWS\system32\DRIVERS\k750bus.sys
S3 k750mdfl;Sony Ericsson 750 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\k750mdfl.sys
S3 k750mdm;Sony Ericsson 750 USB WMC Modem Drivers;C:\WINDOWS\system32\DRIVERS\k750mdm.sys
S3 k750obex;Sony Ericsson 750 USB WMC OBEX Interface Drivers;C:\WINDOWS\system32\DRIVERS\k750obex.sys
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys
S3 RimUsb;BlackBerry Device;C:\WINDOWS\system32\Drivers\RimUsb.sys
S3 usb_rndisx;USB RNDIS Adapter;C:\WINDOWS\system32\DRIVERS\usb8023x.sys
S3 wceusbsh;Windows CE USB Serial Host Driver;C:\WINDOWS\system32\DRIVERS\wceusbsh.sys
S4 agpCPQ;Compaq AGP Bus Filter;C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
Contents of the 'Scheduled Tasks' folder
2007-07-23 04:48:42 C:\WINDOWS\tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-24 09:13:23
Windows 5.1.2600 Service Pack 2 FAT NTAPI
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2007-07-24 9:19:23 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-24 09:19
--- E O F ---
rick.thurlow
2007-07-24, 02:33
[code]
2005-10-20 11:08 5064 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\cns01.dat.vir
2006-01-23 13:50 71680 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\UWAS6_0001_N68M2301NetInstaller.exe.vir
2006-03-21 14:20 139264 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\3721\alliveex.dll.vir
2006-03-21 14:20 139264 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\alliveex.dll.vir
2006-07-18 19:08 82432 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\UWA6P_0001_N91M1807NetInstaller.exe.vir
2006-10-17 07:42 1545 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\Uninstall DriveCleaner 2006.lnk.vir
2006-10-17 07:42 553 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006 on the Web.lnk.vir
2006-10-17 07:42 649 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006 Manual.lnk.vir
2006-10-17 07:42 649 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\DriveCleaner 2006.lnk.vir
2006-10-17 07:42 670 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\Feedback on Support QualityFeedback on Support Quality.lnk.vir
2006-10-17 07:42 670 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\Request for InstructionsRequest for Instructions.lnk.vir
2006-10-17 07:42 672 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\Report Software DefectReport Software Defect.lnk.vir
2006-10-17 07:42 674 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\STARTM~1\Programs\DriveCleaner 2006\Share Your SuggestionsShare Your Suggestions.lnk.vir
2006-10-17 07:42 78 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\APPLIC~1\DriveCleaner 2006\activator_info.txt.vir
2007-03-08 12:52 72 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\winhex.dat.vir
2007-04-13 09:43 5017 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\CNSMIN.DAT.vir
2007-04-29 14:27 1728 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\cns03.dat.vir
2007-06-11 15:55 32088 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.exe.vir
2007-06-11 15:55 36184 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.dll.vir
2007-06-11 15:55 40280 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\keepmain.dll.vir
2007-06-11 15:55 55128 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\CnsMinKP.sys.vir
2007-06-11 16:13 101720 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinEx.dll.vir
2007-06-11 16:13 40280 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinIO.dll.vir
2007-06-11 16:13 48472 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\cnsio.dll.vir
2007-06-11 16:13 81240 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsHook.dll.vir
2007-06-14 21:01 290136 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMin.dll.vir
2007-06-29 15:29 36864 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\cnsm.dll.vir
2007-07-02 17:26 40280 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\Helper.dll.vir
2007-07-02 17:27 130392 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\3721\AutoLive.dll.vir
2007-07-02 17:27 150872 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\autolive.dll.vir
2007-07-02 17:27 32088 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\alrex.dll.vir
2007-07-02 17:27 40280 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\3721\Helper.dll.vir
2007-07-02 17:27 83288 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\3721\Notifier.dll.vir
