Win32.brontok has appeared

3 posters

GeekPolice :: GeekPolice tech support archive :: Technical Support

Win32.brontok has appeared1st June 2009, 9:18 pm

Hello,
I had removed WnPC virus last week (or so I thought), and installed Firefox browser today and am now getting a "Security Center Alert" stating that I have suspicious sofware, Win32.Brontok.
"This worm spreads via the Internet as an attachment to infected messages. It sends itself to email addresses harvested from the victim machine."
It then proceeds to request that I "enable protection".

Can anyone help me rid of this message? It's popped up a few times over the last hour already. I'm not very computer literate, so please be patient with me...thanks!

Re: Win32.brontok has appeared1st June 2009, 9:26 pm

Please download the current version of HijackThis from HERE

Double click and run the installer.
It will install to C:\Program Files\Trend Micro\HijackThis\hijackthis.exe
After installing, you should get the user agreement, press accept and Hijack This will run.
Select Do a system scan and save a log file. This will open a notepad file of everything Hijack This found, copy and paste it back here.

Re: Win32.brontok has appeared1st June 2009, 9:55 pm

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:50:32 PM, on 01/06/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Internet Explorer\Iexplore.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
C:\Program Files\QuickTime\QTTask.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\drivers\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\QUICKENW\QWDLLS.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.ca/0SEENCA/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.thestar.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [DataLayer] C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: Event Reminder.lnk = C:\pmw\PMREMIND.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Billminder.lnk = C:\QUICKENW\BILLMIND.EXE
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab34120.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - https://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.3.7.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - https://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121530283044
O16 - DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} (Onyx Masked Edit Control Class) - http://oeas.monteracorp.com/onyxemployeeportal/OnyxMaskEdit2Dual.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab35645.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O16 - DPF: {FF3C5A9F-5A99-4930-80E8-4709194C2AD3} (ZPA_Backgammon Object) - http://zone.msn.com/bingame/zpagames/ZPA_Backgammon.cab36385.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe

--
End of file - 6888 bytes

Re: Win32.brontok has appeared2nd June 2009, 12:15 am

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

Re: Win32.brontok has appeared2nd June 2009, 12:26 am

Hi,

I've installed Malwarebytes' Anti-Malware...but the program isn't starting up.

I had the same problem last wee, when I was trying to remove WnPC. I had to use SuperAntispyware.

Please advise,

Thanks. Jackie

Re: Win32.brontok has appeared2nd June 2009, 12:29 am

Hello.

Please disable Ad-Watch, as it may hinder the removal of some HijackThis entries. You can re-enable it after your computer is clean. Please see here for instructions on how to disable it:

1. Right-click on the Ad-Watch icon in the system tray (located down by the system clock for most configurations)
2. Choose *Settings* from the dropdown menu
3. Under the *General Settings* tab turn OFF (red x) the option to "Load Ad-Watch at Startup" (if enabled)
Win32.brontok has appeared Post-65-1216314425

Win32.brontok has appeared Post-65-1216314425

4. Click on the *Status* button in the left hand menu
5. Turn OFF (red x) the option for *Regshield*
6. Close that window, then right-click on the Ad-Watch icon shield again down in the system tray next to the clock.
7. Choose *Turn off Ad-Watch* from the drop menu

Open HijackThis
Choose "Do a system scan only"
Check the boxes in front of these lines:

O4 - HKCU\..\Run: [SVCHOST.EXE] C:\WINDOWS\system32\drivers\svchost.exe
Press "Fix Checked"
Close Hijack This.

Next,

Download combofix from here
Link 1
Link 2

1. If you are using Firefox, make sure that your download settings are as follows:

* Tools->Options->Main tab
* Set to "Always ask me where to Save the files".

2. During the download, rename Combofix to Combo-Fix as follows:

3. It is important you rename Combofix during the download, but not after.
4. Please do not rename Combofix to other names, but only to the one indicated.
5. Close any open browsers.
6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
We need to disable your local AV (Anti-virus) before running Combofix.
See HERE for how to disable your AV. (AVG8/Ad-watch)
Double click on ComboFix.exe.
Follow the prompts. NOTE:
ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
Allow ComboFix to download the Recovery Console.
Accept the End-User License Agreement.
The Recovery Console will be installed.
You will then get this next prompt that asks if you want to continue the malware scan, select yes
Allow combofix to run
Post C:\combofix.txt back here.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.

Re: Win32.brontok has appeared2nd June 2009, 12:42 am

Oh boy. I seem to be stuck just trying to disable the Ad-watch setting. The Ad-aware icon is on the bottom near the clock. I found the Ad-watch "live" button. But the screen looks nothing like what you have above...it has a "settings" button but no "general settings" afterwards...help!

Re: Win32.brontok has appeared2nd June 2009, 1:01 am

OK. I've just exited Ad-aware using your bleepingcomputer.com link. I'll continue with what you've suggested above wrt combo-fix.

Re: Win32.brontok has appeared2nd June 2009, 2:15 am

ComboFix 09-05-31.06 - Jackie 01/06/2009 21:48.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.159 [GMT -4:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jackie\Application Data\Google\vsjyn859746.exe
c:\windows\system32\drivers\UACgwyxjepyodxfilr.sys
c:\windows\system32\UACetpmshsixplisjm.dat
c:\windows\system32\uacinit.dll
c:\windows\system32\UACktclfhbwjiolluw.log
c:\windows\system32\UACnmheydjscmpbkoy.dll
c:\windows\system32\UACoirmtjlkxjcnfjs.dll
c:\windows\system32\UACpusjihyedntlpap.dll
c:\windows\system32\UACsqqpnquoowbureo.dll
c:\windows\system32\UACtkcuyncxnuoehxy.log
c:\windows\system32\UACvojcaodkyhmbelc.dll
c:\windows\system32\UACyumjehixskkhaww.log
c:\windows\Sysvxd.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_ATI64SI
-------\Legacy_FIPS32CUP
-------\Legacy_I386SI
-------\Legacy_SECURENTM
-------\Service_ati64si
-------\Service_fips32cup
-------\Service_i386si
-------\Service_securentm

