Author Topic: HELP! (Read 33756 times)

DavidR · « **Reply #30 on:** June 02, 2007, 08:03:46 PM »

I didn't say take no action simply that they are generally classed as low risk, there are some that set their browser to delete all cookies on shutdown. The choice has to be with the user when to delete cookies.

A windows search, use the search icon in the windows explorer Or the Windows, Start button, Search.

I assume by the fact you are trying to find a file that you have found out what it was trying to get out, this was also asking you to tell us what it was (and we can then help too) ?

I haven't a clue if you have a backdoor or not, the fact that your firewall is blocking an attempt to get out might point to not having a backdoor or that particular file isn't a backdoor. The whole idea of a backdoor is to bypass your firewall.

andy214ever · « **Reply #31 on:** June 02, 2007, 08:14:34 PM »

thank...i will give u the file name that blocked by firewall later.... sorry for bothering u...

DavidR · « **Reply #32 on:** June 02, 2007, 09:30:56 PM »

Your welcome, it isn't a bother.

andy214ever · « **Reply #33 on:** June 03, 2007, 10:54:42 AM »

the conditionis getting bad....take a look at this...

/3/2007 2:38:21 PM   SYSTEM   1684   Sign of "Win32:Small-FCC [Trj]" has been found in "C:\WINDOWS\system32\msccrt.dll\[Petite]" file.
6/3/2007 2:38:21 PM   SYSTEM   1684   Sign of "Win32:Small-FCC [Trj]" has been found in "C:\WINDOWS\system32\msccrt.dll\[Petite]" file.
6/3/2007 2:58:20 PM   SYSTEM   1804   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\System32\winlib .dll" file.
6/3/2007 2:58:20 PM   SYSTEM   1804   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\system32\winlib .dll" file.
6/3/2007 2:59:51 PM   SYSTEM   1804   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\7[1].exe" file.
6/3/2007 2:59:51 PM   SYSTEM   1804   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\7.exe" file.
6/3/2007 2:59:51 PM   SYSTEM   1804   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\7.exe" file.
6/3/2007 3:05:21 PM   SYSTEM   1584   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\System32\winlib .dll" file.
6/3/2007 3:05:22 PM   SYSTEM   1584   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\system32\winlib .dll" file.
6/3/2007 3:06:21 PM   SYSTEM   1584   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\7.exe" file.
6/3/2007 3:06:23 PM   SYSTEM   1584   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\7.exe" file.
6/3/2007 3:06:36 PM   SYSTEM   1584   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\10[1].exe\[NsPack]" file.
6/3/2007 3:06:36 PM   SYSTEM   1584   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\WINDOWS\system32\10.exe\[NsPack]" file.
6/3/2007 3:06:36 PM   SYSTEM   1584   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\WINDOWS\system32\10.exe\[NsPack]" file.
6/3/2007 3:06:38 PM   SYSTEM   1584   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\11[1].exe\[UPX]" file.
6/3/2007 3:06:38 PM   SYSTEM   1584   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\WINDOWS\system32\11.exe\[UPX]" file.
6/3/2007 3:06:38 PM   SYSTEM   1584   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\WINDOWS\system32\11.exe\[UPX]" file.
6/3/2007 3:07:04 PM   SYSTEM   1584   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S1AR0TYN\qwetop[1].exe" file.
6/3/2007 3:07:04 PM   SYSTEM   1584   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 3:07:04 PM   SYSTEM   1584   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 3:40:24 PM   Personal   5028   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4DA30LU7\11[1].exe\[UPX]" file.
6/3/2007 3:40:32 PM   Personal   5028   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\10[1].exe\[NsPack]" file.
6/3/2007 3:40:35 PM   Personal   5028   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\7[1].exe" file.
6/3/2007 3:40:38 PM   Personal   5028   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S1AR0TYN\qwetop[1].exe" file.
6/3/2007 3:48:44 PM   Personal   5028   Sign of "Win32:Small-FCC [Trj]" has been found in "C:\System Volume Information\_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP1\A0000016.dll\[Petite]" file.
6/3/2007 3:49:00 PM   Personal   5028   Sign of "Win32:Small-FCC [Trj]" has been found in "C:\System Volume Information\_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP1\A0001039.dll\[Petite]" file.
6/3/2007 3:49:20 PM   Personal   5028   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\System Volume Information\_restore{D6814480-3694-4C18-8E6D-BE60E437082F}\RP1\A0002036.exe" file.
6/3/2007 3:51:48 PM   Personal   5028   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\WINDOWS\system32\10.exe\[NsPack]" file.
6/3/2007 3:52:02 PM   Personal   5028   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\WINDOWS\system32\11.exe\[UPX]" file.

