combofix and HJT logfiles
Hi I will have to post my combofix and HJT logfiles separately
ComboFix 09-10-07.05 - scott williamson 09/10/2009 8:00.3.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.20 [GMT 1:00]
Running from: c:\documents and settings\scott williamson\Desktop\ComboFix.exe
AV: McAfee VirusScan *On-access scanning disabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Personal Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Created a new restore point
* Resident AV is active
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\8913996.exe
C:\9560663.exe
c:\windows\Fonts\mlog
c:\windows\Install.txt
c:\windows\Installer\2c83f.msp
c:\windows\Installer\531a0c.msp
c:\windows\system32\Install.txt
Infected copy of c:\windows\regedit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\regedit.exe
Infected copy of c:\windows\SYSTEM32\DRIVERS\atapi.sys was found and disinfected
Kitty ate it
Infected copy of c:\windows\system32\userinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\userinit.exe
Infected copy of c:\windows\hh.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\hh.exe
Infected copy of c:\windows\notepad.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\notepad.exe
Infected copy of c:\windows\slrundll.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\slrundll.exe
Infected copy of c:\windows\TASKMAN.EXE was found and disinfected
Restored copy from - c:\i386\TASKMAN.EXE
Infected copy of c:\windows\TWUNK_32.EXE was found and disinfected
Restored copy from - c:\system volume information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP404\A0059593.EXE
Infected copy of c:\windows\winhlp32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winhlp32.exe
Infected copy of c:\windows\INF\unregmp2.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\unregmp2.exe
Infected copy of c:\windows\SYSTEM32\accwiz.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\accwiz.exe
Infected copy of c:\windows\SYSTEM32\actmovie.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\actmovie.exe
Infected copy of c:\windows\SYSTEM32\ahui.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ahui.exe
Infected copy of c:\windows\SYSTEM32\alg.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\alg.exe
Infected copy of c:\windows\SYSTEM32\ARP.EXE was found and disinfected
Restored copy from - c:\i386\ARP.EXE
Infected copy of c:\windows\SYSTEM32\at.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\at.exe
Infected copy of c:\windows\SYSTEM32\atmadm.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\atmadm.exe
Infected copy of c:\windows\SYSTEM32\attrib.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\attrib.exe
Infected copy of c:\windows\SYSTEM32\auditusr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\auditusr.exe
Infected copy of c:\windows\SYSTEM32\blastcln.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\blastcln.exe
Infected copy of c:\windows\SYSTEM32\BOOTOK.EXE was found and disinfected
Restored copy from - c:\i386\BOOTOK.EXE
Infected copy of c:\windows\SYSTEM32\BOOTVRFY.EXE was found and disinfected
Restored copy from - c:\i386\BOOTVRFY.EXE
Infected copy of c:\windows\SYSTEM32\cacls.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cacls.exe
Infected copy of c:\windows\SYSTEM32\CALC.EXE was found and disinfected
Restored copy from - c:\i386\CALC.EXE
Infected copy of c:\windows\SYSTEM32\CHARMAP.EXE was found and disinfected
Restored copy from - c:\i386\CHARMAP.EXE
Infected copy of c:\windows\SYSTEM32\CHKDSK.EXE was found and disinfected
Restored copy from - c:\i386\CHKDSK.EXE
Infected copy of c:\windows\SYSTEM32\CHKNTFS.EXE was found and disinfected
Restored copy from - c:\i386\CHKNTFS.EXE
Infected copy of c:\windows\SYSTEM32\CIDAEMON.EXE was found and disinfected
Restored copy from - c:\i386\CIDAEMON.EXE
Infected copy of c:\windows\SYSTEM32\cisvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cisvc.exe
Infected copy of c:\windows\SYSTEM32\CKCNV.EXE was found and disinfected
Restored copy from - c:\i386\CKCNV.EXE
Infected copy of c:\windows\SYSTEM32\cleanmgr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cleanmgr.exe
Infected copy of c:\windows\SYSTEM32\clipbrd.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\clipbrd.exe
Infected copy of c:\windows\SYSTEM32\clipsrv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\clipsrv.exe
Infected copy of c:\windows\SYSTEM32\cmd.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cmd.exe
Infected copy of c:\windows\SYSTEM32\cmdl32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cmdl32.exe
Infected copy of c:\windows\SYSTEM32\cmmon32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cmmon32.exe
Infected copy of c:\windows\SYSTEM32\cmstp.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\cmstp.exe
Infected copy of c:\windows\SYSTEM32\COMP.EXE was found and disinfected
Restored copy from - c:\i386\COMP.EXE
Infected copy of c:\windows\SYSTEM32\COMPACT.EXE was found and disinfected
Restored copy from - c:\i386\COMPACT.EXE
Infected copy of c:\windows\SYSTEM32\conime.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\conime.exe
Infected copy of c:\windows\SYSTEM32\CONTROL.EXE was found and disinfected
Restored copy from - c:\i386\CONTROL.EXE
Infected copy of c:\windows\SYSTEM32\CONVERT.EXE was found and disinfected