((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 00:21 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 00:21 . 2009-06-02 00:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-02 00:21 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 00:21 . 2009-06-02 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 00:04 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-02 00:03 . 2009-06-02 00:03 464 ---ha-w- C:\aaw7boot.cmd
2009-06-01 23:08 . 2009-06-01 23:08 314200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-01 23:08 . 2009-06-01 23:08 25440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-01 23:08 . 2009-06-01 23:08 15688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 23:08 . 2009-06-01 23:08 169312 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-01 23:08 . 2009-06-01 23:08 348496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-01 23:08 . 2009-06-01 23:08 294240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-01 23:08 . 2009-06-01 23:08 83808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 23:06 . 2009-06-01 23:06 1629024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-01 23:05 . 2009-06-01 23:05 212848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 23:05 . 2009-06-01 23:05 40288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 23:05 . 2009-06-01 23:05 64160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-01 23:05 . 2009-06-01 23:05 632680 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-01 23:04 . 2009-06-01 23:04 540536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-01 23:04 . 2009-06-01 23:04 559464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-01 23:04 . 2009-06-01 23:04 2352456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-01 23:03 . 2009-06-01 23:03 627536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-01 23:03 . 2009-06-01 23:03 518488 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 23:03 . 2009-06-01 23:03 953168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-01 21:45 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-01 21:45 . 2009-06-01 21:45 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 21:23 . 2009-06-01 21:23 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 21:23 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-01 21:22 . 2009-06-01 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-06-01 21:22 . 2009-06-01 21:22 -------- d-----w- c:\program files\Lavasoft
2009-06-01 18:15 . 2009-06-01 18:15 422 ----a-w- c:\documents and settings\Jackie\Application Data\Apple Computer\socks1.exe
2009-06-01 18:15 . 2009-06-01 18:15 16141 ----a-w- c:\documents and settings\Jackie\Application Data\GARMIN\lego.exe
2009-06-01 18:15 . 2009-06-01 18:15 145131 ----a-w- c:\documents and settings\Jackie\Application Data\Download Manager\nomad.exe
2009-06-01 18:15 . 2009-06-01 18:15 13221 ----a-w- c:\documents and settings\Jackie\Application Data\AdobeUM\rengo.dll
2009-06-01 18:15 . 2009-06-01 18:15 11410 ----a-w- c:\documents and settings\Jackie\Application Data\Help\msgdi.dll
2009-06-01 18:15 . 2009-06-01 18:15 11232 ----a-w- c:\documents and settings\Jackie\Application Data\Adobe\shalom.exe
2009-06-01 18:15 . 2009-06-01 18:15 10121 ----a-w- c:\documents and settings\Jackie\Application Data\Identities\kern.dll
2009-06-01 16:07 . 2009-06-01 16:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 16:07 . 2009-06-01 16:07 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Mozilla
2009-05-27 13:36 . 2009-06-01 18:30 117760 ----a-w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-27 13:35 . 2009-05-27 13:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-05-27 13:31 . 2009-06-01 18:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 13:31 . 2009-05-27 13:31 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-05-27 13:27 . 2009-05-27 13:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-27 02:44 . 2009-05-27 02:44 -------- d-----w- c:\program files\Trend Micro
2009-05-26 16:58 . 2009-05-26 16:58 183 ----a-w- c:\documents and settings\Jackie\Application Data\asd.bat
2009-05-23 13:11 . 2009-05-17 12:08 2051864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 13:11 . 2009-05-17 12:08 3288344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\setup.exe
2009-05-23 13:11 . 2009-05-17 12:08 424472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-23 13:11 . 2009-05-17 12:08 177432 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmail.dll
2009-05-23 13:11 . 2009-05-17 12:08 354584 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
2009-05-23 13:11 . 2009-05-17 12:08 312088 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglngx.dll
2009-05-23 13:11 . 2009-05-17 12:08 486168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
2009-05-23 13:09 . 2009-05-12 12:19 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 13:09 . 2009-05-12 12:19 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll

Re: Win32.brontok has appeared2nd June 2009, 2:16 am

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 01:18 . 2004-12-21 17:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 01:16 . 2004-12-21 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-01 20:51 . 2006-10-12 13:36 -------- d-----w- c:\program files\Yahoo!
2009-05-31 20:48 . 2008-04-29 20:50 -------- d-----w- c:\documents and settings\Jackie\Application Data\U3
2009-05-31 20:46 . 2009-05-31 20:46 0 ----a-w- C:\LOG14.tmp
2009-05-29 20:12 . 2009-05-29 20:12 0 ----a-w- C:\LOG2F.tmp
2009-05-17 12:08 . 2009-02-26 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-17 12:08 . 2008-12-22 23:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-17 12:08 . 2008-12-22 23:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-06 14:22 . 2004-08-04 04:56 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-26 67128]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-4-14 36864]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-26 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-4-14 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-17 12:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winhm05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winkp05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winmr05.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Winsx38.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 5:45 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/12/2008 7:49 PM 325896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/02/2009 9:15 AM 298776]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MRTRATE.SYS [03/03/2006 10:47 AM 36404]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [22/12/2004 10:22 PM 184832]
S0 Winhm05;Winhm05;c:\windows\system32\Drivers\Winhm05.sys --> c:\windows\system32\Drivers\Winhm05.sys [?]
S0 Winkp05;Winkp05;c:\windows\system32\Drivers\Winkp05.sys --> c:\windows\system32\Drivers\Winkp05.sys [?]
S0 Winmr05;Winmr05;c:\windows\system32\Drivers\Winmr05.sys --> c:\windows\system32\Drivers\Winmr05.sys [?]
S0 Winsx38;Winsx38;c:\windows\system32\Drivers\Winsx38.sys --> c:\windows\system32\Drivers\Winsx38.sys [?]
S3 e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c;e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 3:06 PM 951632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-realteks - c:\documents and settings\Jackie\Application Data\Google\vsjyn859746.exe
HKLM-Run-Logitech Hardware Abstraction Layer - KHALMNPR.EXE
SafeBoot-procexp90.Sys

.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.thestar.com/
uInternet Settings,ProxyOverride = localhost
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} - hxxp://oeas.monteracorp.com/onyxemployeeportal/OnyxMaskEdit2Dual.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 21:58
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(720)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
.
**************************************************************************
.
Completion time: 2009-06-02 22:05 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 02:05

Pre-Run: 7,949,697,024 bytes free
Post-Run: 8,092,303,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin

221 --- E O F --- 2009-06-02 00:01

Re: Win32.brontok has appeared2nd June 2009, 2:57 am

Now open a new notepad file.
Input this into the notepad file:

DirLook::
c:\documents and settings\Jackie\Application Data\Apple Computer\socks1.exe

File::
c:\documents and settings\Jackie\Application Data\asd.bat
C:\LOG14.tmp
C:\LOG2F.tmp

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=-
"UpdatesDisableNotify"=-

Driver::
Winhm05
Winkp05
Winmr05
Winsx38

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Win32.brontok has appeared Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: Win32.brontok has appeared2nd June 2009, 3:58 am

ComboFix 09-05-31.06 - Jackie 01/06/2009 23:35.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.157 [GMT -4:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Jackie\Application Data\asd.bat"
"C:\LOG14.tmp"
"C:\LOG2F.tmp"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Jackie\Application Data\asd.bat
C:\LOG14.tmp
C:\LOG2F.tmp