2007-07-02 17:27 83288 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\notifier.dll.vir
2007-07-04 11:51 111734 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin6.zip.vir
2007-07-04 11:51 13919 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip.vir
2007-07-04 11:51 16184 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip.vir
2007-07-04 11:51 30487 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip.vir
2007-07-04 11:51 35281 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin3.zip.vir
2007-07-04 11:51 40102 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin4.zip.vir
2007-07-04 11:51 40151 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin5.zip.vir
2007-07-04 11:51 860 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin7.zip.vir
2007-07-04 11:52 1099 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin24.zip.vir
2007-07-04 11:52 1136 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin21.zip.vir
2007-07-04 11:52 16106 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin11.zip.vir
2007-07-04 11:52 36312 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin10.zip.vir
2007-07-04 11:52 668 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin8.zip.vir
2007-07-04 11:52 698 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin22.zip.vir
2007-07-04 11:52 708 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin23.zip.vir
2007-07-04 11:52 720 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin9.zip.vir
2007-07-04 11:52 741 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin13.zip.vir
2007-07-04 11:52 745 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin12.zip.vir
2007-07-04 11:52 771 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin26.zip.vir
2007-07-04 11:52 844 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin17.zip.vir
2007-07-04 11:52 868 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin19.zip.vir
2007-07-04 11:52 876 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin18.zip.vir
2007-07-04 11:52 894 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin14.zip.vir
2007-07-04 11:52 905 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin20.zip.vir
2007-07-04 11:52 916 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin16.zip.vir
2007-07-04 11:52 959 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin15.zip.vir
2007-07-04 11:52 969 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin25.zip.vir
2007-07-04 12:53 16183 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin27.zip.vir
2007-07-04 12:54 1099 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin56.zip.vir
2007-07-04 12:54 111737 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin32.zip.vir
2007-07-04 12:54 1137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin43.zip.vir
2007-07-04 12:54 1211 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin45.zip.vir
2007-07-04 12:54 13922 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin28.zip.vir
2007-07-04 12:54 30489 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin29.zip.vir
2007-07-04 12:54 35538 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin33.zip.vir
2007-07-04 12:54 40105 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin30.zip.vir
2007-07-04 12:54 40154 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin31.zip.vir
2007-07-04 12:54 5562 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin46.zip.vir
2007-07-04 12:54 671 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin35.zip.vir
2007-07-04 12:54 699 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin54.zip.vir
2007-07-04 12:54 703 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin52.zip.vir
2007-07-04 12:54 708 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin55.zip.vir
2007-07-04 12:54 713 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin53.zip.vir
2007-07-04 12:54 722 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin36.zip.vir
2007-07-04 12:54 741 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin47.zip.vir
2007-07-04 12:54 745 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin48.zip.vir
2007-07-04 12:54 770 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin58.zip.vir
2007-07-04 12:54 771 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin59.zip.vir
2007-07-04 12:54 791 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin44.zip.vir
