Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 2003 Server with Backdoor Trojan


  • Please log in to reply

#61
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Just Ran MalwareBytes and we still have a bunch of Trojans (See attached) ...

I also ran AutoRuns and cleared the suspicious keys ... Then Restarted ...

Now I am running Symantec Full Scan and will post the results ...

Let me know what can be done ...

Thanks,

Attached Thumbnails

  • MalwareBytes_09052012.JPG

  • 0

Advertisements


#62
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
All of these files are bad with the possible exception of

[2012/09/05 21:55:43 | 000,000,145 | ---- | M] () -- C:\WINDOWS\System32\56B06D10.key


[2012/09/05 22:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At23.job
[2012/09/05 21:55:43 | 000,000,145 | ---- | M] () -- C:\WINDOWS\System32\56B06D10.key
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At48.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At46.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At45.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At44.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At43.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At42.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At41.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At40.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At39.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At38.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At37.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At36.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At35.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At34.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At33.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At32.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At31.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At30.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At29.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At28.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At27.job
[2012/09/05 21:47:32 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At26.job
[2012/09/05 21:47:26 | 000,000,412 | ---- | M] () -- C:\WINDOWS\tasks\At25.job
[2012/09/05 21:43:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/05 21:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At22.job
[2012/09/05 20:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At21.job
[2012/09/05 19:00:00 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At20.job
[2012/09/05 18:51:15 | 000,211,760 | ---- | M] (ESTsoft Corp) -- C:\ssyyms.exe
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At9.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At8.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At7.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At6.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At5.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At4.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At3.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At24.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At2.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At19.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At18.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At17.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At16.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At15.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At14.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At13.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At12.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At11.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At10.job
[2012/09/05 18:51:04 | 000,000,348 | ---- | M] () -- C:\WINDOWS\tasks\At1.job
[2012/09/05 18:50:45 | 000,211,760 | ---- | M] (ESTsoft Corp) -- C:\bootsyyms.exe
[2012/09/05 18:50:44 | 000,211,760 | ---- | M] (ESTsoft Corp) -- C:\WINDOWS\System32\bootsyyms.exe
[2012/09/05 18:50:34 | 000,000,067 | ---- | M] () -- C:\xpsyyms.exe
[2012/09/05 18:50:33 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\xpsyyms.exe
[2012/09/05 14:33:08 | 000,000,061 | ---- | M] () -- C:\xpfs.exe
[2012/09/05 14:33:05 | 000,000,058 | ---- | M] () -- C:\WINDOWS\System32\xpfs.exe

Please go into Task Scheduler and look at one of the AT*.jobs and tell me what it is doing.

Start, Run, cmd, OK

cd  \windows\tasks
del  /a  at*.job

Should remove all of them. I would turn off Task Scheduler service until you get this fixed or go in and set the policy to prevent new tasks:

Log on as Administrator to the computer where you want to modify the Local Policy settings.
Click Start, and then click Run.
In the Open box, type gpedit.msc , and then click OK.
In the left pane of the console, expand the Computer configuration node.
Expand Administrative Templates, and then expand Windows Components.
Click Task Scheduler.
In the Task Scheduler pane, do the following:
Double-click Prevent Task Run or End.
Click Enabled, and then click OK.
Double-click Prohibit New task Creation.
Click Enabled, and then click OK.
Double-click Prohibit Task deletion.
Click Enabled, and then click OK.
Double-click Prohibit Drag-and-Drop.
Click Enabled, and then click OK.
On the File menu of the Group Policy snap-in, click Exit.



The suggestion was made by one of our experts that you turn on User login logging. I assume this is done by typing gpedit.msc in the command prompt but I don't have specific instructions for you. You might also look to see if there is a policy that would prevent the creation of new users.


It appears to me like your terminal service is accepting remote logins from unauthorized users. You say you have deleted the users with the random names with a $ at the end but they keep coming back? Have you also deleted their folder under C:\Documents and Settings? IF you can't see the folder that doesn't mean it doesn't exist. Try opening a command window and typing:

cd  \Documents and Settings

echo "bad" > "xiaopu$"

IF this works it will create a file of the same name. This prevents a folder being created in the same location. If it doesn't work that means the folder exists but is hidden.

Try:

attrib  -r  -h  -s  "xiaopu$"

rmdir  "xiaopu$"

Learn to use Process Explorer to kill the bad guys (click on the process and right click and it should offer a Delete or Kill option). Also let's see what it sees running:

Get Process Explorer

http://live.sysinter...com/procexp.exe
Save it to your desktop then run it (Vista or Win7 - right click and Run As Administrator).

View, Select Column, check Verified Signer, OK
Options, Verify Image Signatures


Click twice on the CPU column header to sort things by CPU usage with the big hitters at the top.

Wait a minute for things to settle down.

File, Save As, Save. Open the file Procexp.txt on your desktop and copy and paste the text to a reply.



Are you up to date on Microsoft Updates? Even tho your server is End of Life they still sometimes have updates for it.

PS: Next time you see some at*.job files show up do the following at a command window:

at  >  \junk.txt

Then attach or copy and paste the text from c:\junk.txt

This will show what command they are trying to run and when.
  • 0

#63
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
http://technet.micro...1(v=ws.10).aspx
  • 0

#64
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Step 1: Enable logging
Start > Programs > Administrative tools > Local Security Policy
Click on Local Policy in the left pane and expand
Click on Audit Policy in the left pane
Double Click Audit Logon Events in the right panel
Tick both Success and Failure, OK and close the panel

Step 2: Clear Log
Start > Programs > Administrative tools > Computer Management
Click on Event Viewer in the left pane and expand
Rick Click on Security and select Clear all Events. I wouldn't save the log at this stage



When you want to see the log later
Start > Programs > Administrative tools > Computer Management
Click on Event Viewer in the left pane and expand

Right Click on Security and select Save Events as.
Enter a file name to save.
  • 0

#65
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Welcome back Ron ...