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_Winhm05
-------\Service_Winkp05
-------\Service_Winmr05
-------\Service_Winsx38

((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 03:10 . 2009-06-02 03:20 -------- d-----w- c:\documents and settings\Jackie\Tracing
2009-06-02 03:03 . 2009-06-02 03:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 03:02 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-02 02:51 . 2009-06-02 02:51 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-02 02:49 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-02 02:44 . 2009-06-02 02:44 -------- d-----w- c:\program files\Microsoft
2009-06-02 02:44 . 2009-06-02 02:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-02 02:43 . 2009-06-02 03:02 -------- d-----w- c:\program files\Windows Live
2009-06-02 02:36 . 2009-06-02 02:36 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-02 00:21 . 2009-05-26 17:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-02 00:21 . 2009-06-02 00:21 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2009-06-02 00:21 . 2009-05-26 17:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-02 00:21 . 2009-06-02 00:22 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-02 00:04 . 2009-03-09 19:06 15688 ----a-w- c:\windows\system32\lsdelete.exe
2009-06-02 00:03 . 2009-06-02 00:03 464 ---ha-w- C:\aaw7boot.cmd
2009-06-01 23:08 . 2009-06-01 23:08 314200 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\threatwork.exe
2009-06-01 23:08 . 2009-06-01 23:08 25440 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\savapibridge.dll
2009-06-01 23:08 . 2009-06-01 23:08 15688 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lsdelete.exe
2009-06-01 23:08 . 2009-06-01 23:08 169312 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavamessage.dll
2009-06-01 23:08 . 2009-06-01 23:08 348496 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\lavalicense.dll
2009-06-01 23:08 . 2009-06-01 23:08 294240 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\UpdateManager.dll
2009-06-01 23:08 . 2009-06-01 23:08 83808 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\ShellExt.dll
2009-06-01 23:06 . 2009-06-01 23:06 1629024 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Resources.dll
2009-06-01 23:05 . 2009-06-01 23:05 212848 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\RPAPI.dll
2009-06-01 23:05 . 2009-06-01 23:05 40288 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\PrivacyClean.dll
2009-06-01 23:05 . 2009-06-01 23:05 64160 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Drivers\32\lbd.sys
2009-06-01 23:05 . 2009-06-01 23:05 632680 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\CEAPI.dll
2009-06-01 23:04 . 2009-06-01 23:04 540536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareCommand.exe
2009-06-01 23:04 . 2009-06-01 23:04 559464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-AwareAdmin.exe
2009-06-01 23:04 . 2009-06-01 23:04 2352456 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\Ad-Aware.exe
2009-06-01 23:03 . 2009-06-01 23:03 627536 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWWSC.exe
2009-06-01 23:03 . 2009-06-01 23:03 518488 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWTray.exe
2009-06-01 23:03 . 2009-06-01 23:03 953168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft\Ad-Aware\Update\AAWService.exe
2009-06-01 21:45 . 2009-03-09 19:06 64160 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-06-01 21:45 . 2009-06-02 03:02 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 21:23 . 2009-06-01 21:23 -------- dc-h--w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-06-01 21:23 . 2009-03-12 08:17 2902048 -c--a-w- c:\documents and settings\All Users.WINDOWS\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}\Ad-AwareAE.exe
2009-06-01 21:22 . 2009-06-01 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-06-01 21:22 . 2009-06-01 21:22 -------- d-----w- c:\program files\Lavasoft
2009-06-01 18:15 . 2009-06-01 18:15 422 ----a-w- c:\documents and settings\Jackie\Application Data\Apple Computer\socks1.exe
2009-06-01 18:15 . 2009-06-01 18:15 16141 ----a-w- c:\documents and settings\Jackie\Application Data\GARMIN\lego.exe
2009-06-01 18:15 . 2009-06-01 18:15 145131 ----a-w- c:\documents and settings\Jackie\Application Data\Download Manager\nomad.exe
2009-06-01 18:15 . 2009-06-01 18:15 13221 ----a-w- c:\documents and settings\Jackie\Application Data\AdobeUM\rengo.dll
2009-06-01 18:15 . 2009-06-01 18:15 11410 ----a-w- c:\documents and settings\Jackie\Application Data\Help\msgdi.dll
2009-06-01 18:15 . 2009-06-01 18:15 11232 ----a-w- c:\documents and settings\Jackie\Application Data\Adobe\shalom.exe
2009-06-01 18:15 . 2009-06-01 18:15 10121 ----a-w- c:\documents and settings\Jackie\Application Data\Identities\kern.dll
2009-06-01 16:07 . 2009-06-01 16:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 16:07 . 2009-06-01 16:07 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Mozilla
2009-05-27 13:36 . 2009-06-01 18:30 117760 ----a-w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-05-27 13:35 . 2009-05-27 13:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-05-27 13:31 . 2009-06-01 18:32 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 13:31 . 2009-05-27 13:31 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-05-27 13:27 . 2009-05-27 13:27 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-05-27 02:44 . 2009-05-27 02:44 -------- d-----w- c:\program files\Trend Micro
2009-05-23 13:11 . 2009-05-17 12:08 2051864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 13:11 . 2009-05-17 12:08 3288344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\setup.exe
2009-05-23 13:11 . 2009-05-17 12:08 424472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-23 13:11 . 2009-05-17 12:08 177432 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmail.dll
2009-05-23 13:11 . 2009-05-17 12:08 354584 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
2009-05-23 13:11 . 2009-05-17 12:08 312088 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglngx.dll
2009-05-23 13:11 . 2009-05-17 12:08 486168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
2009-05-23 13:09 . 2009-05-12 12:19 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 13:09 . 2009-05-12 12:19 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-02 03:07 . 2004-12-22 03:34 18504 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-02 01:18 . 2004-12-21 17:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 01:16 . 2004-12-21 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-01 20:51 . 2006-10-12 13:36 -------- d-----w- c:\program files\Yahoo!
2009-05-31 20:48 . 2008-04-29 20:50 -------- d-----w- c:\documents and settings\Jackie\Application Data\U3
2009-05-17 12:08 . 2009-02-26 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-17 12:08 . 2008-12-22 23:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-17 12:08 . 2008-12-22 23:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-06 14:22 . 2004-08-04 04:56 284160 ----a-w- c:\windows\system32\pdh.dll
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\Jackie\Application Data\Apple Computer\socks1.exe ----