Restored copy from - c:\i386\CONVERT.EXE
Infected copy of c:\windows\SYSTEM32\cscript.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\cscript.exe
Infected copy of c:\windows\SYSTEM32\ctfmon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ctfmon.exe
Infected copy of c:\windows\SYSTEM32\dcomcnfg.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dcomcnfg.exe
Infected copy of c:\windows\SYSTEM32\ddeshare.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ddeshare.exe
Infected copy of c:\windows\SYSTEM32\defrag.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\defrag.exe
Infected copy of c:\windows\SYSTEM32\dfrgfat.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dfrgfat.exe
Infected copy of c:\windows\SYSTEM32\dfrgntfs.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dfrgntfs.exe
Infected copy of c:\windows\SYSTEM32\diantz.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\diantz.exe
Infected copy of c:\windows\SYSTEM32\diskpart.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\diskpart.exe
Infected copy of c:\windows\SYSTEM32\DISKPERF.EXE was found and disinfected
Restored copy from - c:\i386\DISKPERF.EXE
Infected copy of c:\windows\SYSTEM32\dllhost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dllhost.exe
Infected copy of c:\windows\SYSTEM32\DLLHST3G.EXE was found and disinfected
Restored copy from - c:\i386\DLLHST3G.EXE
Infected copy of c:\windows\SYSTEM32\dmadmin.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dmadmin.exe
Infected copy of c:\windows\SYSTEM32\dmremote.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dmremote.exe
Infected copy of c:\windows\SYSTEM32\DOSKEY.EXE was found and disinfected
Restored copy from - c:\i386\DOSKEY.EXE
Infected copy of c:\windows\SYSTEM32\dplaysvr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dplaysvr.exe
Infected copy of c:\windows\SYSTEM32\dpnsvr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dpnsvr.exe
Infected copy of c:\windows\SYSTEM32\dpvsetup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dpvsetup.exe
Infected copy of c:\windows\SYSTEM32\DRWTSN32.EXE was found and disinfected
Restored copy from - c:\i386\DRWTSN32.EXE
Infected copy of c:\windows\SYSTEM32\dumprep.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dumprep.exe
Infected copy of c:\windows\SYSTEM32\DVDPLAY.EXE was found and disinfected
Restored copy from - c:\i386\DVDPLAY.EXE
Infected copy of c:\windows\SYSTEM32\dvdupgrd.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dvdupgrd.exe
Infected copy of c:\windows\SYSTEM32\dwwin.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dwwin.exe
Infected copy of c:\windows\SYSTEM32\dxdiag.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\dxdiag.exe
Infected copy of c:\windows\SYSTEM32\ESENTUTL.EXE was found and disinfected
Restored copy from - c:\i386\ESENTUTL.EXE
Infected copy of c:\windows\SYSTEM32\eudcedit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\eudcedit.exe
Infected copy of c:\windows\SYSTEM32\EVENTVWR.EXE was found and disinfected
Restored copy from - c:\i386\EVENTVWR.EXE
Infected copy of c:\windows\SYSTEM32\EXPAND.EXE was found and disinfected
Restored copy from - c:\i386\EXPAND.EXE
Infected copy of c:\windows\SYSTEM32\extrac32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\extrac32.exe
Infected copy of c:\windows\SYSTEM32\FC.EXE was found and disinfected
Restored copy from - c:\i386\FC.EXE
Infected copy of c:\windows\SYSTEM32\FIND.EXE was found and disinfected
Restored copy from - c:\i386\FIND.EXE
Infected copy of c:\windows\SYSTEM32\findstr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\findstr.exe
Infected copy of c:\windows\SYSTEM32\FINGER.EXE was found and disinfected
Restored copy from - c:\i386\FINGER.EXE
Infected copy of c:\windows\SYSTEM32\FIXMAPI.EXE was found and disinfected
Restored copy from - c:\i386\FIXMAPI.EXE
Infected copy of c:\windows\SYSTEM32\fltmc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fltmc.exe
Infected copy of c:\windows\SYSTEM32\fontview.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fontview.exe
Infected copy of c:\windows\SYSTEM32\forcedos.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\forcedos.exe
Infected copy of c:\windows\SYSTEM32\FREECELL.EXE was found and disinfected
Restored copy from - c:\i386\FREECELL.EXE
Infected copy of c:\windows\SYSTEM32\fsquirt.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fsquirt.exe
Infected copy of c:\windows\SYSTEM32\FSUTIL.EXE was found and disinfected
Restored copy from - c:\i386\FSUTIL.EXE
Infected copy of c:\windows\SYSTEM32\ftp.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ftp.exe
Infected copy of c:\windows\SYSTEM32\fxsclnt.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fxsclnt.exe
Infected copy of c:\windows\SYSTEM32\fxscover.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fxscover.exe
Infected copy of c:\windows\SYSTEM32\FXSSEND.EXE was found and disinfected
Restored copy from - c:\i386\FXSSEND.EXE
Infected copy of c:\windows\SYSTEM32\fxssvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\fxssvc.exe
Infected copy of c:\windows\SYSTEM32\grpconv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\grpconv.exe
Infected copy of c:\windows\SYSTEM32\help.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\help.exe
