Everest63

One of the user's laptop here at work got hit by a bad virus. He reported that while on the web a window popped up and said that IE 8 would be needed to view the website properly. He clicked OK and then the download happened. He was not taken to Microsoft to download IE8. After the install Symantec Endpoint caught a virus in real-time. I tried to open Symantec Endpoint to see what virus it was, but it is acting strange so I believe the virsus(s) are effecting it. A program that is called HomeAntivirus2010 was installed after clicking the OK at the IE 8 download window. Then other issues came up. When entering a URL like www.techsupportforum.com it would make IE go to a page to download WebRoot software. This happened for every URL input in IE. The URL would read correctly, but the page would always be WebRoot. Looked like a browser hijacking. I had to put MalwareBytes onto a USB thumb drive to install it onto the laptop as I could not get to the correct site to download. MalwareBytes removed 14 viruses. After reboot the URL issue in IE was fixed, hence now I can reach TechSupportforum.com to enter this. I am sure there is still malware junk on this Lenovo X60 tablet laptop.
Also, the laptop has IE7, not IE8. The message to downlaod IE8 was a hoax.
Thank you.



DDS (Ver_09-06-26.01) - NTFSx86
Run by pdurkin at 11:11:01.13 on Mon 07/20/2009
Internet Explorer: 7.0.5730.11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1014.373 [GMT -4:00]

AV: Symantec Endpoint Protection *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}

============== Running Processes ===============

C:\lotus\notes\nslsvice.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Program Files\ThinkPad\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Smc.exe
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\IPSSVC.EXE
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\Tablet Shortcut\ASR\ASRSVC.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\WINDOWS\SYSTEM32\DWRCS.EXE
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\lotus\notes\ntmulti.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Fiberlink\Extend360\ServiceMgr.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMService.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.EXE
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Program Files\Common Files\Lenovo\Logger\logmon.exe
C:\Program Files\Lenovo\Rescue and Recovery\ADM\IUService.exe
C:\Program Files\RealVNC\WinVNC\WinVNC.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\SYSTEM32\WISPTIS.EXE
C:\WINDOWS\System32\tabbtnu.exe
C:\WINDOWS\SYSTEM32\DWRCST.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec\Symantec Endpoint Protection\SmcGui.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkIcon.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe
C:\WINDOWS\system32\tp4serv.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\WINDOWS\system32\TpShocks.exe
C:\WINDOWS\system32\TpPenMon.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\ThinkPad\Tablet Shortcut\TSMRESIDENT.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\PROGRA~1\THINKV~2\PrdCtr\LPMGR.exe
C:\Program Files\ThinkVantage\AMSG\Amsg.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Lenovo\AwayTask\AwaySch.EXE
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\SavUI.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe
C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe
C:\Program Files\Lenovo\SafeGuard PrivateDisk\pdservice.exe
C:\Program Files\Lenovo\Client Security Solution\cssauth.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Seagate\SystemTray\StxMenuMgr.exe
C:\Program Files\CardScan\CardScan\CardScanAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\McciTrayApp.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Meeting Center\Modules\Launcher\mcLauncher.exe
C:\DOCUME~1\pdurkin\LOCALS~1\Temp\b.exe
C:\Program Files\ThinkPad\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\PROGRA~1\ThinkPad\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\HP\DIGITA~1\PRODUC~1\bin\hprblog.exe
C:\Documents and Settings\pdurkin\Desktop\dds.pif