andy214ever · « **Reply #34 on:** June 03, 2007, 10:57:15 AM »

6/3/2007 3:55:00 PM   Personal   5028   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 4:36:11 PM   SYSTEM   1596   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\System32\winlib .dll" file.
6/3/2007 4:36:12 PM   SYSTEM   1596   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\system32\winlib .dll" file.
6/3/2007 4:38:02 PM   SYSTEM   1596   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\qwetop[1].exe" file.
6/3/2007 4:38:02 PM   SYSTEM   1596   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 4:38:02 PM   SYSTEM   1596   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 4:38:42 PM   SYSTEM   1596   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\S1AR0TYN\7[1].exe" file.
6/3/2007 4:39:42 PM   SYSTEM   1596   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\WINDOWS\system32\7.exe" file.
6/3/2007 4:40:32 PM   SYSTEM   1596   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\10[1].exe\[NsPack]" file.
6/3/2007 4:42:06 PM   SYSTEM   1596   Sign of "Win32:Small-EKC [Trj]" has been found in "C:\WINDOWS\system32\10.exe\[NsPack]" file.
6/3/2007 4:42:19 PM   SYSTEM   1596   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\11[1].exe\[UPX]" file.
6/3/2007 4:42:19 PM   SYSTEM   1596   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\WINDOWS\system32\11.exe\[UPX]" file.
6/3/2007 4:42:19 PM   SYSTEM   1596   Sign of "Win32:Delf-EJU [Trj]" has been found in "C:\WINDOWS\system32\11.exe\[UPX]" file.
6/3/2007 4:45:41 PM   SYSTEM   1832   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\System32\winlib .dll" file.
6/3/2007 4:45:41 PM   SYSTEM   1832   Sign of "Win32:Cinmus-D [Adw]" has been found in "C:\WINDOWS\system32\winlib .dll" file.
6/3/2007 4:47:12 PM   SYSTEM   1832   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\qwetop[1].exe" file.
6/3/2007 4:47:12 PM   SYSTEM   1832   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 4:47:12 PM   SYSTEM   1832   Sign of "Win32:Lmir-MM [Trj]" has been found in "C:\WINDOWS\system32\qwetop.exe" file.
6/3/2007 4:48:01 PM   SYSTEM   1832   Sign of "Win32:Trojan-gen. {Other}" has been found in "C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\4T6789MV\7[1].exe" file.

the firewall i installed have been disabled
i dont know why......

what h i done....

?

help....

essexboy · « **Reply #35 on:** June 03, 2007, 01:40:27 PM »

You have the delf dropper trojan

Download ComboFix from Here or Here to your Desktop.

Double click combofix.exe and follow the prompts.
When finished, it shall produce a log for you. Post that log and a HiJackthis log in your next reply

Note: Do not mouseclick combofix's window while its running. That may cause it to stall

andy214ever · « **Reply #36 on:** June 03, 2007, 01:55:18 PM »

how can i idntified the trojan you have said ??

essexboy · « **Reply #37 on:** June 03, 2007, 02:05:15 PM »

Quote

"Win32:Delf-EJU

as reported by Avast

If you download and run combofix we can start removing it

andy214ever · « **Reply #38 on:** June 03, 2007, 02:41:03 PM »

ok...thanks....