Re: Win32.brontok has appeared2nd June 2009, 4:01 am

((((((((((((((((((((((((((((( SnapShot@2009-06-02_01.59.20 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-02-06 22:52 . 2009-02-06 22:52 49504 c:\windows\system32\sirenacm.dll
+ 2004-12-21 15:16 . 2009-06-02 03:02 58998 c:\windows\system32\perfc009.dat
+ 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\system32\netfxperf.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 74240 c:\windows\system32\mscories.dll
+ 2009-06-02 03:02 . 2009-02-06 22:08 55152 c:\windows\system32\DRVSTORE\fssfltr_A1BAE7BA557F7F8ABCBF040E8C71D6B14223DCB0\fssfltr_tdi.sys
+ 2005-09-23 11:28 . 2005-09-23 11:28 83456 c:\windows\system32\dfshim.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28160 c:\windows\Microsoft.NET\Framework\v2.0.50727\WMINet_Utils.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 71680 c:\windows\Microsoft.NET\Framework\v2.0.50727\TLBREF.DLL
+ 2005-09-23 11:28 . 2005-09-23 11:28 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.RegularExpressions.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 47616 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Thunk.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.Design.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Configuration.Install.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\ShFusRes.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 59072 c:\windows\Microsoft.NET\Framework\v2.0.50727\regtlibv12.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegSvcs.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 53248 c:\windows\Microsoft.NET\Framework\v2.0.50727\RegAsm.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 78336 c:\windows\Microsoft.NET\Framework\v2.0.50727\PerfCounter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 14848 c:\windows\Microsoft.NET\Framework\v2.0.50727\normalization.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 96440 c:\windows\Microsoft.NET\Framework\v2.0.50727\ngen.exe
+ 2005-09-23 11:29 . 2005-09-23 11:29 22528 c:\windows\Microsoft.NET\Framework\v2.0.50727\MUI\0409\mscorsecr.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscortim.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 66240 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 67072 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsec.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorld.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorie.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 73216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 69632 c:\windows\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\MmcAspExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 12800 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 32768 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Vsa.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Vsa.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 73728 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Utilities.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Framework.dll
+ 2005-09-23 10:36 . 2005-09-23 10:36 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3082.dll
+ 2005-09-23 10:29 . 2005-09-23 10:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.3076.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2070.dll
+ 2005-09-23 10:30 . 2005-09-23 10:30 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.2052.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1055.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1053.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1049.dll
+ 2005-09-23 10:47 . 2005-09-23 10:47 82432 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1046.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1045.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1044.dll
+ 2005-09-23 10:46 . 2005-09-23 10:46 83456 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1043.dll
+ 2005-09-23 10:44 . 2005-09-23 10:44 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1042.dll
+ 2005-09-23 10:42 . 2005-09-23 10:42 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1041.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 84480 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1040.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 83968 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1038.dll
+ 2005-09-23 10:40 . 2005-09-23 10:40 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1037.dll
+ 2005-09-23 10:38 . 2005-09-23 10:38 86016 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1036.dll
+ 2005-09-23 10:38 . 2005-09-23 10:38 81408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1035.dll
+ 2005-09-23 07:46 . 2005-09-23 07:46 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1033.dll
+ 2005-09-23 10:36 . 2005-09-23 10:36 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1032.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 85504 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1031.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 81920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1030.dll
+ 2005-09-23 10:34 . 2005-09-23 10:34 82944 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1029.dll
+ 2005-09-23 10:32 . 2005-09-23 10:32 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1028.dll
+ 2005-09-23 10:29 . 2005-09-23 10:29 80896 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.res.1025.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 40960 c:\windows\Microsoft.NET\Framework\v2.0.50727\jsc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 72192 c:\windows\Microsoft.NET\Framework\v2.0.50727\ISymWrapper.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 55296 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtilLib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 28672 c:\windows\Microsoft.NET\Framework\v2.0.50727\InstallUtil.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEHost.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 52736 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfdll.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 31936 c:\windows\Microsoft.NET\Framework\v2.0.50727\cvtres.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 68608 c:\windows\Microsoft.NET\Framework\v2.0.50727\CustomMarshalers.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 17920 c:\windows\Microsoft.NET\Framework\v2.0.50727\Culture.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 13312 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscompmgd.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 76984 c:\windows\Microsoft.NET\Framework\v2.0.50727\csc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 88576 c:\windows\Microsoft.NET\Framework\v2.0.50727\CORPerfMonExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 29888 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_wp.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 29896 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 26824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regiis.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 13824 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regbrowsers.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 70656 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_rc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 23552 c:\windows\Microsoft.NET\Framework\v2.0.50727\Aspnet_perf.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_filter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 36864 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_compiler.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 55488

Re: Win32.brontok has appeared2nd June 2009, 4:06 am

c:\windows\Microsoft.NET\Framework\v2.0.50727\AppLaunch.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 87552 c:\windows\Microsoft.NET\Framework\v2.0.50727\alink.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 10752 c:\windows\Microsoft.NET\Framework\v2.0.50727\Accessibility.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 18944 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\alinkui.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 86528 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 72704 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-06-02 02:44 . 2009-06-02 02:44 62304 c:\windows\Installer\{F6BD194C-4190-4D73-B1B1-C48C99921BFE}\IconWlc.exe
+ 2009-06-02 02:46 . 2009-06-02 02:46 58945 c:\windows\Installer\{63C1109E-D977-49ED-BCE3-D00D0BF187D6}\wlmail.exe
+ 2009-06-02 02:45 . 2009-06-02 02:45 80395 c:\windows\Installer\{0AAA9C97-74D4-47CE-B089-0B147EF3553C}\MsblIco.Exe
+ 2009-06-02 03:41 . 2009-06-02 03:41 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\2d34dd4b6b093144a0dd8222fd09a99c\Accessibility.ni.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 86016 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 73728 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 36864 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 68608 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\v2.0.50727\sbscmp20_mscorlib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsn.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft_VsaVb.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualC.Dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5632 c:\windows\Microsoft.NET\Framework\v2.0.50727\IIEHost.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExecRemote.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 9728 c:\windows\Microsoft.NET\Framework\v2.0.50727\IEExec.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 9216 c:\windows\Microsoft.NET\Framework\v2.0.50727\fusion.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 8192 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_isapi.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4608 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\CvtResUI.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\SharedReg12.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_perfcounter.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp20_mscorwks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 7680 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 5632 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-02-06 23:03 . 2009-02-06 23:03 307576 c:\windows\WLXPGSS.SCR
+ 2009-06-02 02:55 . 2009-06-02 02:55 114176 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 655872 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcr90.dll
+ 2007-11-07 05:19 . 2007-11-07 05:19 568832 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcp90.dll
+ 2007-11-07 00:23 . 2007-11-07 00:23 224768 c:\windows\WinSxS\x86_Microsoft.VC90.CRT_1fc8b3b9a1e18e3b_9.0.21022.8_x-ww_d08d0375\msvcm90.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 626688 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcr80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 548864 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcp80.dll
+ 2005-09-23 02:48 . 2005-09-23 02:48 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_0de06acd\msvcm80.dll
+ 2007-12-04 06:56 . 2007-12-04 06:56 635904 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcr80.dll
+ 2007-12-04 06:56 . 2007-12-04 06:56 558080 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcp80.dll
+ 2007-12-03 22:58 . 2007-12-03 22:58 479232 c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1801_x-ww_5eed8217\msvcm80.dll
+ 2008-08-20 19:38 . 2008-07-11 08:55 347648 c:\windows\system32\windowscodecsext.dll
+ 2008-08-20 19:38 . 2008-07-11 08:55 712704 c:\windows\system32\windowscodecs.dll
- 2008-08-20 19:38 . 2008-04-14 00:12 712704 c:\windows\system32\windowscodecs.dll
+ 2004-12-21 15:16 . 2009-06-02 03:02 392864 c:\windows\system32\perfh009.dat
+ 2005-09-23 11:28 . 2005-09-23 11:28 150016 c:\windows\system32\mscorier.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 270848 c:\windows\system32\mscoree.dll
+ 2004-12-21 10:27 . 2009-06-02 03:43 114968 c:\windows\system32\FNTCACHE.DAT
+ 2005-09-23 11:28 . 2005-09-23 11:28 298496 c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 823296