Infected copy of c:\windows\SYSTEM32\HOSTNAME.EXE was found and disinfected
Restored copy from - c:\i386\HOSTNAME.EXE
Infected copy of c:\windows\SYSTEM32\ie4uinit.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\ie4uinit.exe
Infected copy of c:\windows\SYSTEM32\iexpress.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\iexpress.exe
Infected copy of c:\windows\SYSTEM32\imapi.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\imapi.exe
Infected copy of c:\windows\SYSTEM32\ipconfig.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ipconfig.exe
Infected copy of c:\windows\SYSTEM32\IPSEC6.EXE was found and disinfected
Restored copy from - c:\i386\IPSEC6.EXE
Infected copy of c:\windows\SYSTEM32\ipv6.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ipv6.exe
Infected copy of c:\windows\SYSTEM32\ipxroute.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ipxroute.exe
Infected copy of c:\windows\SYSTEM32\LABEL.EXE was found and disinfected
Restored copy from - c:\i386\LABEL.EXE
Infected copy of c:\windows\SYSTEM32\LIGHTS.EXE was found and disinfected
Restored copy from - c:\i386\LIGHTS.EXE
Infected copy of c:\windows\SYSTEM32\LNKSTUB.EXE was found and disinfected
Restored copy from - c:\i386\LNKSTUB.EXE
Infected copy of c:\windows\SYSTEM32\locator.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\locator.exe
Infected copy of c:\windows\SYSTEM32\LODCTR.EXE was found and disinfected
Restored copy from - c:\i386\LODCTR.EXE
Infected copy of c:\windows\SYSTEM32\logagent.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\logagent.exe
Infected copy of c:\windows\SYSTEM32\logman.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\logman.exe
Infected copy of c:\windows\SYSTEM32\LOGOFF.EXE was found and disinfected
Restored copy from - c:\i386\LOGOFF.EXE
Infected copy of c:\windows\SYSTEM32\logonui.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\logonui.exe
Infected copy of c:\windows\SYSTEM32\LPQ.EXE was found and disinfected
Restored copy from - c:\i386\LPQ.EXE
Infected copy of c:\windows\SYSTEM32\LPR.EXE was found and disinfected
Restored copy from - c:\i386\LPR.EXE
Infected copy of c:\windows\SYSTEM32\magnify.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\magnify.exe
Infected copy of c:\windows\SYSTEM32\makecab.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\makecab.exe
Infected copy of c:\windows\SYSTEM32\mmc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mmc.exe
Infected copy of c:\windows\SYSTEM32\mmcperf.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mmcperf.exe
Infected copy of c:\windows\SYSTEM32\mnmsrvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mnmsrvc.exe
Infected copy of c:\windows\SYSTEM32\mobsync.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mobsync.exe
Infected copy of c:\windows\SYSTEM32\MOUNTVOL.EXE was found and disinfected
Restored copy from - c:\i386\MOUNTVOL.EXE
Infected copy of c:\windows\SYSTEM32\mplay32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mplay32.exe
Infected copy of c:\windows\SYSTEM32\MPNOTIFY.EXE was found and disinfected
Restored copy from - c:\i386\MPNOTIFY.EXE
Infected copy of c:\windows\SYSTEM32\MRINFO.EXE was found and disinfected
Restored copy from - c:\i386\MRINFO.EXE
Infected copy of c:\windows\SYSTEM32\msdtc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msdtc.exe
Infected copy of c:\windows\SYSTEM32\MSG.EXE was found and disinfected
Restored copy from - c:\i386\MSG.EXE
Infected copy of c:\windows\SYSTEM32\MSHEARTS.EXE was found and disinfected
Restored copy from - c:\i386\MSHEARTS.EXE
Infected copy of c:\windows\SYSTEM32\mshta.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\mshta.exe
Infected copy of c:\windows\SYSTEM32\msiexec.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\msiexec.exe
Infected copy of c:\windows\SYSTEM32\mspaint.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mspaint.exe
Infected copy of c:\windows\SYSTEM32\MSSWCHX.EXE was found and disinfected
Restored copy from - c:\i386\MSSWCHX.EXE
Infected copy of c:\windows\SYSTEM32\mstinit.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\mstinit.exe
Infected copy of c:\windows\SYSTEM32\mstsc.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\mstsc.exe
Infected copy of c:\windows\SYSTEM32\napstat.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\napstat.exe
Infected copy of c:\windows\SYSTEM32\narrator.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\narrator.exe
Infected copy of c:\windows\SYSTEM32\NBTSTAT.EXE was found and disinfected
Restored copy from - c:\i386\NBTSTAT.EXE
Infected copy of c:\windows\SYSTEM32\nddeapir.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\nddeapir.exe
Infected copy of c:\windows\SYSTEM32\net.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\net.exe
Infected copy of c:\windows\SYSTEM32\net1.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\net1.exe
Infected copy of c:\windows\SYSTEM32\netdde.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netdde.exe
Infected copy of c:\windows\SYSTEM32\netsetup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netsetup.exe
Infected copy of c:\windows\SYSTEM32\netsh.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netsh.exe
Infected copy of c:\windows\SYSTEM32\netstat.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\netstat.exe