can combofix remove other trojan?

essexboy · « **Reply #39 on:** June 03, 2007, 02:47:06 PM »

Yes it will also target virtumondo wareout plus others

andy214ever · « **Reply #40 on:** June 04, 2007, 07:26:50 AM »

Personal" - 2007-06-04 13:06:13 Service Pack 2
ComboFix 07-05.27.BV - Running from: "C:\Documents and Settings\Personal\Desktop\"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

"C:\Program Files\Internet Explorer\PLUGINS\system64.jmp"
"C:\WINDOWS\system32\4.exe"
"C:\WINDOWS\system32\ad_1993.exe"
"C:\WINDOWS\DOWNLO~1\Cns02.dat"
"C:\WINDOWS\DOWNLO~1\CnsHint.cab"
"C:\WINDOWS\DOWNLO~1\cnshint.dll"
"C:\WINDOWS\DOWNLO~1\CnsHook.dll.1.log"
"C:\WINDOWS\DOWNLO~1\CnsHook.dll.2.log"
"C:\WINDOWS\DOWNLO~1\cnsio.dll"
"C:\WINDOWS\DOWNLO~1\CnsMin.ini"
"C:\WINDOWS\DOWNLO~1\CnsMinAL.cab"
"C:\WINDOWS\DOWNLO~1\CnsMinCg.ini"
"C:\WINDOWS\DOWNLO~1\CnsMinDT.cab"
"C:\WINDOWS\DOWNLO~1\CnsMinDT.dll"
"C:\WINDOWS\DOWNLO~1\CnsMinEx.cab"
"C:\WINDOWS\DOWNLO~1\CnsMinEx.ini"
"C:\WINDOWS\DOWNLO~1\CnsMinHK.cab"
"C:\WINDOWS\DOWNLO~1\CnsMinIO.cab"
"C:\WINDOWS\DOWNLO~1\CnsMinIO.dll"
"C:\WINDOWS\DOWNLO~1\CnsMinUp.cab"
"C:\WINDOWS\DOWNLO~1\CnsPlus.cab"
"C:\WINDOWS\DOWNLO~1\cnsplus.dll"
"C:\WINDOWS\DOWNLO~1\CnsUp.ini"
"C:\WINDOWS\system32\DD95F06E.dat"
"C:\WINDOWS\system32\wbem\cmwrj.dll"
"C:\WINDOWS\system32\drivers\yaskp.sys"
"C:\WINDOWS\system32\Packet.dll"
"C:\WINDOWS\system32\WanPacket.dll"
"C:\WINDOWS\system32\wpcap.dll"
"C:\Program Files\yahoo!\assist~1\yal01.dat"
"C:\Program Files\yahoo!\assist~1\yalive.dll"
"C:\Program Files\yahoo!\assist~1\yaLive.dll.1.log"
"C:\Program Files\yahoo!\assist~1\yalive3.ini"
"C:\Program Files\yahoo!\assist~1\yalLiveEx.dll"
"C:\Program Files\yahoo!\assist~1\yalvsw3.ini"
"C:\Program Files\yahoo!\assist~1\yassistse.exe"
"C:\Program Files\yahoo!\assist~1\yckrule.dat"
"C:\Program Files\yahoo!\assist~1\yckrule.ini"
"C:\Program Files\yahoo!\assist~1\yClickOn.dll"
"C:\Program Files\yahoo!\assist~1\yclickonup.dll"
"C:\Program Files\yahoo!\assist~1\yhelper.dll"
"C:\Program Files\yahoo!\assist~1\ylive.exe"
"C:\Program Files\yahoo!\assist~1\YLive.exe.1.log"
"C:\Program Files\yahoo!\assist~1\yNotifier.dll"
"C:\Program Files\yahoo!\assist~1\yscrblock.dll"
"C:\Program Files\yahoo!\assist~1\Assist\filter.ini"
"C:\Program Files\yahoo!\assist~1\Assist\float.gif"
"C:\Program Files\yahoo!\assist~1\Assist\myrss.xml"
"C:\Program Files\yahoo!\assist~1\Assist\notify.wav"
"C:\Program Files\yahoo!\assist~1\Assist\sound.wav"
"C:\Program Files\yahoo!\assist~1\Assist\yadfilter.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yadwreg.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yangling.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasbar.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasbar.dll.1.log"
"C:\Program Files\yahoo!\assist~1\Assist\yasbar0.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yascenter.exe"
"C:\Program Files\yahoo!\assist~1\Assist\yasctrlh.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasfsks.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasierres.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasiesec.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yaskpsec.dat"
"C:\Program Files\yahoo!\assist~1\Assist\yasnoad.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasrdd.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yasrde.exe"
"C:\Program Files\yahoo!\assist~1\Assist\yassecblk.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yassisres.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yassist.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yassistex.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yassistn3.ini"
"C:\Program Files\yahoo!\assist~1\Assist\yassistnsw3.ini"
"C:\Program Files\yahoo!\assist~1\Assist\yaswiper.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ycnsdtu.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ydragsearch.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yeheocx.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yhelperup.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yieacore.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yieares.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yieaUI.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yiebwlist.dat"