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
mSearch Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearchAssistant = hxxp://www.google.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MsnMsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [updateMgr] c:\program files\adobe\acrobat 7.0\reader\AdobeUpdateManager.exe AcRdB7_0_9
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [QuickenScheduledUpdates] c:\program files\quicken\bagent.exe
uRun: [MeetingLauncher] "c:\program files\meeting center\modules\launcher\mcLauncher.exe"
uRun: [Cognac] c:\docume~1\pdurkin\locals~1\temp\b.exe
uRun: [ColdWare] c:\docume~1\pdurkin\locals~1\temp\f.exe
uRun: [braviax] c:\windows\system32\braviax.exe
mRun: [TabletWizard] c:\windows\help\SplshWrp.exe
mRun: [TabletTip] "c:\program files\common files\microsoft shared\ink\tabtip.exe" /resume
mRun: [TrackPointSrv] tp4serv.exe
mRun: [PWRMGRTR] rundll32 c:\progra~1\thinkpad\utilit~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BatLogEx.DLL,StartBattLog
mRun: [EZEJMNAP] c:\progra~1\thinkpad\utilit~1\EzEjMnAp.Exe
mRun: [TPKMAPHELPER] c:\program files\thinkpad\utilities\TpKmapAp.exe -helper
mRun: [TpShocks] TpShocks.exe
mRun: [TpPenMon] TpPenMon.exe
mRun: [TPHOTKEY] c:\progra~1\lenovo\pkgmgr\hotkey\TPHKMGR.exe
mRun: [TP4EX] tp4ex.exe
mRun: [IBMTBCTL] "c:\program files\thinkpad\tablet shortcut\IBMTBCTL.EXE" /r
mRun: [TSMResident] "c:\program files\thinkpad\tablet shortcut\TSMRESIDENT.EXE" /r
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SoundMAX] c:\program files\analog devices\soundmax\Smax4.exe /tray
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Snippet] "c:\program files\microsoft experience pack\snipping tool\SnippingTool.exe" /i
mRun: [LPManager] c:\progra~1\thinkv~2\prdctr\LPMGR.exe
mRun: [AMSG] c:\program files\thinkvantage\amsg\Amsg.exe
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [AwaySch] c:\program files\lenovo\awaytask\AwaySch.EXE
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [DiskeeperSystray] "c:\program files\diskeeper corporation\diskeeper\DkIcon.exe"
mRun: [ACTray] c:\program files\thinkpad\connectutilities\ACTray.exe
mRun: [ACWLIcon] c:\program files\thinkpad\connectutilities\ACWLIcon.exe
mRun: [PDService.exe] "c:\program files\lenovo\safeguard privatedisk\pdservice.exe"
mRun: [cssauth] "c:\program files\lenovo\client security solution\cssauth.exe" silent
mRun: [WinVNC] "c:\program files\realvnc\winvnc\WinVNC.exe" -servicehelper
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PDF4 Registry Controller] "c:\program files\scansoft\pdf professional 4.0\RegistryController.exe"
mRun: [ScanSoft PDF Professional 4-reminder] "c:\program files\scansoft\pdf professional 4.0\ereg\ereg.exe" -r "c:\documents and settings\all users\application data\scansoft\pdf professional\4\ereg\Ereg.ini
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [StxTrayMenu] "c:\program files\seagate\systemtray\StxMenuMgr.exe"
mRun: [<NO NAME>]
mRun: [CardScanAgent] "c:\program files\cardscan\cardscan\CardScanAgent.exe"
mRun: [Microsoft Works Update Detection] c:\program files\common files\microsoft shared\works shared\WkUFind.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [VerizonServicepoint.exe] "c:\program files\verizon\vsp\VerizonServicepoint.exe" /AUTORUN
mRun: [Verizon Custom Uninstall Tracking] c:\docume~1\pdurkin\locals~1\temp\InstallHelper.exe /uninstalltrackingvendor=Verizon
mRun: [Verizon_McciTrayApp] c:\program files\verizon\McciTrayApp.exe
mRun: [DameWare MRC Agent] c:\windows\system32\DWRCST.exe
dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
dRun: [msnmsgr] "c:\program files\windows live\messenger\msnmsgr.exe" /background
dRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
dRunOnce: [*GoToAssist] c:\docume~1\pdurkin\locals~1\temp\G2A79E.tmp.bat
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\blueto~1.lnk - c:\program files\thinkpad\bluetooth software\BTTray.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\digita~1.lnk - c:\program files\digital line detect\DLG.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\hpimag~1.lnk - c:\program files\hp\digital imaging\bin\hpqthb08.exe
uPolicies-explorer: ForceClassicControlPanel = 1 (0x1)
mPolicies-explorer: NoWelcomeScreen = 1 (0x1)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: Open with ScanSoft PDF Converter 4.1 - c:\program files\scansoft\pdf professional 4.0\cnvres_eng.dll /100
IE: Send to &Bluetooth Device... - c:\program files\thinkpad\bluetooth software\btsendto_ie_ctx.htm
IE: {DA320635-F48C-4613-8325-D75A933C549E} - c:\program files\lenovo\system update\sulauncher.exe
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {0045D4BC-5189-4b67-969C-83BB1906C421} - {0FE81B52-73FA-425F-8F06-3F32451AC73F} - c:\program files\lenovo\client security solution\tvtpwm_ie_com.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office11\REFIEBAR.DLL
Trusted Zone: merrillcorp.com\datasite
DPF: {01113300-3E00-11D2-8470-0060089874ED} - hxxps://activatemydsl.verizon.net/sdcCommon/download/DSL/Verizon%20High%20Speed%20Internet%20Installer.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1212359669234
DPF: {6CEDB6B5-4859-4E3A-BCA2-FB8E565B8AD9} - hxxp://ussv003.cooksonelectronics.com/sametime/stmeetingroomclient/STJNILoader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} - hxxps://perillon.webex.com/client/T26L/webex/ieatgpc.cab
DPF: {F90F2785-4DBB-4A65-98D5-41934F00ABF4} - hxxps://www.risxfacs.com/webgrid/RFWebGrid.CAB
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Notify: ACNotify - ACNotify.dll
Notify: AwayNotify - c:\program files\lenovo\awaytask\AwayNotify.dll
Notify: igfxcui - igfxdev.dll
Notify: loginkey - c:\program files\common files\microsoft shared\ink\loginkey.dll
Notify: psfus - psqlpwd.dll
Notify: TabBtnWL - TabBtnWL.dll
Notify: tpfnf2 - notifyf2.dll
Notify: tpgwlnotify - tpgwlnot.dll
Notify: tphotkey - tphklock.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Notification Packages = scecli psqlpwd ACGina