Infected copy of c:\windows\SYSTEM32\nslookup.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\nslookup.exe
Infected copy of c:\windows\SYSTEM32\NTSD.EXE was found and disinfected
Restored copy from - c:\i386\NTSD.EXE
Infected copy of c:\windows\SYSTEM32\ntvdm.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ntvdm.exe
Infected copy of c:\windows\SYSTEM32\odbcad32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\odbcad32.exe
Infected copy of c:\windows\SYSTEM32\odbcconf.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\odbcconf.exe
Infected copy of c:\windows\SYSTEM32\osk.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\osk.exe
Infected copy of c:\windows\SYSTEM32\OSUNINST.EXE was found and disinfected
Restored copy from - c:\i386\OSUNINST.EXE
Infected copy of c:\windows\SYSTEM32\packager.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\packager.exe
Infected copy of c:\windows\SYSTEM32\PATHPING.EXE was found and disinfected
Restored copy from - c:\i386\PATHPING.EXE
Infected copy of c:\windows\SYSTEM32\PENTNT.EXE was found and disinfected
Restored copy from - c:\i386\PENTNT.EXE
Infected copy of c:\windows\SYSTEM32\perfmon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\perfmon.exe
Infected copy of c:\windows\SYSTEM32\ping.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ping.exe
Infected copy of c:\windows\SYSTEM32\PING6.EXE was found and disinfected
Restored copy from - c:\i386\PING6.EXE
Infected copy of c:\windows\SYSTEM32\powercfg.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\powercfg.exe
Infected copy of c:\windows\SYSTEM32\PRINT.EXE was found and disinfected
Restored copy from - c:\i386\PRINT.EXE
Infected copy of c:\windows\SYSTEM32\progman.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\progman.exe
Infected copy of c:\windows\SYSTEM32\proquota.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\proquota.exe
Infected copy of c:\windows\SYSTEM32\proxycfg.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\proxycfg.exe
Infected copy of c:\windows\SYSTEM32\QAPPSRV.EXE was found and disinfected
Restored copy from - c:\i386\QAPPSRV.EXE
Infected copy of c:\windows\SYSTEM32\qprocess.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\qprocess.exe
Infected copy of c:\windows\SYSTEM32\QWINSTA.EXE was found and disinfected
Restored copy from - c:\i386\QWINSTA.EXE
Infected copy of c:\windows\SYSTEM32\RASAUTOU.EXE was found and disinfected
Restored copy from - c:\i386\RASAUTOU.EXE
Infected copy of c:\windows\SYSTEM32\RASDIAL.EXE was found and disinfected
Restored copy from - c:\i386\RASDIAL.EXE
Infected copy of c:\windows\SYSTEM32\rasphone.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rasphone.exe
Infected copy of c:\windows\SYSTEM32\rcimlby.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rcimlby.exe
Infected copy of c:\windows\SYSTEM32\rcp.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rcp.exe
Infected copy of c:\windows\SYSTEM32\rdpclip.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rdpclip.exe
Infected copy of c:\windows\SYSTEM32\rdsaddin.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rdsaddin.exe
Infected copy of c:\windows\SYSTEM32\rdshost.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rdshost.exe
Infected copy of c:\windows\SYSTEM32\RECOVER.EXE was found and disinfected
Restored copy from - c:\i386\RECOVER.EXE
Infected copy of c:\windows\SYSTEM32\reg.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\reg.exe
Infected copy of c:\windows\SYSTEM32\REGEDT32.EXE was found and disinfected
Restored copy from - c:\i386\REGEDT32.EXE
Infected copy of c:\windows\SYSTEM32\REGINI.EXE was found and disinfected
Restored copy from - c:\i386\REGINI.EXE
Infected copy of c:\windows\SYSTEM32\regsvr32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\regsvr32.exe
Infected copy of c:\windows\SYSTEM32\REGWIZ.EXE was found and disinfected
Restored copy from - c:\i386\REGWIZ.EXE
Infected copy of c:\windows\SYSTEM32\REPLACE.EXE was found and disinfected
Restored copy from - c:\i386\REPLACE.EXE
Infected copy of c:\windows\SYSTEM32\RESET.EXE was found and disinfected
Restored copy from - c:\i386\RESET.EXE
Infected copy of c:\windows\SYSTEM32\rexec.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rexec.exe
Infected copy of c:\windows\SYSTEM32\ROUTE.EXE was found and disinfected
Restored copy from - c:\i386\ROUTE.EXE
Infected copy of c:\windows\SYSTEM32\ROUTEMON.EXE was found and disinfected
Restored copy from - c:\i386\ROUTEMON.EXE
Infected copy of c:\windows\SYSTEM32\rsh.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rsh.exe
Infected copy of c:\windows\SYSTEM32\RSM.EXE was found and disinfected
Restored copy from - c:\i386\RSM.EXE
Infected copy of c:\windows\SYSTEM32\RSMSINK.EXE was found and disinfected
Restored copy from - c:\i386\RSMSINK.EXE
Infected copy of c:\windows\SYSTEM32\RSMUI.EXE was found and disinfected
Restored copy from - c:\i386\RSMUI.EXE
Infected copy of c:\windows\SYSTEM32\RSVP.EXE was found and disinfected
Restored copy from - c:\i386\RSVP.EXE
Infected copy of c:\windows\SYSTEM32\rtcshare.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rtcshare.exe
Infected copy of c:\windows\SYSTEM32\RUNAS.EXE was found and disinfected
Restored copy from - c:\i386\RUNAS.EXE