2007-07-04 12:54 791 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin49.zip.vir
2007-07-04 12:54 839 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin39.zip.vir
2007-07-04 12:54 864 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin34.zip.vir
2007-07-04 12:54 869 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin41.zip.vir
2007-07-04 12:54 877 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin40.zip.vir
2007-07-04 12:54 895 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin50.zip.vir
2007-07-04 12:54 904 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin42.zip.vir
2007-07-04 12:54 917 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin38.zip.vir
2007-07-04 12:54 921 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin51.zip.vir
2007-07-04 12:54 959 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin37.zip.vir
2007-07-04 12:54 968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin57.zip.vir
2007-07-05 08:15 1098 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin90.zip.vir
2007-07-05 08:15 111736 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin66.zip.vir
2007-07-05 08:15 1136 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin77.zip.vir
2007-07-05 08:15 1210 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin79.zip.vir
2007-07-05 08:15 13921 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin61.zip.vir
2007-07-05 08:15 16183 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin60.zip.vir
2007-07-05 08:15 30488 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin62.zip.vir
2007-07-05 08:15 35283 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin63.zip.vir
2007-07-05 08:15 35537 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin67.zip.vir
2007-07-05 08:15 40105 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin64.zip.vir
2007-07-05 08:15 40153 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin65.zip.vir
2007-07-05 08:15 5563 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin80.zip.vir
2007-07-05 08:15 672 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin69.zip.vir
2007-07-05 08:15 698 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin88.zip.vir
2007-07-05 08:15 702 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin86.zip.vir
2007-07-05 08:15 707 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin89.zip.vir
2007-07-05 08:15 712 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin87.zip.vir
2007-07-05 08:15 720 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin70.zip.vir
2007-07-05 08:15 739 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin81.zip.vir
2007-07-05 08:15 745 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin82.zip.vir
2007-07-05 08:15 768 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin92.zip.vir
2007-07-05 08:15 770 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin93.zip.vir
2007-07-05 08:15 789 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin78.zip.vir
2007-07-05 08:15 791 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin83.zip.vir
2007-07-05 08:15 851 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin73.zip.vir
2007-07-05 08:15 861 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin68.zip.vir
2007-07-05 08:15 868 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin75.zip.vir
2007-07-05 08:15 876 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin74.zip.vir
2007-07-05 08:15 894 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin84.zip.vir
2007-07-05 08:15 904 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin76.zip.vir
2007-07-05 08:15 920 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin85.zip.vir
2007-07-05 08:15 921 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin72.zip.vir
rick.thurlow
2007-07-24, 02:34
2007-07-05 08:15 959 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin71.zip.vir
2007-07-05 08:15 968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin91.zip.vir
2007-07-05 09:32 78256 --a------ C:\Qoobox\Quarantine\C\WINDOWS\system32\cns.dat.vir
2007-07-10 07:34 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[1].htm.vir
2007-07-10 07:34 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinExM[1].htm.vir
2007-07-10 15:35 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinCgM[2].htm.vir
2007-07-10 19:35 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[2].htm.vir
2007-07-10 19:35 76841 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinAL[1].cab.vir