============= SERVICES / DRIVERS ===============

R0 Shockprf;Shockprf;c:\windows\system32\drivers\shockprf.sys [2007-5-19 88576]
R1 ANC;ANC;c:\windows\system32\drivers\ANC.sys [2007-5-19 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.sys [2007-5-19 6016]
R1 ShockMgr;ShockMgr;c:\windows\system32\drivers\ShockMgr.sys [2007-5-19 4736]
R1 TPPWRIF;TPPWRIF;c:\windows\system32\drivers\TPPWRIF.SYS [2007-5-19 4442]
R1 TSMSMI;Lenovo System Interface Driver;c:\windows\system32\drivers\TSMSMI32.sys [2007-5-19 6656]
R2 ASRSVC;ASR Service;c:\program files\thinkpad\tablet shortcut\asr\ASRSVC.exe [2007-5-19 86016]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-2-19 108392]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSvcHst.exe [2009-2-19 108392]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\common files\intuit\update service\IntuitUpdateService.exe [2008-10-10 13088]
R2 PrivateDisk;PrivateDisk;c:\program files\lenovo\safeguard privatedisk\privatediskm.sys [2006-3-13 58368]
R2 Seagate Sync Service;Seagate Sync Service;c:\program files\seagate\sync\SeaSyncServices.exe [2007-1-18 24120]
R2 smi2;smi2;c:\program files\smi2\smi2.sys [2006-7-14 3968]
R2 smihlp;SMI helper driver;c:\program files\thinkvantage fingerprint software\smihlp.sys [2006-4-25 3456]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-5-11 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVENG.SYS [2009-7-19 87888]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090719.024\NAVEX15.SYS [2009-7-19 875728]
R3 Tp4Track;PS/2 TrackPoint Driver;c:\windows\system32\drivers\tp4track.sys [2007-5-19 13840]
R3 WacomPen;Wacom Serial Pen HID Driver;c:\windows\system32\drivers\wacompen.sys [2007-5-19 14208]
S0 black;black;c:\windows\system32\drivers\blackdrv.sys --> c:\windows\system32\drivers\BlackDrv.sys [?]
S3 BWNDIS5;BWNDIS5 NDIS Protocol Driver;c:\windows\system32\BWNDIS5.SYS [2004-3-10 15744]
S3 ICAM3NT5;Intel USB Video Camera III;c:\windows\system32\drivers\Icam3.sys [2008-1-18 141056]
S3 RapFile;RapFile;c:\windows\system32\drivers\RapFile.sys [2007-6-5 36676]
S3 RapNet;RapNet;c:\windows\system32\drivers\RapNet.sys [2007-6-5 24344]
SUnknown fkvyeccrkkcy;fkvyeccrkkcy; [x]