Infected copy of c:\windows\SYSTEM32\rundll32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\rundll32.exe
Infected copy of c:\windows\SYSTEM32\runonce.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\runonce.exe
Infected copy of c:\windows\SYSTEM32\RWINSTA.EXE was found and disinfected
Restored copy from - c:\i386\RWINSTA.EXE
Infected copy of c:\windows\SYSTEM32\savedump.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\savedump.exe
Infected copy of c:\windows\SYSTEM32\sc.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\sc.exe
Infected copy of c:\windows\SYSTEM32\scardsvr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\scardsvr.exe
Infected copy of c:\windows\SYSTEM32\sdbinst.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sdbinst.exe
Infected copy of c:\windows\SYSTEM32\sessmgr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sessmgr.exe
Infected copy of c:\windows\SYSTEM32\sethc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sethc.exe
Infected copy of c:\windows\SYSTEM32\setup.exe was found and disinfected
Restored copy from - c:\windows\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe
Infected copy of c:\windows\SYSTEM32\setupn.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\setupn.exe
Infected copy of c:\windows\SYSTEM32\SFC.EXE was found and disinfected
Restored copy from - c:\i386\SFC.EXE
Infected copy of c:\windows\SYSTEM32\SHADOW.EXE was found and disinfected
Restored copy from - c:\i386\SHADOW.EXE
Infected copy of c:\windows\SYSTEM32\shmgrate.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\shmgrate.exe
Infected copy of c:\windows\SYSTEM32\shrpubw.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\shrpubw.exe
Infected copy of c:\windows\SYSTEM32\shutdown.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\shutdown.exe
Infected copy of c:\windows\SYSTEM32\sigverif.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sigverif.exe
Infected copy of c:\windows\SYSTEM32\skeys.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\skeys.exe
Infected copy of c:\windows\SYSTEM32\slserv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\slserv.exe
Infected copy of c:\windows\SYSTEM32\smbinst.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\smbinst.exe
Infected copy of c:\windows\SYSTEM32\smlogsvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\smlogsvc.exe
Infected copy of c:\windows\SYSTEM32\sndrec32.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sndrec32.exe
Infected copy of c:\windows\SYSTEM32\SNDVOL32.EXE was found and disinfected
Restored copy from - c:\i386\SNDVOL32.EXE
Infected copy of c:\windows\SYSTEM32\SOL.EXE was found and disinfected
Restored copy from - c:\i386\SOL.EXE
Infected copy of c:\windows\SYSTEM32\sort.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sort.exe
Infected copy of c:\windows\SYSTEM32\spider.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\spider.exe
Infected copy of c:\windows\SYSTEM32\spnpinst.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\spnpinst.exe
Infected copy of c:\windows\SYSTEM32\stimon.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\stimon.exe
Infected copy of c:\windows\SYSTEM32\SUBST.EXE was found and disinfected
Restored copy from - c:\i386\SUBST.EXE
Infected copy of c:\windows\SYSTEM32\SYNCAPP.EXE was found and disinfected
Restored copy from - c:\i386\SYNCAPP.EXE
Infected copy of c:\windows\SYSTEM32\SYSKEY.EXE was found and disinfected
Restored copy from - c:\i386\SYSKEY.EXE
Infected copy of c:\windows\SYSTEM32\sysocmgr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\sysocmgr.exe
Infected copy of c:\windows\SYSTEM32\SYSTRAY.EXE was found and disinfected
Restored copy from - c:\i386\SYSTRAY.EXE
Infected copy of c:\windows\SYSTEM32\taskmgr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\taskmgr.exe
Infected copy of c:\windows\SYSTEM32\TCMSETUP.EXE was found and disinfected
Restored copy from - c:\i386\TCMSETUP.EXE
Infected copy of c:\windows\SYSTEM32\TCPSVCS.EXE was found and disinfected
Restored copy from - c:\i386\TCPSVCS.EXE
Infected copy of c:\windows\SYSTEM32\telnet.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\telnet.exe
Infected copy of c:\windows\SYSTEM32\TFTP.EXE was found and disinfected
Restored copy from - c:\i386\TFTP.EXE
Infected copy of c:\windows\SYSTEM32\tourstart.exe was found and disinfected
Restored copy from - c:\windows\$NtServicePackUninstall$\tourstart.exe
Infected copy of c:\windows\SYSTEM32\tracert.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\tracert.exe
Infected copy of c:\windows\SYSTEM32\TRACERT6.EXE was found and disinfected
Restored copy from - c:\i386\TRACERT6.EXE
Infected copy of c:\windows\SYSTEM32\TSCON.EXE was found and disinfected
Restored copy from - c:\i386\TSCON.EXE
Infected copy of c:\windows\SYSTEM32\TSDISCON.EXE was found and disinfected
Restored copy from - c:\i386\TSDISCON.EXE
Infected copy of c:\windows\SYSTEM32\TSKILL.EXE was found and disinfected
Restored copy from - c:\i386\TSKILL.EXE
Infected copy of c:\windows\SYSTEM32\TSSHUTDN.EXE was found and disinfected
Restored copy from - c:\i386\TSSHUTDN.EXE
Infected copy of c:\windows\SYSTEM32\UNLODCTR.EXE was found and disinfected
Restored copy from - c:\i386\UNLODCTR.EXE