andy214ever · « **Reply #41 on:** June 04, 2007, 08:15:24 AM »

"C:\Program Files\yahoo!\assist~1\Assist\yierepairn.dat"
"C:\Program Files\yahoo!\assist~1\Assist\yiesetres.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ykeepmain.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ykern.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ymailp.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ymyweb.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yoptimum.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yphishbrule.dat"
"C:\Program Files\yahoo!\assist~1\Assist\yphishrule.dat"
"C:\Program Files\yahoo!\assist~1\Assist\yphotoseasy.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yphtb.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yprockg.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yrepair.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yrss.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ysearch.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ysearch.dll.1.log"
"C:\Program Files\yahoo!\assist~1\Assist\ysettings.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yupdateok.dll"
"C:\Program Files\yahoo!\assist~1\Assist\ywiper.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yxpstyle.dll"
"C:\Program Files\yahoo!\assist~1\Assist\yzsnetproto.dll"
"C:\Program Files\yahoo!\assist~1\Assist\profile\1.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\10.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\11.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\13.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\14.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\15.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\16.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\17.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\18.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\19.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\20.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\22.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\23.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\24.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\3.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\6.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\7.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\8.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\9.gif"
"C:\Program Files\yahoo!\assist~1\Assist\profile\profile.xml"

andy214ever · « **Reply #42 on:** June 04, 2007, 08:16:36 AM »