2007-07-11 08:19 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[3].htm.vir
2007-07-11 08:19 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinExM[1].htm.vir
2007-07-11 08:19 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinCgM[1].htm.vir
2007-07-11 16:19 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[1].htm.vir
2007-07-12 07:28 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinM[1].htm.vir
2007-07-12 07:28 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinExM[1].htm.vir
2007-07-12 08:29 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinCgM[2].htm.vir
2007-07-12 10:53 86 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinUp[1].htm.vir
2007-07-12 16:53 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[1].htm.vir
2007-07-13 07:40 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinM[1].htm.vir
2007-07-13 07:40 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinExM[1].htm.vir
2007-07-13 07:40 9261 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[3].htm.vir
2007-07-13 14:52 899 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\3721\ListInfo.dat.vir
2007-07-16 09:04 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[1].htm.vir
2007-07-18 07:11 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[2].htm.vir
2007-07-18 07:32 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinM[2].htm.vir
2007-07-18 07:32 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinExM[3].htm.vir
2007-07-18 15:12 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinCgM[2].htm.vir
2007-07-18 20:12 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinM[4].htm.vir
2007-07-18 20:12 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HTXS5Q1T\CnsMinExM[3].htm.vir
2007-07-19 13:44 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinCgM[5].htm.vir
2007-07-19 13:44 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinM[2].htm.vir
2007-07-19 13:44 86 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinUp[1].htm.vir
2007-07-19 13:44 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinExM[2].htm.vir
2007-07-19 14:23 1099 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin129.zip.vir
2007-07-19 14:23 111737 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin98.zip.vir
2007-07-19 14:23 1137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin108.zip.vir
2007-07-19 14:23 1210 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin112.zip.vir
2007-07-19 14:23 1388 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin122.zip.vir
2007-07-19 14:23 13921 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin96.zip.vir
2007-07-19 14:23 16183 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin95.zip.vir
2007-07-19 14:23 300338 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin113.zip.vir
2007-07-19 14:23 35538 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin99.zip.vir
2007-07-19 14:23 40104 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin97.zip.vir
2007-07-19 14:23 671 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin101.zip.vir
2007-07-19 14:23 698 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin123.zip.vir
2007-07-19 14:23 699 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin127.zip.vir
2007-07-19 14:23 703 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin125.zip.vir
2007-07-19 14:23 708 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin128.zip.vir
2007-07-19 14:23 709 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin124.zip.vir
2007-07-19 14:23 713 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin126.zip.vir
2007-07-19 14:23 721 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin103.zip.vir
2007-07-19 14:23 742 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin115.zip.vir
2007-07-19 14:23 745 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin102.zip.vir
2007-07-19 14:23 746 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin114.zip.vir
2007-07-19 14:23 753 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin117.zip.vir
2007-07-19 14:23 767 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin131.zip.vir
2007-07-19 14:23 768 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin133.zip.vir
2007-07-19 14:23 770 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin132.zip.vir
2007-07-19 14:23 771 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin134.zip.vir