Infected copy of c:\windows\SYSTEM32\upnpcont.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\upnpcont.exe
Infected copy of c:\windows\SYSTEM32\ups.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\ups.exe
Infected copy of c:\windows\SYSTEM32\USRMLNKA.EXE was found and disinfected
Restored copy from - c:\i386\USRMLNKA.EXE
Infected copy of c:\windows\SYSTEM32\USRPRBDA.EXE was found and disinfected
Restored copy from - c:\i386\USRPRBDA.EXE
Infected copy of c:\windows\SYSTEM32\USRSHUTA.EXE was found and disinfected
Restored copy from - c:\i386\USRSHUTA.EXE
Infected copy of c:\windows\SYSTEM32\utilman.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\utilman.exe
Infected copy of c:\windows\SYSTEM32\VERIFIER.EXE was found and disinfected
Restored copy from - c:\i386\VERIFIER.EXE
Infected copy of c:\windows\SYSTEM32\VSSADMIN.EXE was found and disinfected
Restored copy from - c:\i386\VSSADMIN.EXE
Infected copy of c:\windows\SYSTEM32\vssvc.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\vssvc.exe
Infected copy of c:\windows\SYSTEM32\W32TM.EXE was found and disinfected
Restored copy from - c:\i386\W32TM.EXE
Infected copy of c:\windows\SYSTEM32\wextract.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wextract.exe
Infected copy of c:\windows\SYSTEM32\wiaacmgr.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wiaacmgr.exe
Infected copy of c:\windows\SYSTEM32\WINMINE.EXE was found and disinfected
Restored copy from - c:\i386\WINMINE.EXE
Infected copy of c:\windows\SYSTEM32\WINMSD.EXE was found and disinfected
Restored copy from - c:\i386\WINMSD.EXE
Infected copy of c:\windows\SYSTEM32\winver.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\winver.exe
Infected copy of c:\windows\SYSTEM32\wpabaln.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wpabaln.exe
Infected copy of c:\windows\SYSTEM32\wpnpinst.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wpnpinst.exe
Infected copy of c:\windows\SYSTEM32\WRITE.EXE was found and disinfected
Restored copy from - c:\i386\WRITE.EXE
Infected copy of c:\windows\SYSTEM32\wscntfy.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wscntfy.exe
Infected copy of c:\windows\SYSTEM32\wscript.exe was found and disinfected
Restored copy from - c:\windows\system32\dllcache\wscript.exe
Infected copy of c:\windows\SYSTEM32\WUPDMGR.EXE was found and disinfected
Restored copy from - c:\i386\WUPDMGR.EXE
Infected copy of c:\windows\SYSTEM32\xcopy.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\xcopy.exe
Infected copy of c:\windows\SYSTEM32\WBEM\wmiapsrv.exe was found and disinfected
Restored copy from - c:\windows\ServicePackFiles\i386\wmiapsrv.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TCPSR
((((((((((((((((((((((((( Files Created from 2009-09-09 to 2009-10-09 )))))))))))))))))))))))))))))))
.
2009-10-08 17:41 . 2009-10-08 17:41 -------- d-----w- c:\documents and settings\scott williamson\Application Data\Malwarebytes
2009-10-08 17:37 . 2009-09-10 13:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-08 17:37 . 2009-10-08 17:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-08 17:37 . 2009-09-10 13:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-08 17:37 . 2009-10-08 17:41 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-03 21:54 . 2009-10-03 22:04 212224 ------w- c:\windows\system32\dllcache\ndis.sys
2009-10-03 19:36 . 2009-10-03 19:38 -------- d-----w- C:\Keygen
2009-10-03 10:20 . 2009-10-01 09:29 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-09-10 20:18 . 2009-06-21 21:44 153088 ------w- c:\windows\system32\dllcache\triedit.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-08 17:48 . 2003-11-07 10:25 315392 ----a-w- c:\windows\system32\Jasc Paint Shop Photo Album.scr
2009-10-08 16:35 . 2004-08-04 04:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-10-04 09:48 . 2005-11-24 23:08 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-10-04 07:58 . 2009-10-04 07:58 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS.ORIGINAL
2009-10-04 07:58 . 2004-08-04 04:00 361600 ----a-w- c:\windows\system32\drivers\TCPIP.SYS
2009-10-04 07:31 . 2006-05-24 21:47 61440 ----a-w- c:\program files\Uninstall_CDS.exe
2009-10-04 07:31 . 2004-08-04 04:00 41472 ----a-w- c:\windows\system32\ssmarque.scr
2009-10-04 07:31 . 2004-08-04 04:00 39424 ----a-w- c:\windows\system32\ssmyst.scr
2009-10-04 07:31 . 2004-08-04 04:00 40448 ----a-w- c:\windows\system32\ssbezier.scr
2009-10-04 07:24 . 2004-09-22 18:46 67584 ----a-w- c:\windows\system32\uwdf.exe
2009-10-04 07:24 . 2004-08-04 04:00 65024 ----a-w- c:\windows\system32\TSCUPGRD.EXE
2009-10-04 07:24 . 2008-09-17 08:54 41472 ----a-w- c:\windows\system32\spupdwxp.exe
2009-10-04 07:23 . 2004-11-12 20:42 171520 ----a-w- c:\windows\system32\wjview.exe
2009-10-04 07:23 . 2008-05-18 07:34 77824 ----a-w- c:\windows\system32\GenSvcInst.exe
2009-10-04 07:23 . 2004-08-04 04:00 35840 ----a-w- c:\windows\system32\TASKMAN.EXE
2009-10-04 07:22 . 2008-09-17 08:54 53248 ----a-w- c:\windows\system32\slrundll.exe
2009-10-04 07:20 . 2008-09-17 08:54 28160 ----a-w- c:\windows\system32\spdwnwxp.exe
2009-10-04 07:20 . 2004-08-04 04:00 28672 ----a-w- c:\windows\system32\WINHLP32.EXE
2009-10-04 07:14 . 2004-08-04 04:00 72192 ----a-w- c:\windows\system32\MIGPWD.EXE
2009-10-04 07:14 . 1998-03-26 00:00 58368 ----a-w- c:\windows\system32\MAPISRVR.EXE
