Thread: Old Java, got Virtumonde?
View Single Post
Old 11-13-2008, 04:41 PM   #1 (permalink)
kornjulio
Registered User
 
Join Date: Nov 2008
Posts: 4
OS: xp pro sp2


Old Java, got Virtumonde?
Symptoms: Sporadic pop-ups after son played game online.

Actions to date:

Updated to latest Java, removed old versions.
Malwarebytes and Ad-Aware found & removed infections, but popups still happen....

HJT, DDS, GMER logs follow/attached...

Thanks! Kevin

HJT log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:59:43 PM, on 11/13/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\Kevin\Application Data\Twain\Twain.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [Gainward] C:\WINDOWS\TBPanel.exe /A
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [SansaDispatch] C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [Twain] C:\Documents and Settings\Kevin\Application Data\Twain\Twain.exe
O4 - Startup: MP3 Rocket (silent).lnk = C:\Program Files\MP3 Rocket\MP3Rocket_on_startup.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: hxxp://*.s-seriesforum.com
O15 - Trusted Zone: hxxp://*.turbotax.com
O16 - DPF: {01016526-5E80-11D8-9E86-0007E96C65AE} (SmartAccess Ctl Class) - hxxps://www.yahoo.com/diskless/bin/ssctlsma.dll
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - hxxp://www.musicnotes.com/download/mnviewer.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - hxxp://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E2941E3-8E63-11D4-9D5A-00902742D6E0} (iNotes Class) - hxxps://mygmgw.gm.com/http://usabhma...com/iNotes.cab
O16 - DPF: {24D1BDCE-D835-11D6-BF84-0050047EA0E7} (BlueStream_Flash Class) - hxxp://www.rovion.com/Controls/Rovion.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - hxxps://mygmgw.gm.com/http://usabhem...m/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - hxxp://v5.windowsupdate.microsoft.co...?1104357269751
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - hxxp://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - hxxp://atv.disney.go.com/global/down.../OTOYAX29b.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - hxxps://photos.riteaid.com/control/R...hotoOnline.cab
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} (ScorchPlugin Class) - hxxp://www.sibelius.com/download/sof...iveXPlugin.cab
O16 - DPF: {ABB660B6-6694-407B-950A-EDBA5A159722} (DVCDownloadControl) - hxxp://download.games.yahoo.com/game...oadControl.cab
O16 - DPF: {BB383206-6DA1-4E80-B62A-3DF950FCC697} (Create & Print ActiveX Plug-in) - hxxp://www.imgag.com/cp/install/AxCtp2.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - hxxp://download.games.yahoo.com/game...nematycoon.cab
O16 - DPF: {DBA8E419-0D5F-439B-A3CC-D01C768D9B51} (DVCDownloaderControl Object) - hxxp://www.sonypictures.com/games/th...derControl.cab
O18 - Filter hijack: text/html - {dc8f45bc-32bb-48a9-89dc-35a90d0d7ce1} - (no file)
O20 - AppInit_DLLs: karna.dat jflnql.dll ujpeye.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
O24 - Desktop Component 0: (no name) - hxxps://www.natchezss.com/images/misc/background.gif

--
End of file - 9474 bytes

DDS log:

DDS (Version 1.0) - NTFSx86
Run by Kevin at 18:55:44.84 on Thu 11/13/2008
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.767.402 [GMT -5:00]

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Mixer.exe
C:\WINDOWS\TBPanel.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\SanDisk\Sansa Updater\SansaDispatch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\Ahead\Ahead\data\Xtras\mssysmgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Documents and Settings\Kevin\Application Data\Twain\Twain.exe
C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\ESPMAIN.EXE
C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Kevin\LOCALS~1\Temp\RarSFX0\CHIDE.exe
C:\Documents and Settings\Kevin\Desktop\dds.scr