Re: Win32.brontok has appeared2nd June 2009, 4:09 am

c:\windows\Microsoft.NET\Framework\v2.0.50727\webengine.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 823296 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Services.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 835584 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.Mobile.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 260096 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Transactions.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 114688 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.ServiceProcess.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 131072 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Serialization.Formatters.Soap.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 299008 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Runtime.Remoting.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Messaging.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 368640 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Management.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 114176 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.Wrapper.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.EnterpriseServices.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 700416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 188416 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.Protocols.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 397312 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.DirectoryServices.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 884736 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Deployment.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 716800 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.SqlXml.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 482304 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.OracleClient.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 389120 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.configuration.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\sysglobl.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 377344 c:\windows\Microsoft.NET\Framework\v2.0.50727\SOS.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 107520 c:\windows\Microsoft.NET\Framework\v2.0.50727\shfusion.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\peverify.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 226816 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvc.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 330752 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 102400 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorpe.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 326144 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 288768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordbi.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 800768 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 667648 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 372736 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 110592 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 745472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.JScript.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 647168 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Tasks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 413696 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft.Build.Engine.dll
+ 2005-09-23 11:57 . 2005-09-23 11:57 245408 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\unicows.dll
+ 2005-09-23 11:01 . 2005-09-23 11:01 609472 c:\windows\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 224952 c:\windows\Microsoft.NET\Framework\v2.0.50727\ilasm.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 788992 c:\windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 547840 c:\windows\Microsoft.NET\Framework\v2.0.50727\diasymreader.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\CasPol.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 503808 c:\windows\Microsoft.NET\Framework\v2.0.50727\AspNetMMCExt.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 106496 c:\windows\Microsoft.NET\Framework\v2.0.50727\aspnet_regsql.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 138240 c:\windows\Microsoft.NET\Framework\v2.0.50727\AdoNetDiag.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 208896 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\Vsavb7rtUI.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 183808 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\vbc7ui.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 136192 c:\windows\Microsoft.NET\Framework\v2.0.50727\1033\cscompui.dll
+ 2009-06-02 02:50 . 2009-06-02 02:50 132096 c:\windows\Installer\{3C52E7DA-C431-4239-B66B-1BF703D5B194}\WLXPhotoGalleryIcon.exe
+ 2009-06-02 02:59 . 2009-06-02 02:59 229376 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing.Desi#\d0c7fb3e1c966748ac2d167f5e81cccd\System.Drawing.Design.ni.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 823296 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 299008 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 368640 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 700416 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 397312 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 884736 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 716800 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 389120 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 667648 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 745472 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 647168 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 413696 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 503808 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 260096 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 114176 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll

Re: Win32.brontok has appeared2nd June 2009, 4:13 am

\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 482304 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 1306624 c:\windows\Microsoft.NET\Framework\v2.0.50727\VsaVb7rt.dll
+ 2005-09-23 11:29 . 2005-09-23 11:29 1140920 c:\windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe
+ 2005-09-23 11:28 . 2005-09-23 11:28 2035712 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.XML.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5316608 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Windows.Forms.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5025792 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Web.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 3018752 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5050368 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Design.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 2878976 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 5615616 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 4308992 c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorlib.dll
+ 2005-09-23 11:28 . 2005-09-23 11:28 1144832 c:\windows\Microsoft.NET\Framework\v2.0.50727\cscomp.dll
+ 2009-06-02 02:59 . 2009-06-02 02:59 8093696 c:\windows\assembly\NativeImages_v2.0.50727_32\System\688e350bb08af34d866ccbc14a757376\System.ni.dll
+ 2009-06-02 03:00 . 2009-06-02 03:00 5640192 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\cd8cc4ceb0e17c4fbc1d1ab69b3bc976\System.Xml.ni.dll
+ 2009-06-02 02:59 . 2009-06-02 02:59 1626112 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\972a036faa67e046a8d8e0fce326b755\System.Drawing.ni.dll
+ 2009-06-02 03:01 . 2009-06-02 03:01 6688768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data\e0182dcfad3f4c4abaa99f832955dfde\System.Data.ni.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 3018752 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 2035712 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 5316608 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 5050368 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 5025792 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-06-02 02:55 . 2009-06-02 02:55 2878976 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2009-06-02 02:56 . 2009-06-02 02:56 4308992 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2009-06-02 03:00 . 2009-06-02 03:00 13107200 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ce3caa8728ce744698d54983a9b7918b\System.Windows.Forms.ni.dll
+ 2009-06-02 03:01 . 2009-06-02 03:01 10723328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Design\f6f06c6f9c7ef9499af9ad477f203688\System.Design.ni.dll
+ 2009-06-02 02:58 . 2009-06-02 02:58 11415552 c:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\789ccef03f38f244beeb380eb3c70287\mscorlib.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-26 67128]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]
"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-09 515416]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-4-14 36864]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-26 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-4-14 36864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-17 12:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [01/06/2009 5:45 PM 64160]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/12/2008 7:49 PM 325896]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [26/05/2009 10:05 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [26/05/2009 10:05 AM 72944]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/02/2009 9:15 AM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/06/2009 11:02 PM 55152]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MRTRATE.SYS [03/03/2006 10:47 AM 36404]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [22/12/2004 10:22 PM 184832]
S3 e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c;e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c;\??\d:\cds300\cds300.dll --> d:\cds300\cds300.dll [?]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [09/03/2009 3:06 PM 951632]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [26/05/2009 10:05 AM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - FSSFLTR
.
Contents of the 'Scheduled Tasks' folder