2009-10-04 07:13 . 2004-11-12 20:42 172032 ----a-w- c:\windows\system32\jview.exe
2009-10-04 07:13 . 2004-11-12 20:42 14848 ----a-w- c:\windows\system32\jdbgmgr.exe
2009-10-04 07:13 . 2004-11-12 20:55 37000 ----a-w- c:\windows\system32\instlsp.exe
2009-10-04 07:13 . 2007-04-18 16:23 86016 ----a-w- c:\windows\system32\HPZinw12.exe
2009-10-04 07:13 . 2008-09-17 08:53 41472 ----a-w- c:\windows\system32\faxpatch.exe
2009-10-03 22:27 . 2006-03-17 00:38 49152 ----a-w- c:\windows\system32\verclsid.exe
2009-10-03 22:24 . 1979-12-31 23:00 139264 ----a-w- c:\windows\system32\Prounstl.exe
2009-10-03 22:22 . 2004-08-04 04:00 89600 ----a-w- c:\windows\system32\notepad.exe
2009-10-03 22:01 . 2007-12-14 20:32 -------- d-----w- c:\documents and settings\scott williamson\Application Data\uTorrent
2009-10-03 21:58 . 2004-11-12 20:42 49152 ----a-w- c:\windows\system32\clspack.exe
2009-10-03 21:58 . 2004-08-04 04:00 40960 ----a-w- c:\windows\system32\cliconfg.exe
2009-10-03 21:57 . 1979-12-31 23:00 86016 ----a-w- c:\windows\system32\Ati2mdxx.exe
2009-10-03 21:56 . 2005-01-07 14:13 298496 ----a-w- c:\windows\uninst.exe
2009-10-03 21:56 . 2004-11-12 20:42 46080 ----a-w- c:\windows\setdebug.exe
2009-10-03 21:56 . 2004-07-19 15:01 63448 ----a-w- c:\windows\SETPWRCG.EXE
2009-10-03 21:56 . 2005-02-28 13:15 745472 ----a-w- c:\windows\iun6002.exe
2009-10-03 21:56 . 2009-09-06 19:30 307200 ----a-w- c:\windows\iun507.exe
2009-10-03 21:56 . 1998-10-29 15:45 327168 ----a-w- c:\windows\IsUninst.exe
2009-10-03 21:55 . 2006-04-20 12:04 184320 ----a-w- c:\windows\emSTI.exe
2009-10-03 21:55 . 2006-04-20 12:04 368640 ----a-w- c:\windows\emAmcap.exe
2009-10-03 21:55 . 2004-10-26 21:58 118784 ----a-w- c:\windows\dla.exe
2009-10-03 21:49 . 2007-04-18 16:23 94208 ----a-w- c:\windows\system32\HPZipm12.exe
2009-09-29 14:39 . 2008-05-18 07:31 -------- d-----w- c:\program files\FinePixViewer
2009-09-24 22:14 . 2007-04-18 17:23 -------- d-----w- c:\documents and settings\scott williamson\Application Data\Image Zone Express
2009-09-21 14:22 . 2007-08-16 18:06 -------- d-----w- c:\program files\MSECache
2009-09-18 14:28 . 2009-09-02 12:19 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-09-10 20:57 . 2007-04-18 16:30 -------- d-----w- c:\documents and settings\All Users\Application Data\HP
2009-09-08 20:44 . 2009-08-11 08:51 -------- d-----w- c:\documents and settings\LocalService\Application Data\SACore
2009-09-06 19:30 . 2009-09-06 19:29 -------- d-----w- c:\program files\RescuePRO
2009-08-19 16:02 . 2009-08-19 16:01 -------- d-----w- c:\documents and settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
2009-08-19 16:02 . 2006-01-27 16:58 -------- d-----w- c:\program files\iTunes
2009-08-19 16:01 . 2006-01-27 16:55 -------- d-----w- c:\program files\iPod
2009-08-19 16:01 . 2007-12-14 23:16 -------- d-----w- c:\program files\Common Files\Apple
2009-08-19 15:59 . 2009-08-19 15:59 -------- d-----w- c:\program files\Bonjour
2009-08-19 15:58 . 2009-08-19 15:57 -------- d-----w- c:\program files\QuickTime
2009-08-16 22:35 . 2004-12-05 22:41 -------- d-----w- c:\program files\McAfee
2009-08-12 13:42 . 2004-10-26 21:55 -------- d-----w- c:\program files\Java
2009-08-11 08:37 . 2009-08-11 08:37 -------- d-----w- c:\program files\SiteAdvisor
2009-08-06 18:24 . 2004-08-04 04:00 327896 ----a-w- c:\windows\system32\wucltui.dll
2009-08-06 18:24 . 2004-08-04 04:00 209632 ----a-w- c:\windows\system32\wuweb.dll
2009-08-06 18:24 . 2005-05-26 03:16 44768 ----a-w- c:\windows\system32\wups2.dll
2009-08-06 18:24 . 2004-11-19 15:12 35552 ----a-w- c:\windows\system32\wups.dll
2009-08-06 18:24 . 2004-08-04 04:00 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-08-06 18:24 . 2004-08-04 04:00 96480 ----a-w- c:\windows\system32\cdm.dll
2009-08-06 18:23 . 2004-08-04 04:00 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-08-06 18:23 . 2004-08-04 04:00 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-08-05 09:01 . 2004-08-04 04:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-25 04:23 . 2008-12-28 09:44 411368 ----a-w- c:\windows\system32\deploytk.dll
2009-07-21 22:31 . 2009-07-21 22:31 9232 ----a-w- c:\documents and settings\scott williamson\mqdmmdfl.sys
2009-07-21 22:31 . 2009-07-21 22:31 92064 ----a-w- c:\documents and settings\scott williamson\mqdmmdm.sys
2009-07-21 22:31 . 2009-07-21 22:31 79328 ----a-w- c:\documents and settings\scott williamson\mqdmserd.sys
2009-07-21 22:31 . 2009-07-21 22:31 66656 ----a-w- c:\documents and settings\scott williamson\mqdmbus.sys
2009-07-21 22:31 . 2009-07-21 22:31 6208 ----a-w- c:\documents and settings\scott williamson\mqdmcmnt.sys
2009-07-21 22:31 . 2009-07-21 22:31 5936 ----a-w- c:\documents and settings\scott williamson\mqdmwhnt.sys
2009-07-21 22:31 . 2009-07-21 22:31 4048 ----a-w- c:\documents and settings\scott williamson\mqdmcr.sys
2009-07-21 22:31 . 2007-09-06 09:30 25600 ----a-w- c:\documents and settings\scott williamson\usbsermptxp.sys
2009-07-21 22:31 . 2007-09-06 09:30 22768 ----a-w- c:\documents and settings\scott williamson\usbsermpt.sys
2009-07-17 19:01 . 2004-08-04 04:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-16 11:32 . 2008-08-09 14:48 120136 ----a-w- c:\windows\system32\drivers\Mpfp.sys
2009-07-13 09:08 . 2004-08-04 04:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
.