"C:\Program Files\yahoo!\assist~1\Assist\Update\yascenter.exe"
"C:\Program Files\yahoo!\assist~1\Assist\Update\yassisres.dll"
"C:\Program Files\yahoo!\assist~1\Assist\Update\yphotoseasy.dll"
"C:\Program Files\yahoo!\assist~1\Assist\Update\yzsnetproto.dll"
"C:\Program Files\yahoo!\assist~1\Shell\yAsMenu.dll"
"C:\Program Files\yahoo!\assist~1\Shell\yAssecblk.dll"
"C:\Program Files\yahoo!\assist~1\Shell\yIEAngel.dll"
"C:\Program Files\yahoo!\assist~1\Shell\yMenuInfo.dll"
"C:\Program Files\yahoo!\assist~1\Shell\ysp.exe"
"C:\Program Files\yahoo!\assist~1\Update\yalliveex.dll"
"C:\Program Files\yahoo!\assist~1\Update\ynotifier.dll"
"C:\Program Files\yahoo!\assist~1\Update\yscrblock.dll"
"C:\Program Files\kktone\dmfa.dll"
"C:\Program Files\kktone\irunin.bmp"
"C:\Program Files\kktone\irunin.dat"
"C:\Program Files\kktone\irunin.ini"
"C:\Program Files\kktone\irunin.lng"
"C:\Program Files\kktone\KKTone.exe"
"C:\Program Files\kktone\KKTONE.ini"
"C:\Program Files\kktone\KKToneAgent.exe"
"C:\Program Files\kktone\KKTone_vis.dll"
"C:\Program Files\kktone\ktoc.dll"
"C:\Program Files\kktone\mfc71u.dll"
"C:\Program Files\kktone\msvcp71.dll"
"C:\Program Files\kktone\msvcr71.dll"
"C:\Program Files\kktone\TSConvert2U.dll"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\AdList"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\adsend"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\adshow.dat"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\AllUrlList"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetADID"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetADParameter"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\GetAdType"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\pluglist.xml"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\RelateKey"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\ThirdSoftInfo2"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\windows1.log"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\windows2.log"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo\~lu.dat"
"C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\kktone\Uninstall KKTONE.lnk"
"C:\WINDOWS\DOWNLO~1.\keepmain.dll"
"C:\WINDOWS\DOWNLO~1.\keepmainm.cab"
"C:\WINDOWS\DOWNLO~1.\sms.ico"
"C:\WINDOWS\DOWNLO~1.\taobao.ico"
"C:\WINDOWS\DOWNLO~1.\yahoomsg.ico"
"C:\WINDOWS\DOWNLO~1.\ymail.ico"
"C:\Program Files\internet explorer\iexplore.win"
"C:\WINDOWS\system32\d3d1caps.srg"
"C:\WINDOWS\system32\death.sishen"
"C:\WINDOWS\system32\drivers\acpidisk.sys"
"C:\WINDOWS\system32\mprmsgse.axz"
"C:\WINDOWS\system32\mscpx32r.det"
"C:\WINDOWS\system32\mywebhit.ini"
"C:\WINDOWS\system32\mywebhit.ini.tmp"
"C:\WINDOWS\system32\svch0st.exe"
"C:\WINDOWS\system32\zt.dll"
"C:\WINDOWS\hitpop_tmp.txt"
"C:\WINDOWS\install.exe"
"C:\WINDOWS\qqiehelper.dll"
"C:\WINDOWS\sysdn.ini"
"C:\WINDOWS\Kvsc3.exe"
"C:\WINDOWS\system32\Kvsc3.dll"
"C:\WINDOWS\system32\drivers\npf.sys"
"C:\DOCUME~1\ALLUSE~1\APPLIC~1.\Microsoft\PCTools"
"C:\Program Files\cnnic"
"C:\Program Files\yahoo!\assist~1"
"C:\Program Files\kktone"
"C:\DOCUME~1\Personal\APPLIC~1.\cuckoo"
"C:\DOCUME~1\ALLUSE~1\STARTM~1\Programs.\kktone"
"C:\WINDOWS\DOWNLO~1.\Update"
"C:\WINDOWS\system32\drivers\uovwrl.sys"
"C:\WINDOWS\system32\uovwrl.dll"

andy214ever · « **Reply #43 on:** June 04, 2007, 08:17:11 AM »

((((((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_ACPIDISK
-------\LEGACY_CDNPROT
-------\LEGACY_CELINDRV
-------\LEGACY_CNSMINKP
-------\LEGACY_ISPONER
-------\LEGACY_MSDEBUGSVC
-------\LEGACY_NPF
-------\LEGACY_RELATIONS
-------\LEGACY_UOVWRL
-------\LEGACY_YASKP
-------\acpidisk
-------\CelInDrv
-------\CnsMinKP
-------\iSPONER
-------\NPF
-------\uovwrl
-------\yaskp

((((((((((((((((((((((((((((((( Files Created from 2007-05-04 to 2007-06-04 ))))))))))))))))))))))))))))))))))