============== Psuedo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre1.6.0_07\bin\ssv.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton antivirus\NavShExt.dll
TB: {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - c:\program files\norton antivirus\NavShExt.dll
uRun: [PhotoShow Deluxe Media Manager] c:\progra~1\ahead\ahead\data\xtras\mssysmgr.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\WCESCOMM.EXE"
uRun: [NBJ] "c:\program files\ahead\nero backitup\NBJ.exe"
uRun: [Twain] c:\documents and settings\kevin\application data\twain\Twain.exe
mRun: [SiSUSBRG] c:\windows\SiSUSBrg.exe
mRun: [C-Media Mixer] Mixer.exe /startup
mRun: [Gainward] c:\windows\TBPanel.exe /A
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NeroFilterCheck] c:\windows\system32\NeroCheck.exe
mRun: [WinFast Schedule] c:\program files\winfast\wftvfm\WFWIZ.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [Symantec NetDriver Monitor] c:\progra~1\symnet~1\SNDMon.exe
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [CloneCDTray] "c:\program files\slysoft\clonecd\CloneCDTray.exe" /s
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
mRun: [SansaDispatch] c:\program files\sandisk\sansa updater\SansaDispatch.exe
mRun: [SunJavaUpdateSched] c:\program files\java\jre1.6.0_07\bin\jusched.exe
StartupFolder: c:\docume~1\kevin\startm~1\programs\startup\mp3roc~1.lnk - c:\program files\mp3 rocket\MP3Rocket_on_startup.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adober~1.lnk - c:\program files\adobe\acrobat 7.0\reader\reader_sl.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\epsons~1.lnk - c:\program files\epson\epson smart panel for scanner\ESPMAIN.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~2.lnk - c:\program files\microsoft office\office\FINDFAST.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\office~1.lnk - c:\program files\microsoft office\office\OSA.EXE
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-system: DisableTaskMgr = 1 (0x1)
dPolicies-system: DisableTaskMgr = 1 (0x1)
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {08B0E5C0-4FCB-11CF-AAA5-00401C608501}
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\program files\microsoft activesync\INetRepl.dll
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - c:\program files\common files\microsoft shared\web folders\PKMCDO.DLL
Handler: mctp - {d7b95390-b1c5-11d0-b111-0080c712fe82} - c:\program files\microsoft activesync\aatp.dll
WinCE Filter: image/bmp - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/gif - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/jpeg - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: image/xbm - {86F59FAE-FB3A-11D1-AA72-00C04FAE2D4B} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/asp - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
WinCE Filter: text/html - {6C5C3074-FFAB-11d1-8EC4-00C04F98D57A} - c:\program files\microsoft activesync\cenetflt.dll
AppInit_DLLs: karna.dat jflnql.dll ujpeye.dll
SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - c:\windows\system32\upnpui.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

============= SERVICES / DRIVERS ===============

R1 amdtools;AMD Special Tools Driver;c:\windows\system32\drivers\amdtools.sys
R2 BT848;WinFast TV2000 XP WDM Video Capture;c:\windows\system32\drivers\wf2kvcap.sys
R2 tv2ktunr;WinFast TV2000 XP WDM TVTuner;c:\windows\system32\drivers\wf2ktunr.sys
R2 Tv2kXbar;WinFast TV2000 XP WDM Crossbar;c:\windows\system32\drivers\wf2kxbar.sys
R3 WFIOCTL;WFIOCTL;\??\c:\program files\winfast\wftvfm\WFIOCTL.SYS
S3 JL2005;JL2005A Camera;c:\windows\system32\drivers\toywdm.sys