------- Sigcheck -------
[-] 2009-10-04 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\TCPIP.SYS
[-] 2009-10-04 . A29E1209F925A0E9B330E11DA5FC7BAB . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\TCPIP.SYS
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 2A5554FC5B1E04E131230E3CE035C3F9 . 360320 . . [5.1.2600.3394] . . c:\windows\$NtServicePackUninstall$\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-04-13 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . CEE1276A4A71E3F8545D97C1AAD2A6B0 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[7] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-27 68856]
"Google Update"="c:\documents and settings\scott williamson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" [2009-02-14 133104]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BOC-425"="c:\progra~1\Comodo\CBOClean\BOC425.exe" [2007-11-26 342272]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Exif Launcher 2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-5-18 315392]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
R0 Lbd;Lbd;c:\windows\SYSTEM32\DRIVERS\Lbd.sys [28/07/2009 10:07 64160]
R2 BOCore;BOCore;c:\program files\Comodo\CBOClean\BOCore.exe [19/03/2008 11:15 73472]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [03/07/2009 15:49 1028432]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\McAfee\SiteAdvisor\McSACore.exe [11/08/2009 09:35 210216]
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [03/11/2006 20:19 13592]
S2 gupdate1c9b1e3241c1022;Google Update Service (gupdate1c9b1e3241c1022);c:\program files\Google\Update\GoogleUpdate.exe [31/03/2009 10:29 133104]
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
BtwSrv
.
Contents of the 'Scheduled Tasks' folder
2009-09-28 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-07-03 09:11]
2009-09-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2009-10-09 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-06-18 13:16]
2009-10-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 09:28]
2009-10-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-31 09:28]
2009-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139415666-3503368196-1855859309-1006Core.job
- c:\documents and settings\scott williamson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-14 13:59]
2009-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-139415666-3503368196-1855859309-1006UA.job
- c:\documents and settings\scott williamson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2009-02-14 13:59]
2004-11-04 c:\windows\Tasks\ISP signup reminder 1.job
- c:\windows\system32\OOBE\OOBEBALN.EXE [2004-08-04 00:12]
2008-08-09 c:\windows\Tasks\McDefragTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-08-09 20:26]
2008-08-09 c:\windows\Tasks\McQcTask.job
- c:\program files\mcafee\mqc\QcConsol.exe [2008-08-09 20:26]
2009-10-09 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.co.uk/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mWindow Title = Tiscali 10.0
uInternet Connection Wizard,ShellNext = hxxp://www.dell.co.uk/myway
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
IE: {{08E730A4-FB02-45BD-A900-01E4AD8016F6} -
http://www.sky.com
Trusted Zone: internet
Trusted Zone: mcafee.com
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-Sonic RecordNow! - (no file)
HKCU-Run-eyeBeam SIP Client - (no file)
AddRemove-Yahoo! Anti-Spy - c:\progra~1\Yahoo!\YPSR\unwise32.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer,
http://www.gmer.net
Rootkit scan 2009-10-09 08:44
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'explorer.exe'(3800)
c:\program files\McAfee\SiteAdvisor\saHook.dll
c:\progra~1\WINDOW~2\wmpband.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SYSTEM32\ati2evxx.exe
c:\progra~1\COMMON~1\Apple\MOBILE~1\bin\APPLEM~4.EXE
c:\windows\SYSTEM32\bgsvcgen.exe
c:\progra~1\Comodo\CBOClean\BOCore.exe
c:\progra~1\Bonjour\MDNSRE~1.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\progra~1\McAfee\MSC\mcmscsvc.exe
c:\progra~1\COMMON~1\McAfee\MNA\McNASvc.exe
c:\progra~1\COMMON~1\McAfee\McProxy\McProxy.exe
c:\progra~1\McAfee\VIRUSS~1\Mcshield.exe
c:\progra~1\McAfee\MPF\MpfSrv.exe
c:\progra~1\McAfee\MSK\msksrver.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\WBEM\UNSECAPP.EXE
c:\progra~1\McAfee.com\Agent\mcagent.exe
c:\program files\HP\Digital Imaging\bin\hpqste08.exe
.
**************************************************************************
.
Completion time: 2009-10-09 8:50 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-09 07:50
Pre-Run: 72,235,008,000 bytes free
Post-Run: 72,109,019,136 bytes free
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
817 --- E O F --- 2009-10-06 16:21