2007-06-04 13:18   3,814   --a------   C:\WINDOWS\system32\3.exe
2007-06-04 13:18   14,848      C:\WINDOWS\system32\2.exe
2007-06-04 13:13   <DIR>   d--------   C:\DOCUME~1\Personal\APPLIC~1\Cuckoo
2007-06-03 17:50   <DIR>   d--------   C:\Program Files\Crawler
2007-06-03 17:06   <DIR>   d--------   C:\DOCUME~1\ADMINI~1\APPLIC~1\Spyware Terminator
2007-06-03 17:05   524,288   --ah-----   C:\DOCUME~1\ADMINI~1\NTUSER.DAT
2007-06-03 16:59   138,368   --a------   C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-06-03 16:59   <DIR>   d--------   C:\Program Files\Spyware Terminator
2007-06-03 16:59   <DIR>   d--------   C:\DOCUME~1\Personal\APPLIC~1\Spyware Terminator
2007-06-03 16:59   <DIR>   d--------   C:\DOCUME~1\ALLUSE~1\APPLIC~1\Spyware Terminator
2007-06-03 16:49   15,432   --a------   C:\WINDOWS\system32\dnnimq.dll
2007-06-03 16:47   8,727   --a------   C:\WINDOWS\lpdwzn.exe
2007-06-03 16:40   15,432   --a------   C:\WINDOWS\system32\lxyrjn.dll
2007-06-03 14:38   8,727   --a------   C:\WINDOWS\csmsmt.exe
2007-06-02 22:03   8,727   --a------   C:\WINDOWS\jttlsm.exe
2007-06-02 19:48   8,727   --a------   C:\WINDOWS\czbpnz.exe
2007-06-02 19:48   15,432   --a------   C:\WINDOWS\system32\zwwtvs.dll
2007-06-02 14:15   8,727   --a------   C:\WINDOWS\zfdfds.exe
2007-06-02 14:14   10,752   --a------   C:\WINDOWS\system32\ztinetzt.dll
2007-06-02 13:38   8,727   --a------   C:\WINDOWS\nujdxh.exe
2007-06-02 13:37   104   --a------   C:\WINDOWS\system32\Deleteme.bat
2007-06-02 13:07   95,872   --a------   C:\WINDOWS\system32\AvastSS.scr
2007-06-02 13:07   94,552   --a------   C:\WINDOWS\system32\drivers\aswmon2.sys
2007-06-02 13:07   85,952   --a------   C:\WINDOWS\system32\drivers\aswmon.sys
2007-06-02 13:07   745,600   --a------   C:\WINDOWS\system32\aswBoot.exe
2007-06-02 13:07   43,176   --a------   C:\WINDOWS\system32\drivers\aswTdi.sys
2007-06-02 13:07   3,968   --a------   C:\WINDOWS\system32\drivers\AvgArCln.sys
2007-06-02 13:07   26,888   --a------   C:\WINDOWS\system32\drivers\aavmker4.sys
2007-06-02 13:07   23,416   --a------   C:\WINDOWS\system32\drivers\aswRdr.sys
2007-06-02 13:02   <DIR>   d--------   C:\DOCUME~1\Personal\APPLIC~1\Comodo
2007-06-02 12:57   8,727   --a------   C:\WINDOWS\wazuxr.exe
2007-06-02 12:32   11,192   --a------   C:\WINDOWS\system32\drivers\gsrypjdt.sys
2007-06-02 12:27   8,727   --a------   C:\WINDOWS\xuuypb.exe
2007-06-02 12:27   8,436   --a------   C:\WINDOWS\system32\ztinetzt.exe
2007-06-02 12:21   <DIR>   d--------   C:\Program Files\Sunbelt Software
2007-05-28 16:29   113,364   --a------   C:\WINDOWS\system32\d02.exe
2007-05-26 11:18   <DIR>   d--------   C:\Program Files\GrandChase
2007-05-26 08:47   8,192   --a------   C:\WINDOWS\system32\nwizAsktao.dll
2007-05-25 12:09   6,656   ---h-----   C:\WINDOWS\system32\RAVMY523.dll
2007-05-09 18:22   <DIR>   d--------   C:\FunTown
2007-05-09 18:04   <DIR>   d--------   C:\Program Files\Crazy.com.tw
2007-05-05 13:10   4,682   --a------   C:\WINDOWS\system32\npptNT2.sys
2007-05-05 13:07   <DIR>   d--------   C:\Program Files\Gamania
2007-05-04 22:21   <DIR>   d--------   C:\Temp

andy214ever · « **Reply #44 on:** June 04, 2007, 08:17:49 AM »

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-06-04 05:18:58   279,638   ----a-w   C:\WINDOWS\system32\7.exe
2007-06-04 05:18:54   49,152   ----a-w   C:\WINDOWS\system32\qwetop.exe
2007-06-04 05:13:26   --------   d-----w   C:\Program Files\Yahoo!
2007-06-04 04:36:47   15,432   ----a-w   C:\WINDOWS\system32\upxdnd.dll
2007-06-03 08:51:27   11,264   ----a-w   C:\WINDOWS\system32\nwizhx2.dll
2007-06-03 08:51:24   8,996   ----a-w   C:\WINDOWS\system32\nwizhx2.exe
2007-06-03 08:49:52   16,965   ----a-w   C:\WINDOWS\upxdnd.exe
2007-06-03 08:49:50   8,240   ----a-w   C:\WINDOWS\system32\mydata.exe
2007-06-03 07:06:28   16,896   ----a-w   C:\WINDOWS\system32\moyu103.dll
2007-06-02 04:51:11   --------   d-----w   C:\Program Files\MSN Messenger
2007-05-26 00:48:00   9,216   ----a-w   C:\WINDOWS\system32\dh2103.dll
2007-05-26 00:47:56   7,360   --sha-w   C:\WINDOWS\system32\nwizdh.exe
2007-05-24 08:29:51   --------   d-----w   C:\DOCUME~1\Personal\APPLIC~1\Google
2007-05-23 09:09:49   377,856   ----a-w   C:\WINDOWS\system32\netexe.exe
2007-05-09 10:04:24   --------   d--h--w   C:\Program Files\InstallShield Installation Information
2007-04-26 02:21:34   72,624   ----a-w   C:\WINDOWS\system32\drivers\khips.sys
2007-04-26 02:21:30   302,000   ----a-w   C:\WINDOWS\system32\drivers\fwdrv.sys
2007-04-13 13:50:48   --------   d-----w   C:\Program Files\CP
2007-04-11 07:38:26   --------   d-----w   C:\Program Files\METAL SLUG 3
2007-04-04 10:20:06   --------   d-----w   C:\Program Files\hero
2007-03-31 04:44:42   286,720   ----a-w   C:\WINDOWS\iun506.exe
2007-03-20 09:25:01   20   ---ha-r   C:\WINDOWS\assist.dat
2007-03-08 11:44:23   3,082   ----a-w   C:\WINDOWS\system32\affv9869p2now.sys
2007-02-12 00:42:53   651,264   --sh--w   C:\WINDOWS\system32\_rejoice44.exe
2005-02-14 10:42:02   20,480   --sh--w   C:\WINDOWS\system32\gomvet.exe
2005-02-14 10:41:55   38,912   --sh--w   C:\WINDOWS\system32\servet.exe
2004-08-04 09:36:31   30,208   --sh--w   C:\WINDOWS\system32\bbqpri.dll
1900-05-26 00:47:33   7,388   --sha-w   C:\WINDOWS\system32\nwizAsktao.exe
1900-05-26 00:47:29   12,800   --sha-w   C:\WINDOWS\AVPSrv.exe

Author Topic: HELP! (Read 33756 times)

DavidR

Re: HELP!

andy214ever

Re: HELP!

DavidR

Re: HELP!

andy214ever

Re: HELP!

andy214ever

Re: HELP!

essexboy

Re: HELP!

andy214ever

Re: HELP!

essexboy

Re: HELP!

andy214ever

Re: HELP!

essexboy

Re: HELP!

andy214ever

Re: HELP!

andy214ever

Re: HELP!

andy214ever

Re: HELP!

andy214ever

Re: HELP!

andy214ever

Re: HELP!