2009-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-03-09 19:06]

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-Winhm05.sys
SafeBoot-Winkp05.sys
SafeBoot-Winmr05.sys
SafeBoot-Winsx38.sys

.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = localhost
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} - hxxp://oeas.monteracorp.com/onyxemployeeportal/OnyxMaskEdit2Dual.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-01 23:44
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(736)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-02 23:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 03:51
ComboFix2.txt 2009-06-02 02:05

Pre-Run: 7,668,625,408 bytes free
Post-Run: 7,676,469,248 bytes free

468 --- E O F --- 2009-06-02 00:01

Re: Win32.brontok has appeared2nd June 2009, 9:06 am

Now open a new notepad file.
Input this into the notepad file:

KILLALL::

Driver::
e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c

File::
c:\documents and settings\Jackie\Application Data\asd.bat

Registry::
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\drivers\\svchost.exe"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:
Win32.brontok has appeared Sfxdaw

This will open combofix again, agree to it's terms and allow it to run.
It may want to reboot after it's done. (It will warn you if it wants to)
Post the resulting log back here.

Re: Win32.brontok has appeared2nd June 2009, 10:59 am

ComboFix 09-05-31.06 - Jackie 02/06/2009 6:32.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.383.121 [GMT -4:00]
Running from: c:\documents and settings\Jackie\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Jackie\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}

FILE ::
"c:\documents and settings\Jackie\Application Data\asd.bat"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_e26238d2-eba2-4c47-a4dc-ddbaebc6fa0c

((((((((((((((((((((((((( Files Created from 2009-05-02 to 2009-06-02 )))))))))))))))))))))))))))))))
.

2009-06-02 04:48 . 2009-06-02 04:48 -------- d-----w- c:\documents and settings\Jackie\Application Data\Malwarebytes
2009-06-02 03:10 . 2009-06-02 03:20 -------- d-----w- c:\documents and settings\Jackie\Tracing
2009-06-02 03:03 . 2009-06-02 03:03 -------- d-----w- c:\program files\Microsoft Silverlight
2009-06-02 03:02 . 2009-02-06 22:08 55152 ----a-w- c:\windows\system32\drivers\fssfltr_tdi.sys
2009-06-02 02:51 . 2009-06-02 02:51 -------- d-----w- c:\program files\Microsoft Sync Framework
2009-06-02 02:49 . 2006-11-29 17:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-06-02 02:49 . 2009-06-02 02:49 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2009-06-02 02:44 . 2009-06-02 02:44 -------- d-----w- c:\program files\Microsoft
2009-06-02 02:44 . 2009-06-02 02:44 -------- d-----w- c:\program files\Windows Live SkyDrive
2009-06-02 02:43 . 2009-06-02 03:02 -------- d-----w- c:\program files\Windows Live
2009-06-02 02:36 . 2009-06-02 02:36 -------- d-----w- c:\program files\Common Files\Windows Live
2009-06-02 00:03 . 2009-06-02 00:03 464 ---ha-w- C:\aaw7boot.cmd
2009-06-01 21:45 . 2009-06-02 04:53 -------- dc----w- c:\windows\system32\DRVSTORE
2009-06-01 21:22 . 2009-06-01 21:46 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Lavasoft
2009-06-01 18:15 . 2009-06-01 18:15 422 ----a-w- c:\documents and settings\Jackie\Application Data\Apple Computer\socks1.exe
2009-06-01 18:15 . 2009-06-01 18:15 16141 ----a-w- c:\documents and settings\Jackie\Application Data\GARMIN\lego.exe
2009-06-01 18:15 . 2009-06-01 18:15 145131 ----a-w- c:\documents and settings\Jackie\Application Data\Download Manager\nomad.exe
2009-06-01 18:15 . 2009-06-01 18:15 13221 ----a-w- c:\documents and settings\Jackie\Application Data\AdobeUM\rengo.dll
2009-06-01 18:15 . 2009-06-01 18:15 11410 ----a-w- c:\documents and settings\Jackie\Application Data\Help\msgdi.dll
2009-06-01 18:15 . 2009-06-01 18:15 11232 ----a-w- c:\documents and settings\Jackie\Application Data\Adobe\shalom.exe
2009-06-01 18:15 . 2009-06-01 18:15 10121 ----a-w- c:\documents and settings\Jackie\Application Data\Identities\kern.dll
2009-06-01 16:07 . 2009-06-01 16:07 0 ----a-w- c:\windows\nsreg.dat
2009-06-01 16:07 . 2009-06-01 16:07 -------- d-----w- c:\documents and settings\Jackie\Local Settings\Application Data\Mozilla
2009-05-27 13:35 . 2009-05-27 13:35 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\SUPERAntiSpyware.com
2009-05-27 13:31 . 2009-06-02 04:52 -------- d-----w- c:\documents and settings\Jackie\Application Data\SUPERAntiSpyware.com
2009-05-27 13:31 . 2009-06-02 04:52 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-05-27 02:44 . 2009-05-27 02:44 -------- d-----w- c:\program files\Trend Micro
2009-05-23 13:11 . 2009-05-17 12:08 2051864 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgcorex.dll
2009-05-23 13:11 . 2009-05-17 12:08 3288344 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\setup.exe
2009-05-23 13:11 . 2009-05-17 12:08 424472 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgwdwsc.dll
2009-05-23 13:11 . 2009-05-17 12:08 177432 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgmail.dll
2009-05-23 13:11 . 2009-05-17 12:08 354584 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgxch32.dll
2009-05-23 13:11 . 2009-05-17 12:08 312088 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avglngx.dll
2009-05-23 13:11 . 2009-05-17 12:08 486168 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgrsx.exe
2009-05-23 13:09 . 2009-05-12 12:19 1437464 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avgupd.dll
2009-05-23 13:09 . 2009-05-12 12:19 755992 ----a-w- c:\documents and settings\All Users.WINDOWS\Application Data\avg8\update\backup\avginet.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.

Re: Win32.brontok has appeared2nd June 2009, 11:00 am

2009-06-02 04:30 . 2004-12-21 17:14 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2009-06-02 04:28 . 2004-12-21 17:14 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-06-02 03:07 . 2004-12-22 03:34 18504 ----a-w- c:\documents and settings\Jackie\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-01 20:51 . 2006-10-12 13:36 -------- d-----w- c:\program files\Yahoo!
2009-05-31 20:48 . 2008-04-29 20:50 -------- d-----w- c:\documents and settings\Jackie\Application Data\U3
2009-05-17 12:08 . 2009-02-26 13:16 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-05-17 12:08 . 2008-12-22 23:49 325896 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-05-17 12:08 . 2008-12-22 23:49 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-03-06 14:22 . 2004-08-04 04:56 284160 ----a-w- c:\windows\system32\pdh.dll
.