=============== Created Last 30 ================

2008-11-13 18:12 250 a------- c:\windows\gmer.ini
2008-11-12 21:28 73,728 a------- c:\windows\system32\javacpl.cpl
2008-11-12 21:02 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Lavasoft
2008-11-12 20:22 <DIR> --d----- c:\program files\Trend Micro
2008-11-12 04:24 <DIR> --d----- c:\windows\oqmm
2008-11-12 04:24 <DIR> --d----- c:\program files\common files\oqmm
2008-11-11 21:14 <DIR> --dsh--- c:\windows\S2V2aW4gQmF1bQ
2008-11-11 20:57 <DIR> --d----- c:\docume~1\kevin\applic~1\Twain
2008-11-08 19:55 54,156 a---h--- c:\windows\QTFont.qfn
2008-11-08 19:55 1,409 a------- c:\windows\QTFont.for
2008-11-01 12:54 164 a------- c:\windows\system32\TDSSosvd.dat
2008-10-17 20:01 <DIR> --d----- c:\docume~1\kevin\applic~1\Malwarebytes
2008-10-17 20:01 15,504 a------- c:\windows\system32\drivers\mbam.sys
2008-10-17 20:01 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2008-10-17 20:00 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2008-10-17 20:00 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2008-10-17 19:21 <DIR> --d----- c:\program files\Enigma Software Group
2008-10-17 19:18 19,106 a------- c:\windows\system32\feda.db
2008-10-17 19:18 18,938 a------- c:\windows\raqamite.reg
2008-10-17 19:18 17,081 a------- c:\docume~1\kevin\applic~1\pumyzarete.dat
2008-10-17 19:18 16,080 a------- c:\docume~1\kevin\applic~1\zydejoma.pif
2008-10-17 19:18 15,678 a------- c:\docume~1\kevin\applic~1\pypibu.scr
2008-10-17 19:18 15,038 a------- c:\program files\common files\lopylama.pif
2008-10-17 19:18 11,723 a------- c:\docume~1\kevin\applic~1\osivyq.dll
2008-10-17 19:18 11,570 a------- c:\windows\wyjil.scr
2008-10-17 19:18 10,892 a------- c:\windows\uhapazecu.scr
2008-10-17 19:18 18,297 a------- c:\program files\common files\baloqufyw.bin
2008-10-17 19:18 17,752 a------- c:\windows\edoxyd._dl
2008-10-17 19:18 17,720 a------- c:\docume~1\alluse~1\applic~1\omizamit.com
2008-10-17 19:18 17,036 a------- c:\windows\ecoxa.com
2008-10-17 19:18 12,699 a------- c:\program files\common files\xarec.vbs
2008-10-17 08:29 <DIR> --d----- c:\program files\Common

==================== Find3M ====================

2008-11-13 18:08 <DIR> --d----- c:\program files\Norton AntiVirus
2008-11-13 11:08 <DIR> --d----- c:\program files\MP3 Rocket
2008-11-12 21:03 <DIR> --d----- c:\program files\Lavasoft
2008-11-12 21:01 <DIR> --d----- c:\program files\common files\Wise Installation Wizard
2008-09-15 14:55 <DIR> --d----- c:\docume~1\kevin\applic~1\Any Video Converter
2008-09-15 06:57 1,846,016 a------- c:\windows\system32\win32k.sys
2008-08-20 00:38 659,456 a------- c:\windows\system32\wininet.dll
2008-06-11 16:12 <DIR> --d----- c:\docume~1\kevin\applic~1\MP3Rocket
2008-01-31 14:32 <DIR> --d----- c:\docume~1\kevin\applic~1\Qtrax1
2008-01-31 14:32 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SongbirdVLC
2008-01-07 17:09 <DIR> --d----- c:\docume~1\kevin\applic~1\Intuit
2007-09-23 12:25 <DIR> --d----- c:\docume~1\kevin\applic~1\Printer Info Cache
2007-08-25 20:28 <DIR> --d----- c:\docume~1\kevin\applic~1\PCF-VLC
2007-07-25 12:43 <DIR> --d----- c:\docume~1\kevin\applic~1\Participatory Culture Foundation
2007-03-29 18:29 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PopCap
2007-03-09 18:22 <DIR> --d----- c:\docume~1\kevin\applic~1\MSN6
2007-03-09 18:22 <DIR> --d----- c:\docume~1\alluse~1\applic~1\MSN6
2007-02-22 14:44 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SonyPicturesGames
2006-02-01 18:42 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Intuit
2005-12-16 09:52 <DIR> --d----- c:\docume~1\kevin\applic~1\Snapfish
2005-02-26 10:28 <DIR> --d----- c:\docume~1\kevin\applic~1\Kazaa Lite
2005-01-09 09:14 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Symantec
2005-01-09 09:13 <DIR> --d----- c:\docume~1\kevin\applic~1\Symantec
2004-12-29 19:19 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Ahead

============= FINISH: 18:56:09.31 ===============
Attached Files
File Type: txt gmer.txt (9.0 KB, 1 views)
File Type: txt Attach.txt (10.8 KB, 1 views)
Last edited by kornjulio; 11-13-2008 at 04:58 PM. Reason: fix partial DDS log
kornjulio is offline  
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here