I will now have a chance to work on the Server ...

Still Remotely, but at least try some of your guidelines until everyone leaves the office in 3hrs ...

Please check your e-mail as I will forward to your my findings shortly ...

Thanks,
  • 0

#66
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
I'll be checking in every hour or so tonight.
  • 0

#67
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron,

OK ... Here is what I have done and the related reports:

Scheduled Jobs

All At*.jobs are deleted from the Scheduled Tasks


Task Scheduler

Stopping Task Scheduler for a Domain Controller needs to be done as follows:

Administrative Tools -> Group Policy Management -> Domain Controllers
-> Default Domain Controller Policy -> right Click and Edit

Computer configuration -> Administrative Templates -> Windows Components
-> Task Scheduler

Prevent Task Run or End ............. Enabled
Prohibit New task Creation .......... Enabled
Prohibit Task deletion .............. Enabled
Prohibit Drag-and-Drop .............. Enabled


Turning On User Login Audit

Same steps as above for the Domain Controllers or Server that joined a Domain

Administrative Tools -> Group Policy Management -> Domain Controllers
-> Default Domain Controller Policy -> right Click and Edit

Computer configuration -> Windows settings -> Security Settings
-> local Policies -> Audit Policy

Audit Account Logon events ............ Success/Failure
Audit Logon Events .................... Success/Failure

See attached screenshot



Strange User [xiaopu$]

The user [xiaopu$] is now gone and I have deleted its sub-folder under c:\Documents and Settings

But another User keeps coming back [siweb$]
See attached screenshot

Not sure how it is being created or what does it do in case it is automatically generated by one of the Web Services ...


Process Explorer

Nothing looks suspicious and I have attached the log as follows:

Process PID CPU Private Bytes Working Set Description Company Name Verified Signer
System Idle Process 0 0 K 28 K
TeamViewer.exe 3532 4.69 13,000 K 11,548 K TeamViewer Remote Control Application TeamViewer GmbH (Verified) TeamViewer GmbH
Interrupts n/a < 0.01 0 K 0 K Hardware Interrupts and DPCs
procexp.exe 6036 1.56 19,752 K 27,664 K Sysinternals Process Explorer Sysinternals - www.sysinternals.com (Verified) Microsoft Corporation
System 4 2.34 0 K 16,024 K
wmiprvse.exe 500 2,072 K 3,312 K WMI Microsoft Corporation (Verified) Microsoft Windows Component Publisher
winlogon.exe 436 8,680 K 5,160 K Windows NT Logon Application Microsoft Corporation (Verified) Microsoft Windows Component Publisher
w3wp.exe 4912 35,088 K 11,964 K IIS Worker Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
TeamViewer_Service.exe 3412 2,572 K 1,604 K TeamViewer Service TeamViewer GmbH (Verified) TeamViewer GmbH
SymCorpUI.exe 280 7,120 K 7,240 K Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
svchost.exe 1008 16,224 K 15,460 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 652 1,020 K 1,356 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 816 1,476 K 2,028 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 920 4,080 K 3,044 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 964 1,380 K 1,440 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1980 588 K 344 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 2952 544 K 868 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3400 3,116 K 860 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 3592 1,796 K 580 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1232 4,156 K 1,608 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 1104 3,856 K 2,528 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
svchost.exe 5532 4,588 K 3,400 K Generic Host Process for Win32 Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
sqlwriter.exe 3368 1,032 K 1,196 K SQL Server VSS Writer Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 2628 43,116 K 11,768 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 2344 47,224 K 7,076 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 2404 48,776 K 27,740 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 2444 36,504 K 1,268 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlservr.exe 2516 37,268 K 1,308 K SQL Server Windows NT Microsoft Corporation (Verified) Microsoft Corporation
sqlbrowser.exe 3348 756 K 356 K SQL Browser Service EXE Microsoft Corporation (Verified) Microsoft Corporation
spoolsv.exe 1544 9,928 K 11,072 K Spooler SubSystem App Microsoft Corporation (Verified) Microsoft Windows Component Publisher
snmp.exe 3328 9,636 K 3,000 K SNMP Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
smss.exe 360 132 K 284 K Windows NT Session Manager Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SmcGui.exe 5484 6,880 K 7,160 K Symantec CMC SmcGui Symantec Corporation (Verified) Symantec Corporation
Smc.exe 880 10,600 K 7,160 K Symantec CMC Smc Symantec Corporation (Verified) Symantec Corporation
services.exe 484 4,508 K 4,600 K Services and Controller app Microsoft Corporation (Verified) Microsoft Windows Component Publisher
SemSvc.exe 1852 125,368 K 98,332 K Symantec Endpoint Protection Manager Symantec Corporation (Verified) Symantec Corporation
SavUI.exe 4436 1,748 K 3,904 K Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
Rtvscan.exe 244 74,828 K 3,476 K Symantec AntiVirus Symantec Corporation (Verified) Symantec Corporation
ReportingServicesService.exe 3056 99,924 K 94,284 K Report Scheduling and Delivery Server Windows NT Service Microsoft Corporation (Verified) Microsoft Corporation
ReporterSvc.exe 3008 9,452 K 2,700 K Symantec Reporting Service Symantec Corporation (Verified) Symantec Corporation
pvlsvr.exe 3756 8,076 K 2,060 K Backup Exec PVL Service Symantec Corporation (Verified) Symantec Corporation
ntfrs.exe 2748 9,768 K 1,548 K File Replication Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
msftesql.exe 2316 3,768 K 1,060 K PKM executable Microsoft Corporation (Verified) Microsoft Corporation
msdtc.exe 1572 1,836 K 512 K MS DTCconsole program Microsoft Corporation (Verified) Microsoft Windows Component Publisher
mr2kserv.exe 2292 492 K 308 K MR2K+ PnP manager interface service LSI Logic Corporation (Unable to verify) LSI Logic Corporation
MDM.EXE 2272 1,128 K 1,260 K Machine Debug Manager Microsoft Corporation (Verified) Microsoft Corporation
mbamservice.exe 2188 174,372 K 144,840 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
mbamgui.exe 5712 3,288 K 1,976 K Malwarebytes Anti-Malware Malwarebytes Corporation (Verified) Malwarebytes Corporation
lserver.exe 3444 8,048 K 4,244 K Microsoft® Terminal Server Licensing Microsoft Corporation (Verified) Microsoft Windows Component Publisher
lsass.exe 496 27,252 K 19,448 K LSA Shell Microsoft Corporation (Verified) Microsoft Windows Component Publisher
locator.exe 3272 752 K 332 K Rpc Locator Microsoft Corporation (Verified) Microsoft Windows Component Publisher
jusched.exe 5876 5,360 K 1,864 K Java™ Update Scheduler Sun Microsystems, Inc. (Unable to verify) Sun Microsystems, Inc.
jqs.exe 2108 3,108 K 1,436 K Java™ Quick Starter Service Oracle Corporation (Verified) Oracle America, Inc.
ismserv.exe 2092 1,828 K 1,292 K Windows NT Intersite Messaging Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
inetinfo.exe 2060 5,764 K 2,020 K Internet Information Services Microsoft Corporation (Verified) Microsoft Windows Component Publisher
explorer.exe 5460 17,876 K 23,864 K Windows Explorer Microsoft Corporation (Verified) Microsoft Windows Component Publisher
exmgmt.exe 3892 7,104 K 3,768 K Microsoft Exchange WMI Provider Microsoft Corporation (Unable to verify) Microsoft Corporation
dsm_sa_eventmgr32.exe 1864 4,356 K 936 K Systems Management Event Manager Dell Inc. (Verified) Dell Inc
dsm_sa_datamgr32.exe 1880 29,316 K 5,996 K Systems Management Data Manager Dell Inc. (Verified) Dell Inc
dsm_om_shrsvc32.exe 2804 2,168 K 1,232 K Server Administrator Daemon Dell Inc. (Verified) Dell Inc.
dsm_om_connsvc32.exe 3300 27,248 K 12,576 K Internet Server NT Service (Verified) Dell Inc.
dns.exe 1928 25,092 K 19,356 K Domain Name System (DNS) Server Microsoft Corporation (Verified) Microsoft Windows Component Publisher
dfssvc.exe 1900 2,036 K 2,756 K Windows NT Distributed File System Service Microsoft Corporation (Verified) Microsoft Windows Component Publisher
dbsrv9.exe 1708 72,256 K 7,200 K Adaptive Server Anywhere Network Server iAnywhere Solutions, Inc. (Verified) iAnywhere Solutions, Inc.
ctfmon.exe 5528 764 K 2,312 K CTF Loader Microsoft Corporation (Verified) Microsoft Windows Component Publisher
csrss.exe 408 1,928 K 2,720 K Client Server Runtime Process Microsoft Corporation (Verified) Microsoft Windows Component Publisher
ccSvcHst.exe 1788 7,964 K 2,312 K Symantec Service Framework Symantec Corporation (Verified) Symantec Corporation
ccApp.exe 5680 3,800 K 568 K Symantec User Session Symantec Corporation (Verified) Symantec Corporation
beserver.exe 4464 57,292 K 50,560 K Backup Exec RPC Server Symantec Corporation (Verified) Symantec Corporation
beremote.exe 1756 11,336 K 4,256 K Backup Exec Remote Agent for Windows NT/2000 Symantec Corporation (Verified) Symantec Corporation
bengine.exe 5280 12,244 K 2,188 K Backup Exec Job Engine Symantec Corporation (Verified) Symantec Corporation
benetns.exe 5216 3,844 K 3,264 K Backup Exec Agent Browser Symantec Corporation (Verified) Symantec Corporation
AASCServer.exe 1656 11,356 K 1,228 K AASCServer Client Marketing Systems, Inc. (Unable to verify) Client Marketing Systems, Inc.

Attached Thumbnails

  • User_SIWEB.jpg

  • 0

#68
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
siweb$ seems to have old folders in its C:\Documents and Settings\siweb$\ folder so it may have been there a while plus it's not a really random name as the other one was. (Of course it's not hard for malware to change the date on a file so that's not really proof that it is OK.)

cd  "\Documents and Settings\siweb$"
dir  /s  >  \junk.txt

then attach c:\junk.txt. You can also look at \junk.txt and see if anything in it looks familiar.
  • 0

#69
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron,

What does the [ dir /s > \junk.txt ] command do to the siweb$ folder ???

Let me know ...
  • 0

#70
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
All it does it list it and its subfolders and put the list in a text file. It doesn't make any changes other than creating the file \junk.txt

See http://www.microsoft...s.mspx?mfr=true
  • 0

Advertisements


#71
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ok ... Here you go ...