2007-07-19 14:23 778 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin119.zip.vir
2007-07-19 14:23 786 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin111.zip.vir
2007-07-19 14:23 789 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin109.zip.vir
2007-07-19 14:23 791 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin110.zip.vir
2007-07-19 14:23 792 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin116.zip.vir
2007-07-19 14:23 861 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin104.zip.vir
2007-07-19 14:23 862 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin100.zip.vir
2007-07-19 14:23 869 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin106.zip.vir
2007-07-19 14:23 877 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin105.zip.vir
2007-07-19 14:23 896 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin120.zip.vir
2007-07-19 14:23 905 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin107.zip.vir
2007-07-19 14:23 921 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin121.zip.vir
2007-07-19 14:23 9481 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin94.zip.vir
2007-07-19 14:23 964 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin118.zip.vir
2007-07-19 14:23 968 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin130.zip.vir
2007-07-19 14:31 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[2].htm.vir
2007-07-19 14:31 115420 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\keepmainM.cab.vir
2007-07-19 14:31 12801 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\WLY5CYTF\CnsMinDT[1].cab.vir
2007-07-19 14:31 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinM[2].htm.vir
2007-07-19 14:31 29895 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinIO[1].cab.vir
2007-07-19 14:31 34719 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\SFFJY0H9\CnsMinHK[1].cab.vir
2007-07-19 14:31 39590 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[1].cab.vir
2007-07-19 14:31 76841 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinAL[1].cab.vir
2007-07-19 14:31 86 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\KT6FW9YF\CnsMinUp[2].htm.vir
2007-07-19 14:31 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\HRBR9DSA\CnsMinExM[2].htm.vir
2007-07-19 14:52 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4DQZKT63\CnsMinM[1].htm.vir
2007-07-19 14:52 86 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinUp[1].htm.vir
2007-07-19 14:52 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4DQZKT63\CnsMinExM[1].htm.vir
2007-07-19 14:54 169 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\APPLIC~1\DriveCleaner 2006\Logs\Activate.log.vir
2007-07-20 09:50 10495 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinCgM[1].htm.vir
2007-07-20 09:50 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\0ZUJUR2X\CnsMinM[1].htm.vir
2007-07-20 09:50 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Administrator.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4ZKTGNQ5\CnsMinExM[1].htm.vir
2007-07-22 13:36 10606 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\4EFZ2XI2\CnsMinCgM[3].htm.vir
2007-07-22 13:36 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[1].htm.vir
2007-07-22 13:36 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[1].htm.vir
2007-07-23 07:57 11616 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\windex.dat.vir
2007-07-23 09:36 10606 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[3].htm.vir
2007-07-23 09:36 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[2].htm.vir
2007-07-23 09:36 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[2].htm.vir
2007-07-23 17:15 814 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\autolvsw.ini.vir
2007-07-23 18:11 10606 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[4].htm.vir
2007-07-24 08:48 5734 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\yahoomsg.ico.vir
2007-07-24 08:48 5734 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\ymail.ico.vir
2007-07-24 08:48 6526 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\sms.ico.vir
2007-07-24 08:48 6758 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\taobao.ico.vir
2007-07-24 08:49 106 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsUp.ini.vir
2007-07-24 08:49 10606 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\ABA3MXMV\CnsMinCgM[5].htm.vir