((((((((((((((((((((((((((((( SnapShot_2009-06-02_03.45.19 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-12-21 15:16 . 2009-06-02 03:49 59346 c:\windows\system32\perfc009.dat
+ 2009-06-02 05:42 . 2009-06-02 05:42 49152 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveWriter\e622c5e68a2fc44da0b149942bc7b314\WindowsLiveWriter.ni.exe
+ 2009-06-02 05:57 . 2009-06-02 05:57 17920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualC\5c47dd00575b9b49811f0cf4c4e469c2\Microsoft.VisualC.ni.dll
+ 2009-06-02 06:09 . 2009-06-02 06:09 81920 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Fra#\b981d873f235e246a64ef006d7788062\Microsoft.Build.Framework.ni.dll
+ 2009-06-02 06:08 . 2009-06-02 06:08 15360 c:\windows\assembly\NativeImages_v2.0.50727_32\dfsvc\da8259acee794e44b7e976180175024c\dfsvc.ni.exe
+ 2009-06-02 05:37 . 2009-06-02 05:37 26624 c:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\546b1ddcef3ab24d88800923941ca7d4\Accessibility.ni.dll
+ 2004-12-21 15:16 . 2009-06-02 03:49 393196 c:\windows\system32\perfh009.dat
+ 2009-06-02 06:08 . 2009-06-02 06:08 638976 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLiveLocal.Wr#\120e6db58c7e25439a4491922913813c\WindowsLiveLocal.WriterPlugin.ni.dll
+ 2009-06-02 06:01 . 2009-06-02 06:01 286720 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\eac96b3e086530458963732cf388be72\WindowsLive.Writer.Mshtml.ni.dll
+ 2009-06-02 06:07 . 2009-06-02 06:07 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\e61482981711d640ad578a96494f8ace\WindowsLive.Writer.Instrumentation.ni.dll
+ 2009-06-02 05:52 . 2009-06-02 05:52 352256 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\dd8e71a3344d594d9087583ca4400e05\WindowsLive.Writer.Interop.SHDocVw.ni.dll
+ 2009-06-02 06:06 . 2009-06-02 06:06 139264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\d27e86d9b1cfdc468a3f48f0747103c0\WindowsLive.Writer.FileDestinations.ni.dll
+ 2009-06-02 06:04 . 2009-06-02 06:04 643072 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cf4a1c90dd71d449a0f480e5b597a350\WindowsLive.Writer.HtmlEditor.ni.dll
+ 2009-06-02 05:52 . 2009-06-02 05:52 204800 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\cb0b2966afde7b4b82c338eda98b17e2\WindowsLive.Writer.BrowserControl.ni.dll
+ 2009-06-02 05:52 . 2009-06-02 05:52 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\c57c312cc8fbbb439f62525feb80a1a8\WindowsLive.Writer.Interop.Mshtml.ni.dll
+ 2009-06-02 06:00 . 2009-06-02 06:00 475136 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\bd49b66dd69bdd40aa5c110027886c6c\WindowsLive.Writer.Localization.ni.dll
+ 2009-06-02 06:04 . 2009-06-02 06:04 376832 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\81c8865fa7487c4980d224c17423d2a5\WindowsLive.Writer.SpellChecker.ni.dll
+ 2009-06-02 06:00 . 2009-06-02 06:00 135168 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\70904af8057bad4aa96acd730da579f2\WindowsLive.Writer.Passport.ni.dll
+ 2009-06-02 05:52 . 2009-06-02 05:52 176128 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\5989b676b92e55419122f4f93ca9c47f\WindowsLive.Writer.HtmlParser.ni.dll
+ 2009-06-02 05:51 . 2009-06-02 05:51 335872 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\4e1c053ad28637478bcd20f560b6f84f\WindowsLive.Writer.Interop.ni.dll
+ 2009-06-02 06:03 . 2009-06-02 06:03 929792 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\41a5a35dfd6da642a5f8f214d332dc7f\WindowsLive.Writer.BlogClient.ni.dll
+ 2009-06-02 05:49 . 2009-06-02 05:49 876544 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\3037038699213541bd7c7df2060db2fa\WindowsLive.Writer.Controls.ni.dll
+ 2009-06-02 06:02 . 2009-06-02 06:02 143360 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\1e36f222da21b7409621165f66a2f5ce\WindowsLive.Writer.Extensibility.ni.dll
+ 2009-06-02 06:02 . 2009-06-02 06:02 114688 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\0a8ed4f432219c4ca56763529caae9b5\WindowsLive.Writer.Api.ni.dll
+ 2009-06-02 06:03 . 2009-06-02 06:03 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Client\7c20933ea3f8724b83d56d28347b5208\WindowsLive.Client.ni.dll
+ 2009-06-02 05:59 . 2009-06-02 05:59 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.RegularE#\02fd412463448240b41a218b700c0748\System.Web.RegularExpressions.ni.dll
+ 2009-06-02 05:57 . 2009-06-02 05:57 684032 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\219f8bed4c42cb47994c99745648385f\System.Transactions.ni.dll
+ 2009-06-02 06:00 . 2009-06-02 06:00 233472 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\a2b6aa6b97d15a46930c315583287605\System.ServiceProcess.ni.dll
+ 2009-06-02 05:50 . 2009-06-02 05:50 729088 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\e4c56873eb2a0a4e91acf21ddd6cfe37\System.Security.ni.dll
+ 2009-06-02 05:50 . 2009-06-02 05:50 339968 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\5a1bafbf8744494faa672e7ebc097a77\System.Runtime.Serialization.Formatters.Soap.ni.dll
+ 2009-06-02 05:58 . 2009-06-02 05:58 815104 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\706a8e975e5d494e93c25c4b08ebfbb9\System.Runtime.Remoting.ni.dll
+ 2009-06-02 05:57 . 2009-06-02 05:57 294912 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\62faf3eb4f9ca143ae10b414a0a8a160\System.EnterpriseServices.Wrapper.dll
+ 2009-06-02 05:57 . 2009-06-02 05:57 659456 c:\windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\62faf3eb4f9ca143ae10b414a0a8a160\System.EnterpriseServices.ni.dll
+ 2009-06-02 05:59 . 2009-06-02 05:59 512000 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\379ab1efec6f70479d5068c512ab315f\System.DirectoryServices.Protocols.ni.dll
+ 2009-06-02 05:49 . 2009-06-02 05:49 962560 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\18e3d386cd215d46b744eb0baeee219a\System.Configuration.ni.dll
+ 2009-06-02 06:00 . 2009-06-02 06:00 167936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuratio#\78193a9904f04a4fa4efc0aeceea7588\System.Configuration.Install.ni.dll
+ 2009-06-02 06:10 . 2009-06-02 06:10 163840 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Uti#\a7c0e3c7057e9047a16c42e932cc8f0d\Microsoft.Build.Utilities.ni.dll
+ 2009-06-02 06:09 . 2009-06-02 06:09 880640 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Eng#\b986a17021055e4bbd2ad59b1a08b84c\Microsoft.Build.Engine.ni.dll
+ 2009-06-02 06:09 . 2009-06-02 06:09 237568 c:\windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\54aae85f78e3924c9ec3b41f0c24f787\CustomMarshalers.ni.dll
+ 2009-06-02 05:40 . 2009-06-02 05:40 860160 c:\windows\assembly\NativeImages_v2.0.50727_32\AspNetMMCExt\ac061abcc7c6844f8b19f334065be083\AspNetMMCExt.ni.dll
+ 2009-06-02 05:48 . 2009-06-02 05:48 6516736 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\7e8d84c1338baf46ad0467151204d9ee\WindowsLive.Writer.PostEditor.ni.dll
+ 2009-06-02 06:02 . 2009-06-02 06:02 1163264 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\348323bd42b36242bc543eeb9e27cd75\WindowsLive.Writer.ApplicationFramework.ni.dll
+ 2009-06-02 05:51 . 2009-06-02 05:51 2093056 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsLive.Writer.#\28ab19a65f624746963e969d21a1d675\WindowsLive.Writer.CoreServices.ni.dll
+ 2009-06-02 05:58 . 2009-06-02 05:58 1945600 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\04bfdb9746501946be966ce816f6aa82\System.Web.Services.ni.dll
+ 2009-06-02 06:12 . 2009-06-02 06:12 2310144 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Mobile\6ca8c3d844a37f46bccd29efc7b47d44\System.Web.Mobile.ni.dll
+ 2009-06-02 05:58 . 2009-06-02 05:58 1220608 c:\windows\assembly\NativeImages_v2.0.50727_32\System.DirectorySer#\d795e298f8608348afc5079c62c6ffaa\System.DirectoryServices.ni.dll
+ 2009-06-02 05:51 . 2009-06-02 05:51 1712128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\bed1d295cbaca44a92d1991d39e54966\System.Deployment.ni.dll
+ 2009-06-02 05:50 . 2009-06-02 05:50 2703360 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.SqlXml\8a7002463a42504181902be42a0859da\System.Data.SqlXml.ni.dll
+ 2009-06-02 05:59 . 2009-06-02 05:59 1179648 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.OracleC#\0f71a62f8688f84d9c98d4b6afebc6e5\System.Data.OracleClient.ni.dll
+ 2009-06-02 06:11 . 2009-06-02 06:11 1724416 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\c1f791eb48628b41b229c9484674ec3d\Microsoft.VisualBasic.ni.dll
+ 2009-06-02 06:10 . 2009-06-02 06:10 1691648 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\e8360b544626af4787f7c75021ee8205\Microsoft.Build.Tasks.ni.dll
+ 2009-06-02 05:56 . 2009-06-02 05:56 11808768 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web\c0e6f33b2099e74cb5a427af1313a820\System.Web.ni.dll
.
-- Snapshot reset to current date --
.