Volume in drive C has no label.
Volume Serial Number is A81A-1662

Directory of C:\Documents and Settings\siweb$

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
08/22/2011 11:38 AM <DIR> Desktop
09/04/2012 02:18 PM <DIR> Favorites
09/04/2012 02:18 PM <DIR> My Documents
05/02/2005 05:51 PM <DIR> Start Menu
05/02/2005 05:53 PM 0 Sti_Trace.log
09/04/2012 02:18 PM <DIR> WINDOWS
1 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data

12/18/2009 09:24 AM <DIR> Adobe
09/04/2012 02:18 PM <DIR> Identities
03/18/2010 02:51 PM <DIR> Macromedia
05/29/2012 09:13 PM <DIR> Malwarebytes
08/28/2012 09:22 PM <DIR> TeamViewer
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Adobe

12/18/2009 09:24 AM <DIR> .
12/18/2009 09:24 AM <DIR> ..
12/18/2009 09:24 AM <DIR> Flash Player
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Adobe\Flash Player

12/18/2009 09:24 AM <DIR> .
12/18/2009 09:24 AM <DIR> ..
12/18/2009 09:24 AM <DIR> AssetCache
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Adobe\Flash Player\AssetCache

12/18/2009 09:24 AM <DIR> .
12/18/2009 09:24 AM <DIR> ..
12/18/2009 09:24 AM <DIR> PUECM7UY
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Adobe\Flash Player\AssetCache\PUECM7UY

12/18/2009 09:24 AM <DIR> .
12/18/2009 09:24 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Identities

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM <DIR> {BF972521-9396-4BA2-978B-DF004B61C870}
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Identities\{BF972521-9396-4BA2-978B-DF004B61C870}

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
03/18/2010 02:51 PM <DIR> Flash Player
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
03/18/2010 02:51 PM <DIR> #SharedObjects
03/18/2010 02:51 PM <DIR> macromedia.com
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\#SharedObjects

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
03/18/2010 02:51 PM <DIR> CLYMHN2J
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\#SharedObjects\CLYMHN2J

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\macromedia.com

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
03/18/2010 02:51 PM <DIR> support
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\macromedia.com\support

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
03/18/2010 02:51 PM <DIR> flashplayer
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer

03/18/2010 02:51 PM <DIR> .
03/18/2010 02:51 PM <DIR> ..
08/19/2011 11:37 AM <DIR> sys
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys

08/19/2011 11:37 AM <DIR> .
08/19/2011 11:37 AM <DIR> ..
08/19/2011 11:37 AM 456 settings.sol
1 File(s) 456 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Malwarebytes

05/29/2012 09:13 PM <DIR> .
05/29/2012 09:13 PM <DIR> ..
05/29/2012 09:13 PM <DIR> Malwarebytes' Anti-Malware
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Malwarebytes\Malwarebytes' Anti-Malware

05/29/2012 09:13 PM <DIR> .
05/29/2012 09:13 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft

12/17/2009 11:48 PM <DIR> CLR Security Config
09/04/2012 02:18 PM <DIR> Internet Explorer
05/02/2005 06:00 PM <DIR> Media Player
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\CLR Security Config

12/17/2009 11:48 PM <DIR> .
12/17/2009 11:48 PM <DIR> ..
05/29/2012 12:20 PM <DIR> v1.1.4322
07/14/2010 08:47 PM <DIR> v2.0.50727.42
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\CLR Security Config\v1.1.4322

05/29/2012 12:20 PM <DIR> .
05/29/2012 12:20 PM <DIR> ..
03/06/2012 04:33 PM 21,768 security.config
05/29/2012 12:20 PM 42,248 security.config.cch
2 File(s) 64,016 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\CLR Security Config\v2.0.50727.42

07/14/2010 08:47 PM <DIR> .
07/14/2010 08:47 PM <DIR> ..
07/14/2010 08:47 PM 12,238 security.config.cch
06/29/2010 04:26 PM 9,058 security.config.cch.4516.220093
12/17/2009 11:58 PM 1,884 security.config.cch.6520.4064990546
05/18/2010 07:54 AM 5,176 security.config.cch.9680.53457171
4 File(s) 28,356 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\Internet Explorer

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM <DIR> Quick Launch
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\Internet Explorer\Quick Launch

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 815 Launch Internet Explorer Browser.lnk
1 File(s) 815 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\Microsoft\Media Player

05/02/2005 06:00 PM <DIR> .
05/02/2005 06:00 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Application Data\TeamViewer

08/28/2012 09:22 PM <DIR> .
08/28/2012 09:22 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Cookies

09/04/2012 02:18 PM 32,768 index.dat
08/19/2011 11:37 AM 188 [email protected][2].txt
03/18/2010 02:52 PM 235 [email protected][1].txt
03/18/2010 02:53 PM 818 [email protected][2].txt
08/19/2011 11:37 AM 186 [email protected][1].txt
08/19/2011 11:37 AM 1,210 [email protected][1].txt
03/18/2010 02:52 PM 130 [email protected][1].txt
03/18/2010 02:52 PM 140 [email protected][2].txt
03/18/2010 02:52 PM 101 [email protected][1].txt
08/19/2011 11:37 AM 251 [email protected][1].txt
10 File(s) 36,027 bytes

Directory of C:\Documents and Settings\siweb$\Desktop

08/22/2011 11:38 AM <DIR> .
08/22/2011 11:38 AM <DIR> ..
08/22/2011 11:40 AM <DIR> AATS
08/19/2011 11:38 AM 889,416 dotNetFx40_Full_setup.exe
03/17/2008 08:08 AM 1,638 Job Monitor.lnk
2 File(s) 891,054 bytes

Directory of C:\Documents and Settings\siweb$\Desktop\AATS

08/22/2011 11:40 AM <DIR> .
08/22/2011 11:40 AM <DIR> ..
08/22/2011 11:40 AM 13,401,688 AAV2ConversionSetupV15-209-230.exe
1 File(s) 13,401,688 bytes

Directory of C:\Documents and Settings\siweb$\Favorites

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
12/03/2006 07:05 PM <DIR> Dell
09/04/2012 02:18 PM <DIR> Links
09/04/2012 02:18 PM <DIR> Microsoft Websites
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Favorites\Dell

12/03/2006 07:05 PM <DIR> .
12/03/2006 07:05 PM <DIR> ..
12/03/2006 07:53 PM 58 Dell.url
12/03/2006 07:53 PM 61 Support.Dell.com.url
2 File(s) 119 bytes

Directory of C:\Documents and Settings\siweb$\Favorites\Links

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 226 Web Slice Gallery.url
1 File(s) 226 bytes