2007-07-24 08:49 10606 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinCg.ini.vir
2007-07-24 08:49 137 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinM[3].htm.vir
2007-07-24 08:49 137 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMin.ini.vir
2007-07-24 08:49 886 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\Local Settings\Temporary Internet Files\Content.IE5\8DO1UN41\CnsMinExM[3].htm.vir
2007-07-24 08:49 886 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsMinEx.ini.vir
2007-07-24 08:50 62530 --a------ C:\Qoobox\Quarantine\C\Documents and Settings\Noel.JASNOR\APPLIC~1\DriveCleaner 2006\Logs\Activate.log.vir
2007-07-24 08:51 1188 --a------ C:\Qoobox\Quarantine\C\Program Files\3721\autolive.ini.vir
2007-07-24 08:55 2697 --a------ C:\Qoobox\Quarantine\C\WINDOWS\DOWNLO~1\CnsHook.dll.1.log.vir
2007-07-24 09:02 1038 --a------ C:\Qoobox\Quarantine\Registry_backups\LEGACY_CNSMINKP.reg.cf
2007-07-24 09:02 2994 --a------ C:\Qoobox\Quarantine\Registry_backups\services_CnsMinKP.reg.cf
rick.thurlow
2007-07-24, 02:35
Folder PATH listing
Volume serial number is F8C3-ABDA
C:\QOOBOX
\---Quarantine
+---Registry_backups
| LEGACY_CNSMINKP.reg.cf
| services_CnsMinKP.reg.cf
|
\---C
+---WINDOWS
| +---DOWNLO~1
| | | UWAS6_0001_N68M2301NetInstaller.exe.vir
| | | UWA6P_0001_N91M1807NetInstaller.exe.vir
| | | CnsHook.dll.1.log.vir
| | | CnsMinCg.ini.vir
| | | cnsio.dll.vir
| | | CnsUp.ini.vir
| | | CnsMin.ini.vir
| | | CnsMinEx.ini.vir
| | | CnsMinEx.dll.vir
| | | CnsMinIO.dll.vir
| | | keepmain.dll.vir
| | | keepmainM.cab.vir
| | | sms.ico.vir
| | | taobao.ico.vir
| | | yahoomsg.ico.vir
| | | ymail.ico.vir
| | | CnsHook.dll.vir
| | | CnsMin.dll.vir
| | |
| | \---3721
| | ListInfo.dat.vir
| |
| +---system32
| | | cns.dat.vir
| | | cns.dll.vir
| | | cns.exe.vir
| | |
| | \---drivers
| | CnsMinKP.sys.vir
| |
| \---Downloaded Program Files
+---Documents and Settings
| +---All Users
| | +---Application Data
| | | \---Spybot - Search & Destroy
| | | \---Recovery
| | | CnsMin45.zip.vir
| | | CnsMin38.zip.vir
| | | CnsMin39.zip.vir
| | | CnsMin40.zip.vir
| | | CnsMin41.zip.vir
| | | CnsMin42.zip.vir
| | | CnsMin43.zip.vir
| | | CnsMin44.zip.vir
| | | CnsMin46.zip.vir
| | | CnsMin60.zip.vir
| | | CnsMin47.zip.vir
| | | CnsMin48.zip.vir
| | | CnsMin49.zip.vir
| | | CnsMin50.zip.vir
| | | CnsMin51.zip.vir
| | | CnsMin52.zip.vir
| | | CnsMin53.zip.vir
| | | CnsMin54.zip.vir
| | | CnsMin55.zip.vir
| | | CnsMin56.zip.vir
| | | CnsMin57.zip.vir
| | | CnsMin58.zip.vir
| | | CnsMin59.zip.vir
| | | CnsMin61.zip.vir
| | | CnsMin62.zip.vir
| | | CnsMin63.zip.vir
| | | CnsMin64.zip.vir
| | | CnsMin65.zip.vir
| | | CnsMin66.zip.vir
| | | CnsMin67.zip.vir
| | | CnsMin68.zip.vir
| | | CnsMin69.zip.vir
| | | CnsMin79.zip.vir
| | | CnsMin70.zip.vir
| | | CnsMin71.zip.vir
| | | CnsMin72.zip.vir
| | | CnsMin73.zip.vir
| | | CnsMin74.zip.vir
| | | CnsMin75.zip.vir
| | | CnsMin76.zip.vir
| | | CnsMin77.zip.vir
| | | CnsMin78.zip.vir
| | | CnsMin80.zip.vir
| | | CnsMin94.zip.vir
| | | CnsMin81.zip.vir
| | | CnsMin82.zip.vir
| | | CnsMin83.zip.vir
| | | CnsMin84.zip.vir
| | | CnsMin85.zip.vir
| | | CnsMin86.zip.vir
| | | CnsMin87.zip.vir
| | | CnsMin88.zip.vir
| | | CnsMin89.zip.vir
| | | CnsMin90.zip.vir
| | | CnsMin91.zip.vir
| | | CnsMin92.zip.vir
| | | CnsMin93.zip.vir
| | | CnsMin95.zip.vir
| | | CnsMin96.zip.vir
| | | CnsMin97.zip.vir
| | | CnsMin98.zip.vir
| | | CnsMin99.zip.vir
| | | CnsMin100.zip.vir
| | | CnsMin101.zip.vir
| | | CnsMin112.zip.vir
| | | CnsMin102.zip.vir
| | | CnsMin103.zip.vir
| | | CnsMin104.zip.vir
| | | CnsMin105.zip.vir
| | | CnsMin106.zip.vir
| | | CnsMin107.zip.vir
| | | CnsMin108.zip.vir
| | | CnsMin109.zip.vir
| | | CnsMin110.zip.vir
| | | CnsMin111.zip.vir
| | | CnsMin113.zip.vir
| | | CnsMin114.zip.vir
| | | CnsMin115.zip.vir
| | | CnsMin116.zip.vir
| | | CnsMin117.zip.vir
| | | CnsMin118.zip.vir
| | | CnsMin119.zip.vir
| | | CnsMin120.zip.vir
| | | CnsMin121.zip.vir
| | | CnsMin122.zip.vir
| | | CnsMin123.zip.vir
| | | CnsMin124.zip.vir
| | | CnsMin125.zip.vir
| | | CnsMin126.zip.vir
| | | CnsMin127.zip.vir
| | | CnsMin128.zip.vir
| | | CnsMin129.zip.vir
| | | CnsMin130.zip.vir
| | | CnsMin131.zip.vir
| | | CnsMin132.zip.vir
| | | CnsMin133.zip.vir
| | | CnsMin134.zip.vir
| | | CnsMin.zip.vir
| | | CnsMin1.zip.vir
| | | CnsMin2.zip.vir
| | | CnsMin3.zip.vir
| | | CnsMin4.zip.vir
| | | CnsMin5.zip.vir
| | | CnsMin6.zip.vir
| | | CnsMin7.zip.vir