=============== Created Last 30 ================

2009-07-20 11:00 213,024 -------- c:\windows\system32\drivers\str.sys
2009-07-20 10:32 <DIR> --d----- c:\docume~1\pdurkin\applic~1\Malwarebytes
2009-07-20 10:31 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-20 10:31 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-07-20 10:31 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-07-20 10:31 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-07-18 23:23 65,536 a------- c:\windows\system32\drivers\geyekrdlsbpvtt.sys
2009-07-18 23:09 65,536 a------- c:\windows\system32\drivers\geyekriwodtfsj.sys
2009-07-18 22:00 <DIR> --d----- c:\program files\HomeAntivirus2010
2009-07-05 09:32 <DIR> --d----- c:\docume~1\pdurkin\applic~1\MSNInstaller
2009-07-05 09:24 <DIR> --d----- c:\docume~1\pdurkin\applic~1\SoftwareDetectionScripts
2009-07-05 09:02 103,720 a------- c:\documents and settings\pdurkin\GoToAssistDownloadHelper.exe
2009-07-05 08:25 <DIR> --d----- c:\docume~1\pdurkin\applic~1\Verizon
2009-07-05 08:25 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Verizon
2009-07-05 08:25 <DIR> --d----- c:\windows\bin
2009-07-05 08:24 <DIR> --d----- c:\program files\common files\Motive
2009-07-05 08:18 <DIR> --d----- c:\program files\Verizon
2009-07-05 07:55 <DIR> --d----- c:\program files\Microsoft
2009-07-05 07:55 <DIR> --d----- c:\program files\Windows Live SkyDrive
2009-07-05 07:47 <DIR> --d----- c:\program files\common files\Windows Live

==================== Find3M ====================

2009-07-19 00:00 5,427 a------- c:\windows\system32\EGATHDRV.SYS
2009-06-10 10:04 202,832 a------- c:\windows\system32\atasnt40.dll
2009-05-11 09:52 60,800 a------- c:\windows\system32\S32EVNT1.DLL
2009-02-06 15:58 60,744 a------- c:\documents and settings\pdurkin\g2mdlhlpx.exe
2009-01-20 20:41 336 a------- c:\program files\temp995.bat
2008-07-10 22:39 335,085 a------- c:\documents and settings\pdurkin\905051ac-92be-4880-93dc-95dcff1b8fb9.zip
2007-12-30 11:36 32 a------- c:\docume~1\alluse~1\applic~1\ezsid.dat
2008-09-29 19:42 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008092920080930\index.dat
2009-03-23 16:38 16,384 a--sh--- c:\windows\temp\cookies\index.dat
2009-03-23 16:38 32,768 a--sh--- c:\windows\temp\history\history.ie5\index.dat
2009-03-23 16:38 49,152 a--sh--- c:\windows\temp\temporary internet files\content.ie5\index.dat

============= FINISH: 11:13:25.98 ===============

Attached Images

bad.JPG (78.9 KB, 3 views)

Attached Files

Attach.zip (132.2 KB, 0 views)

Everest63

All set. I cleaned up the viruses with Panda Online Scan, ESET Online Scan, Dr. Web Scanner & Combofix.