Directory of C:\Documents and Settings\siweb$\Favorites\Microsoft Websites

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 133 IE Add-on site.url
09/04/2012 02:18 PM 133 IE site on Microsoft.com.url
09/04/2012 02:18 PM 133 Microsoft At Home.url
09/04/2012 02:18 PM 133 Microsoft At Work.url
09/04/2012 02:18 PM 134 Microsoft Store.url
5 File(s) 666 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings

09/04/2012 02:18 PM <DIR> Temp
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data

03/14/2012 01:56 PM 21,800 GDIPFONTCACHEV1.DAT
04/10/2009 07:49 AM <DIR> PCHealth
12/23/2006 10:16 AM <DIR> Symantec
1 File(s) 21,800 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft

09/04/2012 02:18 PM <DIR> CD Burning
04/16/2012 02:09 PM <DIR> Dr Watson
09/04/2012 02:18 PM <DIR> Feeds
08/21/2012 08:01 PM <DIR> Internet Explorer
05/02/2005 06:00 PM <DIR> Media Player
09/04/2012 02:18 PM <DIR> Office
09/04/2012 02:18 PM <DIR> Windows
05/02/2005 06:00 PM <DIR> Windows Media
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\CD Burning

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Dr Watson

04/16/2012 02:09 PM <DIR> .
04/16/2012 02:09 PM <DIR> ..
04/16/2012 02:09 PM 202,904 drwtsn32.log
04/16/2012 02:09 PM 57,932 user.dmp
2 File(s) 260,836 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 6,144 FeedsStore.feedsdb-ms
09/04/2012 02:18 PM <DIR> Microsoft Feeds~
1 File(s) 6,144 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds\Microsoft Feeds~

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 28,672 Microsoft at Home~.feed-ms
09/04/2012 02:18 PM 28,672 Microsoft at Work~.feed-ms
2 File(s) 57,344 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~

09/04/2012 02:18 PM 28,672 Web Slice Gallery~.feed-ms
1 File(s) 28,672 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds Cache\6MNQXYW4

09/04/2012 02:18 PM 0 fwlink[1]
1 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds Cache\IFF20IS8

09/04/2012 02:18 PM 0 fwlink[1]
1 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Feeds Cache\JDH4LY20

09/04/2012 02:18 PM 0 fwlink[1]
1 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Internet Explorer

08/21/2012 08:01 PM <DIR> .
08/21/2012 08:01 PM <DIR> ..
09/04/2012 02:18 PM 7,918 brndlog.bak
09/04/2012 02:18 PM 7,802 brndlog.txt
03/18/2010 02:51 PM 16,384 MSIMGSIZ.DAT
08/21/2012 08:01 PM <DIR> Recovery
3 File(s) 32,104 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery

08/21/2012 08:01 PM <DIR> .
08/21/2012 08:01 PM <DIR> ..
08/22/2012 12:30 AM <DIR> Active
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active

08/22/2012 12:30 AM <DIR> .
08/22/2012 12:30 AM <DIR> ..
08/22/2012 12:30 AM 3,584 RecoveryStore.{2EA8A020-EC2B-11E1-9311-00188B42E686}.dat
08/22/2012 12:30 AM 3,584 RecoveryStore.{2EA8C730-EC2B-11E1-9311-00188B42E686}.dat
08/21/2012 08:01 PM 3,584 RecoveryStore.{ABADA71A-EC05-11E1-9311-00188B42E686}.dat
08/21/2012 08:01 PM 3,584 RecoveryStore.{ABADCE29-EC05-11E1-9311-00188B42E686}.dat
08/22/2012 12:30 AM 4,096 {2EA8A021-EC2B-11E1-9311-00188B42E686}.dat
08/22/2012 12:30 AM 4,096 {2EA8C731-EC2B-11E1-9311-00188B42E686}.dat
08/21/2012 08:01 PM 4,096 {ABADA71B-EC05-11E1-9311-00188B42E686}.dat
08/21/2012 08:01 PM 4,096 {ABADCE2A-EC05-11E1-9311-00188B42E686}.dat
8 File(s) 30,720 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Media Player

05/02/2005 06:00 PM <DIR> .
05/02/2005 06:00 PM <DIR> ..
05/02/2005 06:00 PM 720,896 CurrentDatabase_59R.wmdb
1 File(s) 720,896 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Office

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Windows

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Windows Media

05/02/2005 06:00 PM <DIR> .
05/02/2005 06:00 PM <DIR> ..
05/02/2005 06:00 PM <DIR> 10.0
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Microsoft\Windows Media\10.0

05/02/2005 06:00 PM <DIR> .
05/02/2005 06:00 PM <DIR> ..
05/29/2012 12:33 PM 498 WMSDKNS.DTD
05/29/2012 12:33 PM 12,784 WMSDKNS.XML
2 File(s) 13,282 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\PCHealth

04/10/2009 07:49 AM <DIR> .
04/10/2009 07:49 AM <DIR> ..
04/10/2009 07:49 AM <DIR> ErrorRep
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\PCHealth\ErrorRep

04/10/2009 07:49 AM <DIR> .
04/10/2009 07:49 AM <DIR> ..
04/10/2009 07:49 AM <DIR> QSignoff
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff

04/10/2009 07:49 AM <DIR> .
04/10/2009 07:49 AM <DIR> ..
04/10/2009 07:49 AM 1,117 18097268.cab
04/10/2009 07:49 AM 2,414 18097268.txt
04/10/2009 07:49 AM 0 dwq.snt
3 File(s) 3,531 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Symantec

12/23/2006 10:16 AM <DIR> .
12/23/2006 10:16 AM <DIR> ..
12/23/2006 10:16 AM <DIR> Symantec AntiVirus Corporate Edition
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition

12/23/2006 10:16 AM <DIR> .
12/23/2006 10:16 AM <DIR> ..
12/23/2006 10:16 AM <DIR> 7.5
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

12/23/2006 10:16 AM <DIR> .
12/23/2006 10:16 AM <DIR> ..
12/23/2006 10:16 AM <DIR> Logs
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Logs

12/23/2006 10:16 AM <DIR> .
12/23/2006 10:16 AM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\History\History.IE5

09/04/2012 02:18 PM 32,768 index.dat
1 File(s) 32,768 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temp

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files

12/17/2009 04:34 PM <DIR> AntiPhishing
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\AntiPhishing

12/17/2009 04:34 PM <DIR> .
12/17/2009 04:34 PM <DIR> ..
12/17/2009 04:34 PM 78,924 A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat
1 File(s) 78,924 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5

09/04/2012 02:18 PM 163,840 index.dat
1 File(s) 163,840 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5\496JSLMJ

09/04/2012 02:18 PM 25,214 ico_server[1]
09/04/2012 02:18 PM 1,018 info[1]
09/04/2012 02:18 PM 9,645 mysstatic[1]
09/04/2012 02:18 PM 1,626 mys_small[1]
4 File(s) 37,503 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5\C1YBOH27

09/04/2012 02:18 PM 1,061 greenarrow_small[1]
09/04/2012 02:18 PM 1,800 info_large[1]
09/04/2012 02:18 PM 12,210 mys[1]
09/04/2012 02:18 PM 3,437 mys[2]
4 File(s) 18,508 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5\O52VKH6R

09/04/2012 02:18 PM 1,671 cys_small[1]
09/04/2012 02:18 PM 1,383 greenarrow_large[1]
09/04/2012 02:18 PM 1,053 help[1]
09/04/2012 02:18 PM 9,478 mysdynamic[1]
08/25/2012 03:10 PM 11,776 qnmgb[1].exe
5 File(s) 25,361 bytes

Directory of C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5\OL6ZKLEV

09/04/2012 02:18 PM 1,053 Help[1]
09/04/2012 02:18 PM 1,039 MinusIcon[1]
09/04/2012 02:18 PM 14,043 mysstatic[1]
09/04/2012 02:18 PM 2,244 mys_large[1]
4 File(s) 18,379 bytes

Directory of C:\Documents and Settings\siweb$\My Documents

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\SendTo

05/29/2012 12:31 PM 0 Compressed (zipped) Folder.ZFSendToTarget
05/29/2012 12:31 PM 0 Desktop (create shortcut).DeskLink
05/29/2012 12:31 PM 0 Mail Recipient.MAPIMail
09/04/2012 02:18 PM 0 My Documents.mydocs
4 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu

05/02/2005 05:51 PM <DIR> .
05/02/2005 05:51 PM <DIR> ..
09/04/2012 02:18 PM <DIR> Programs
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM <DIR> Accessories
09/04/2012 02:18 PM 803 Internet Explorer.lnk
09/04/2012 02:18 PM 738 Outlook Express.lnk
05/29/2012 12:33 PM 1,599 Remote Assistance.lnk
05/02/2005 05:51 PM <DIR> Startup
3 File(s) 3,140 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs\Accessories

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
05/02/2005 06:00 PM <DIR> Accessibility
09/04/2012 02:18 PM 774 Address Book.lnk
05/29/2012 12:33 PM 1,555 Command Prompt.lnk
09/04/2012 02:18 PM <DIR> Entertainment
05/29/2012 12:33 PM 1,519 Notepad.lnk
05/29/2012 12:33 PM 276 Program Compatibility Wizard.lnk
05/29/2012 12:33 PM 1,519 Synchronize.lnk
09/04/2012 02:18 PM <DIR> System Tools
05/29/2012 12:31 PM 1,487 Windows Explorer.lnk
6 File(s) 7,130 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs\Accessories\Accessibility

05/02/2005 06:00 PM <DIR> .
05/02/2005 06:00 PM <DIR> ..
05/29/2012 12:33 PM 1,525 Magnifier.lnk
05/29/2012 12:33 PM 1,532 Narrator.lnk
05/29/2012 12:33 PM 1,501 On-Screen Keyboard.lnk
05/29/2012 12:33 PM 1,539 Utility Manager.lnk
4 File(s) 6,097 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs\Accessories\Entertainment

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 804 Windows Media Player.lnk
1 File(s) 804 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs\Accessories\System Tools

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM 833 Internet Explorer (No Add-ons).lnk
1 File(s) 833 bytes

Directory of C:\Documents and Settings\siweb$\Start Menu\Programs\Startup

05/02/2005 05:51 PM <DIR> .
05/02/2005 05:51 PM <DIR> ..
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\Templates

02/06/2000 03:26 PM 11,776 EXCEL9.XLS
04/07/2003 02:47 PM 12,800 PWRPNT11.POT
08/01/1997 02:37 AM 10,752 WINWORD8.DOC
3 File(s) 35,328 bytes

Directory of C:\Documents and Settings\siweb$\WINDOWS

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
09/04/2012 02:18 PM <DIR> system
0 File(s) 0 bytes

Directory of C:\Documents and Settings\siweb$\WINDOWS\system

09/04/2012 02:18 PM <DIR> .
09/04/2012 02:18 PM <DIR> ..
0 File(s) 0 bytes

Total Files Listed:
99 File(s) 16,027,367 bytes
182 Dir(s) 96,637,718,528 bytes free
  • 0

#72
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron ... This is the Symantec Full Scan log earlier this morning ...

It did find Trojan.Maljava under a shared drive for one of the Users ...