| | | CnsMin8.zip.vir
| | | CnsMin9.zip.vir
| | | CnsMin10.zip.vir
| | | CnsMin11.zip.vir
| | | CnsMin12.zip.vir
| | | CnsMin13.zip.vir
| | | CnsMin14.zip.vir
| | | CnsMin15.zip.vir
| | | CnsMin16.zip.vir
| | | CnsMin17.zip.vir
| | | CnsMin18.zip.vir
| | | CnsMin19.zip.vir
| | | CnsMin20.zip.vir
| | | CnsMin21.zip.vir
| | | CnsMin22.zip.vir
| | | CnsMin23.zip.vir
| | | CnsMin24.zip.vir
| | | CnsMin25.zip.vir
| | | CnsMin26.zip.vir
| | | CnsMin27.zip.vir
| | | CnsMin28.zip.vir
| | | CnsMin29.zip.vir
| | | CnsMin30.zip.vir
| | | CnsMin31.zip.vir
| | | CnsMin32.zip.vir
| | | CnsMin33.zip.vir
| | | CnsMin34.zip.vir
| | | CnsMin35.zip.vir
| | | CnsMin36.zip.vir
| | | CnsMin37.zip.vir
| | |
| | \---STARTM~1
| | \---Programs
| | \---DriveCleaner 2006
| | DriveCleaner 2006.lnk.vir
| | DriveCleaner 2006 on the Web.lnk.vir
| | DriveCleaner 2006 Manual.lnk.vir
| | Uninstall DriveCleaner 2006.lnk.vir
| | Report Software DefectReport Software Defect.lnk.vir
| | Request for InstructionsRequest for Instructions.lnk.vir
| | Share Your SuggestionsShare Your Suggestions.lnk.vir
| | Feedback on Support QualityFeedback on Support Quality.lnk.vir
| |
| +---Noel.JASNOR
| | +---Local Settings
| | | \---Temporary Internet Files
| | | \---Content.IE5
| | | +---HTXS5Q1T
| | | | CnsMinExM[3].htm.vir
| | | |
| | | +---WLY5CYTF
| | | | CnsMinCgM[3].htm.vir
| | | | CnsMinCgM[1].htm.vir
| | | | CnsMinM[2].htm.vir
| | | | CnsMinCgM[5].htm.vir
| | | | CnsMinDT[1].cab.vir
| | | |
| | | +---KT6FW9YF
| | | | CnsMinM[1].htm.vir
| | | | CnsMinExM[1].htm.vir
| | | | CnsMinExM[3].htm.vir
| | | | CnsMinCgM[2].htm.vir
| | | | CnsMinUp[1].htm.vir
| | | | CnsMinM[2].htm.vir
| | | | CnsMinUp[2].htm.vir
| | | |
| | | +---4EFZ2XI2
| | | | CnsMinCgM[2].htm.vir
| | | | CnsMinExM[2].htm.vir
| | | | CnsMinAL[1].cab.vir
| | | | CnsMinCgM[3].htm.vir
| | | | CnsMinCgM[1].htm.vir
| | | |
| | | +---ABA3MXMV
| | | | CnsMinExM[1].htm.vir
| | | | CnsMinCgM[1].htm.vir
| | | | CnsMinM[1].htm.vir
| | | | CnsMinUp[1].htm.vir
| | | | CnsMinCgM[2].htm.vir
| | | | CnsMinM[2].htm.vir
| | | | CnsMinCgM[3].htm.vir
| | | | CnsMinCgM[4].htm.vir
| | | | CnsMinCgM[5].htm.vir
| | | |
| | | +---8DO1UN41
| | | | CnsMinCgM[1].htm.vir
| | | | CnsMinExM[1].cab.vir
| | | | CnsMinM[1].htm.vir
| | | | CnsMinExM[1].htm.vir
| | | | CnsMinM[2].htm.vir
| | | | CnsMinExM[2].htm.vir
| | | | CnsMinM[3].htm.vir
| | | | CnsMinExM[3].htm.vir
| | | |
| | | +---HRBR9DSA
| | | | CnsMinAL[1].cab.vir
| | | | CnsMinCgM[2].htm.vir
| | | | CnsMinExM[1].htm.vir
| | | | CnsMinExM[2].htm.vir
| | | |
| | | \---SFFJY0H9
| | | CnsMinM[4].htm.vir
| | | CnsMinIO[1].cab.vir
| | | CnsMinHK[1].cab.vir
| | | CnsMinM[1].htm.vir
| | | CnsMinExM[1].htm.vir
| | | CnsMinM[2].htm.vir
| | | CnsMinM[3].htm.vir
| | | CnsMinCgM[2].htm.vir
| | |
| | \---APPLIC~1
| | \---DriveCleaner 2006
| | | activator_info.txt.vir
| | |
| | \---Logs
| | Activate.log.vir
| |
| \---Administrator.JASNOR
| +---Local Settings
| | \---Temporary Internet Files
| | \---Content.IE5
| | +---4ZKTGNQ5
| | | CnsMinExM[1].htm.vir
| | |
| | +---0ZUJUR2X
| | | CnsMinUp[1].htm.vir
| | | CnsMinCgM[1].htm.vir
| | | CnsMinM[1].htm.vir
| | |
| | \---4DQZKT63
| | CnsMinM[1].htm.vir
| | CnsMinExM[1].htm.vir
| |
| \---APPLIC~1
| \---DriveCleaner 2006
| \---Logs
| Activate.log.vir
|
\---Program Files
+---3721
| | Helper.dll.vir
| | autolive.dll.vir
| | notifier.dll.vir
| | alliveex.dll.vir
| | cns01.dat.vir
| | autolive.ini.vir
| | cns03.dat.vir
| | alrex.dll.vir
| | winhex.dat.vir
| | cnsm.dll.vir
| | windex.dat.vir
| | autolvsw.ini.vir
| | CNSMIN.DAT.vir
| |
| \---3721
| AutoLive.dll.vir
| Helper.dll.vir
| Notifier.dll.vir
| alliveex.dll.vir
|
\---3721.vir
[/code]
rick.thurlow
2007-07-24, 02:36
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:21, on 2007-07-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\Program Files\Intel\Wireless\Bin\ZcfgSvc.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Intel\Wireless\Bin\1XConfig.exe
C:\WINDOWS\TEMP\NC566A.EXE
C:\Program Files\Trend Micro\OfficeScan Client\PCCNTMON.EXE
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
C:\Program Files\Fingerprint Sensor\AtSwpNav.exe
C:\WINDOWS\system32\igfxext.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectGUI.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Apoint2K\HidFind.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\SPAMfighter\SFAgent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~2\wcescomm.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectEngine.exe
C:\PROGRA~1\MICROS~2\rapimgr.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.pc-ap.fujitsu.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.yahoo.com.cn
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://MAIL:8080
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IndicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe
O4 - HKLM\..\Run: [ATSwpNav] C:\Program Files\Fingerprint Sensor\AtSwpNav.exe -run
O4 - HKLM\..\Run: [IntelWireless] C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iPassConnect] "C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectGUI.exe" /S
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrMfcWnd] C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SPAMfighter Agent] "C:\Program Files\SPAMfighter\SFAgent.exe" update delay 60
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\PROGRA~1\MICROS~2\wcescomm.exe"
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Cisco Systems VPN Client.lnk = C:\Program Files\Cisco Systems\VPN Client\ipsecdialer.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office XP\Office10\OSA.EXE
O4 - Global Startup: Desktop Manager.lnk = C:\Program Files\Research In Motion\BlackBerry\DesktopMgr.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~2\INetRepl.dll
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.pc-ap.fujitsu.com/
O16 - DPF: HushEncryptionEngine - https://mailserver1.hushmail.com/shared/HushEncryptionEngine.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {EA1B8527-E422-4909-825A-70BE0694F18E} (PortfolioManagerWT ProfileManager Class) - https://online.westpac.com.au/wtoa/wtOtherAccounts/portfoliomanagerwt.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = jasnor.local
O17 - HKLM\Software\..\Telephony: DomainName = jasnor.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = jasnor.local
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: EvtEng - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPassConnectEngine - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassConnectEngine.exe
O23 - Service: iPassPeriodicUpdateApp - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateApp.exe
O23 - Service: iPassPeriodicUpdateService - iPass, Inc. - C:\Program Files\iPass\iPassConnect Bigpond\iPassPeriodicUpdateService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Client/Server Security Agent RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: Trend Micro Client/Server Security Agent Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OwnershipProtocol - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\OProtSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: RegSrvc - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Trend Micro Client/Server Security Agent Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Trend Micro\OfficeScan Client\tmlisten.exe
--
End of file - 10401 bytes
Angelfire777
2007-07-24, 12:48
Hi,
Open HijackThis > choose Scan Only > Place a checkmark in the boxes beside these entries in bold.
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O9 - Extra button: (no name) - {6354ABE6-05F1-49ed-B850-E423120EC338} - http://cn.widget.yahoo.com/index.htm?source=Cns (file missing)
Close your browsers and all open windows except for HijackThis, then click "Fix checked". Exit HijackThis.
Combofix Deletions
Right click on your desktop, select "new" then choose "New text Document"
Name it as "CFScript"
Copy and paste the text inside the code box below to CFScript.txt
Folder::
C:\WINDOWS\system32\3721
Filelook::
C:\WINDOWS\ycns.dat
C:\WINDOWS\system32\drivers\lgljni.sys
Dirlook::
C:\Program Files\Common Files\Ankiro
Save it.
Drag and drop CFScript.txt to your copy of combofix.
You can take a look at the image below if you're unsure on how to do it.
http://img263.imageshack.us/img263/9894/cfscriptno0.gif
Combofix wil restart your machine then it will produce a log afterwards.
Please post the contents of that log along with a fresh HijackThis log.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
Angelfire777
2007-07-28, 13:37
rick are you still there?
Angelfire777
2007-08-02, 14:37
Due to inactivity, this thread is now closed. If you wish to reopen this topic, please pm me with the link to the original topic. This only applies to the original topic starter.
Everyone, please start a new topic.