Re: Win32.brontok has appeared2nd June 2009, 11:01 am

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2007-03-26 67128]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-02-01 385024]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-05-17 1947928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Billminder.lnk - c:\quickenw\BILLMIND.EXE [2008-4-14 36864]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-3-26 67128]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
Quicken Startup.lnk - c:\quickenw\QWDLLS.EXE [2008-4-14 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-05-17 12:08 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [22/12/2008 7:49 PM 325896]
R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [26/02/2009 9:15 AM 298776]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [01/06/2009 11:02 PM 55152]
R2 mrtRate;mrtRate;c:\windows\system32\drivers\MRTRATE.SYS [03/03/2006 10:47 AM 36404]
R3 LSWPCv4;Wireless-B Notebook Adapter Driver;c:\windows\system32\drivers\rtl8180.sys [22/12/2004 10:22 PM 184832]
S3 fsssvc;Windows Live Family Safety;c:\program files\Windows Live\Family Safety\fsssvc.exe [06/02/2009 6:08 PM 533360]
.
Contents of the 'Scheduled Tasks' folder

2009-05-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2009-06-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://express.rogers.yahoo.com/
uInternet Settings,ProxyOverride = localhost
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {98A52828-A5D6-11D3-82B8-00104B39A31D} - hxxp://oeas.monteracorp.com/onyxemployeeportal/OnyxMaskEdit2Dual.cab
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-02 06:43
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
c:\progra~1\Nokia\NOKIAP~1\TRAYAP~1.EXE
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\wdfmgr.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-06-02 6:54 - machine was rebooted
ComboFix-quarantined-files.txt 2009-06-02 10:54
ComboFix2.txt 2009-06-02 03:52
ComboFix3.txt 2009-06-02 02:05

Pre-Run: 7,718,879,232 bytes free
Post-Run: 7,716,777,984 bytes free

204 --- E O F --- 2009-06-02 00:01

Re: Win32.brontok has appeared2nd June 2009, 4:04 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /u

Win32.brontok has appeared CF_Cleanup

This will also reset your restore points.

How is the machine running now?

Re: Win32.brontok has appeared2nd June 2009, 6:41 pm

Thank you so much for your help. The Win32.brontok message has not reappeared since starting the fix. It overall seems just slightly slower loading the pages than previous; but I've also installed Windows Live, which may be the cause.

It certainly is frustrating and tiring having to deal with these infectious computer diseases, especially when you're not computer savvy; but your clear and concise instructions have helped a great deal. Your timely advice has kept my sanity...I can't thank you enough...but I will show my appreciation with a donation!

I have also installed spybot to help keep things clean...so I'll keep my fingers crossed. Cheesy Grin (sparkly

Win32.brontok has appeared

descriptionWin32.brontok has appeared1st June 2009, 9:18 pm

descriptionRe: Win32.brontok has appeared1st June 2009, 9:26 pm

descriptionRe: Win32.brontok has appeared1st June 2009, 9:55 pm

descriptionRe: Win32.brontok has appeared2nd June 2009, 12:15 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 12:26 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 12:29 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 12:42 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 1:01 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 2:15 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 2:16 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 2:57 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 3:58 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 4:01 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 4:06 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 4:09 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 4:13 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 9:06 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 10:59 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 11:00 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 11:01 am

descriptionRe: Win32.brontok has appeared2nd June 2009, 4:04 pm

descriptionRe: Win32.brontok has appeared2nd June 2009, 6:41 pm

descriptionRe: Win32.brontok has appeared