2A0806001721,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside c:\Documents and Settings\Administrator.STONE-TAPERT\Application Data\Sun\Java\jre1.7.0_03\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806001A02,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806001A02,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2 files inside c:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\PinfiParite.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806001F2E,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside c:\i386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806010213,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 8 files inside c:\Program Files\Symantec\Symantec Endpoint Protection Manager\Inetpub\ClientPackages\12a723c95d2d25233a8a273275a3a195\full.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806011F3A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\CHS\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012002,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 3 files inside d:\Program Files\Symantec\Backup Exec\Agents\SAP\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012002,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\ENG\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012002,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\DEU\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012003,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\ESP\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012004,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\FRA\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012004,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\ITA\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012005,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\KOR\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012005,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Program Files\Symantec\Backup Exec\Agents\Win9x\JPN\Data.Cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012133,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\elizabeth\Back-Up\elizabeth\Back-Up\My Docs\Emails\ATT1.eml due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012221,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\elizabeth\Back-Up\Emails\ATT1.eml due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080601232F,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 33 files inside d:\Shares\elizabeth\backup\IncrediMail Data.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806012809,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 22 files inside d:\Shares\elizabeth\IncrediMail Data.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806020703,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\alexis\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806022603,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\ckiskaden\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806022805,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 162 files inside d:\Shares\Home\ckiskaden\Desktop\Downloads\X12-30196.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806022926,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 3 files inside d:\Shares\Home\Copy of larry\Desktop\PALM\PalmDesktop41SP03ENG.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806022D19,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\david\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806023713,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080602372F,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Extractor.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806023813,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\8E88DA4F-457F-43c9-B901-7F6BCF49C76A\Extractor.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806023829,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\8E88DA4F-457F-43c9-B901-7F6BCF49C76A\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806023905,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\B0DD3CF4-BE32-4859-95EE-72867D3AF389\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080602391F,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\debbie\Application Data\Research In Motion\BlackBerry Desktop\Updates\B0DD3CF4-BE32-4859-95EE-72867D3AF389\Extractor.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806030322,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\Gail\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806030332,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\Gail\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Extractor.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806030E2B,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 4 files inside d:\Shares\Home\georgina\Desktop\Adobe\Photoshop Elements 7.0\Adobe Photoshop Elements\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080603100E,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\jesse\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080603101D,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\jesse\Application Data\Research In Motion\BlackBerry Desktop\Updates\33484803-750F-4154-A0A3-C0474F3BE1BE\Extractor.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806031609,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\jesse\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806031614,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\jesse\Application Data\Sun\Java\jre1.6.0_22\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080603161A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\jesse\Desktop\MF4450_MFDrivers_W32_us_EN-1\32bit\win2k_vista\fax.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806041A07,46,1,1,ST-SERVER,st_admin,Trojan.Maljava,d:\Shares\Home\joel\Application Data\Sun\Java\Deployment\cache\6.0\38\db6ea26-46377893,5,1,5,256,33570852,"",1346914343,,0,101 {33356233-9F84-43A3-A494-F9ABBEDF2C01} 2 2 Trojan.Maljava 2;0;13 0 0 0,0,41175,0,0,0,,,0,,0,0,4,0,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,999,,da90bb0c-9cce-4acc-869f-528c94320a5e,0,,


2A0806041A07,47,2,1,ST-SERVER,st_admin,,,,,,,16777216,"d:\shares\home\joel\application data\sun\java\deployment\cache\6.0\38\db6ea26-46377893",0,,0,101 0 0 File Detection Scan d:\\shares\\home\\joel\\application data\\sun\\java\\deployment\\cache\\6.0\\38\\db6ea26-46377893 0 0 0,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,da90bb0c-9cce-4acc-869f-528c94320a5e,,,

2A0806041A07,47,2,1,ST-SERVER,st_admin,,,,,,,16777216,"d:\shares\home\joel\application data\sun\java\deployment\cache\6.0\38\db6ea26-46377893",0,,0,101 0 0 File Detection Scan d:\\shares\\home\\joel\\application data\\sun\\java\\deployment\\cache\\6.0\\38\\db6ea26-46377893 0 0 0,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,da90bb0c-9cce-4acc-869f-528c94320a5e,,,

2A0806041A07,5,1,1,ST-SERVER,st_admin,Trojan.Maljava,d:\shares\home\joel\application data\sun\java\deployment\cache\6.0\38\db6ea26-46377893,5,1,19,256,16420,"",1346914343,,0,,1374193743,41175,0,0,0,,,0,,0,0,4,0,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,4,,da90bb0c-9cce-4acc-869f-528c94320a5e,31981568,,

2A0806041A0A,50,1,1,ST-SERVER,st_admin,,Internet browser temporary file cache,5,1,3,256,16420,"",1346914343,,0,101 0 0 Browser Cache Remediation Delete Internet browser temporary file cache 2011 1 0,0,41175,0,0,0,,,0,,0,0,4,0,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,da90bb0c-9cce-4acc-869f-528c94320a5e,0,,

2A0806041A0A,51,1,1,ST-SERVER,st_admin,Trojan.Maljava,d:\Shares\Home\joel\Application Data\Sun\Java\Deployment\cache\6.0\38\db6ea26-46377893,5,1,19,256,33570852,"",1346914343,,0,101 {33356233-9F84-43A3-A494-F9ABBEDF2C01} 2 2 Trojan.Maljava 2;0;13 0 0 0,31981568,41175,0,0,0,,,0,,0,0,4,0,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,999,,da90bb0c-9cce-4acc-869f-528c94320a5e,31981568,,

2A0806041A30,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\joel\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806041E33,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\Joyce\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806042414,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Home\kathleen\Application Data\Sun\Java\jre1.6.0_11\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806042B0F,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 3 files inside d:\Shares\Home\larry\Desktop\PALM\PalmDesktop41SP03ENG.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806051117,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 8 files inside d:\Shares\Software\Backup Exec 11d\BEWS_11D_32BIT_VERSION\WINNT\INSTALL\BE\Backup~1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605112B,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Software\Backup Exec 11d\BEWS_11D_32BIT_VERSION\WINNT\INSTALL\BE\IDR.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806051327,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 3 files inside d:\Shares\Software\Backup Exec 11d\BEWS_11D_32BIT_VERSION\WINNT\INSTALL\SAP\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806051503,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2924 files inside d:\Shares\Software\Backup Exec 11d\BEWS_11D_32BIT_VERSION.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605152A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Software\NAV 10.x\CentralQ\QConsole\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806051706,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Software\NAV 10.x\Tools\LiveUpdate\LUAU.EXE due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,


2A0806051737,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Software\Office 2003 Small Business\YH561403.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605180C,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 7 files inside d:\Shares\Software\pkzw450r.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605183B,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 8 files inside d:\Shares\Software\SEP\My Company_Test\Symantec Endpoint Protection 11.0.4014.26.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806051B1E,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 431 files inside d:\Shares\Software\Symantec Mail Security\SymantecMailSecurityforExchange_5.0.4.363_AllWin_IN.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605240F,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1410 files inside d:\Shares\Software\Symantec Multi-tier Protection\Symantec_Endpoint_Protection_11.0.4014_MR4_MP1_AllWin_EN_CD1\SEPM\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080605241E,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 8 files inside d:\Shares\Software\Symantec Multi-tier Protection\Symantec_Endpoint_Protection_11.0.4014_MR4_MP1_AllWin_EN_CD1\SEPM\Packages\SAV32.dat due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806052E10,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2283 files inside d:\Shares\Software\Symantec Multi-tier Protection\Symantec_Endpoint_Protection_11.0.4014_MR4_MP1_AllWin_EN_CD1.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806052E15,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Software\Symantec Multi-tier Protection\Symantec_Endpoint_Protection_11.0.4014_MR4_MP1_AllWin_EN_CD2\CentralQ\QConsole\Data1.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806052E38,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 5 files inside d:\Shares\Software\Symantec Multi-tier Protection\Symantec_Endpoint_Protection_11.0.4014_MR4_MP1_AllWin_EN_CD2.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806060529,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 3 files inside d:\Shares\Stone-Tapert\Bruce\My Deliveries\kdx\PalmDesktop41SP03ENG.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080606213A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 4 files inside d:\Shares\Tapert\Gail\My Documents\wiz00e.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080606213A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 4 files inside d:\Shares\Tapert\Gail\My Documents\wiz02e.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806062205,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2 files inside d:\Shares\Tapert\Gail\QuickFL\qffl.cab due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806062327,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Software\tmwfull.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806063210,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\CLIENTS\Prototypes, Inc\2009\BenefitsConnect Data\Prototype_ADP_Payroll TEST 11122009.zip due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806063808,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\CLIENTS\SCPH\2007\Carriers\Conexis\3401036.ZIP due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806072C29,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Don\backup 0305\My Documents\ar505enu.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806072C2B,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Don\backup 0305\Software\winzip81.exe due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806080D28,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Matt\old D\QBOOKSW2000\Components\Acrobat\AR40ENG.EXE due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806081F25,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Termed Employees\Jane Frausto\Individual Clients\IE55Inst\IE_S1.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806081F26,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Termed Employees\Jane Frausto\Individual Clients\IE55Inst\IE_S2.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806081F27,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Termed Employees\Jane Frausto\Individual Clients\IE55Inst\IE_S3.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806081F28,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\Shares\Tapert\Termed Employees\Jane Frausto\Individual Clients\IE55Inst\IE_S4.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806081F2A,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 2 files inside d:\Shares\Tapert\Termed Employees\Jane Frausto\Individual Clients\IE55Inst\MMSSETUP.CAB due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A0806083112,6,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Could not scan 1 files inside d:\I386\SOFTBAR.IN_ due to extraction errors encountered by the Decomposer Engines.",1346914343,,0,,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,

2A080608313A,2,2,1,ST-SERVER,st_admin,,,,,,,16777216,"Scan Complete: Risks: 1 Scanned: 1534694 Files/Folders/Drives Omitted: 8144",1346914343,,0,1:1:1534694:8144,,,,0,,,,,,,,,,,{A914058A-B67F-408E-9568-80202B0F4EF0},,,,STONE-TAPERT,00:18:8B:42:E6:86,11.0.4010.14,,,,,,,,,,,,,,,,0,,,,,
  • 0

#73
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
Not sure what this is. It looks like it has been around for a while. Several different dates. I suppose the malware could be pulling files from other users but generally they aren't that smart.

There is one file that I would submit to virustotal.com

C:\Documents and Settings\siweb$\Local Settings\Temporary Internet Files\Content.IE5\O52VKH6R\qnmgb[1].exe

You can delete c:\junk.txt.
  • 0

#74
RKinner

RKinner

    Malware Expert

  • Expert
  • 19,788 posts
  • MVP
It's in his Java Cache so he hit a bad website that tried to exploit his java. You might want to have him do a full scan on his system - preferably with ESET online:

Use IE and go to http://eset.com/onlinescan and click on ESET online Scanner. Accept the terms then press Start (If you get a warning from your browser tell it you want to run it).

# Check Scan Archives
# Push the Start button.
# ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
# When the scan completes, push LIST OF THREATS FOUND
# Push EXPORT TO TEXT FILE , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
# Push the BACK button.
# Push Finish
# Once the scan is completed, you may close the window.
# Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt
# Copy and paste that log as a reply.


Did Norton remove these file or just admire them?
  • 0

#75
rahanna

rahanna

    Member

  • Topic Starter
  • Member
  • PipPip
  • 96 posts
Ron ...

The files came back clean 0/42

All I am concerned about is when I reboot ...

I still get the "One of the Services didn't load ... " at the login screen ...

What can it be triggered by to start ???
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP