Results 1 to 5 of 5

Thread: Problem with Trojan-Downloader.Win32.Tiny

  1. 2007-10-07, 15:38 #1
    macadoo50
    macadoo50 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default Problem with Trojan-Downloader.Win32.Tiny

    Fought with Virtumonde and Troj/Bckdr-QJL and Mal/ObfJS-A. Used SpyBot, Spy Sweeper, VUndoFix, and Sav32cli. Now it appears that Trojan-Downloader.Win32.Tiny has taken their place.

    HijackThis Log follows-

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 8:59:49 AM, on 07/10/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16512)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\system32\Rundll32.exe
    C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\DOCUME~1\LEONIM~1\LOCALS~1\Temp\clclean.0001
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Picasa2\PicasaMediaDetector.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\HPZinw12.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sympatico.msn.ca/default.aspx
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com/apps/vso/en-us/...stempopup=true
    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O1 - Hosts: HP91567F HP0018FE91567F
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar5.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: (no name) - {C9831ECF-FE4D-41BB-A2C7-7AD33D581475} - C:\WINDOWS\system32\pmkhg.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar5.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [CTSysVol] "C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe" /r
    O4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMon
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /tray
    O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
    O4 - HKLM\..\Run: [RealTray] "C:\Program Files\Real\RealPlayer\RealPlay.exe" SYSTEMBOOTHIDEPLAYER
    O4 - HKLM\..\Run: [ISUSPM Startup] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [Picasa Media Detector] "C:\Program Files\Picasa2\PicasaMediaDetector.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [MSKDetectorExe] "C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" /uninstall
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
    O4 - HKLM\..\RunOnce: [WIAWizardMenu] "RUNDLL32.EXE" C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
    O4 - HKCU\..\Run: [SetDefaultMIDI] MIDIDef.exe
    O4 - HKCU\..\Run: [Creative Detector] "C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe" /R
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
    O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Photosmart Premier Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - http://wwws.musicmatch.com/mmz/openWebRadio.html (file missing)
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {2AF5BD25-90C5-4EEC-88C5-B44DC2905D8B} (DownloadManager Control) - http://dlmanager.akamaitools.com.edg...ex-2.0.6.0.cab
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...1/mcinsctl.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by113w.bay113.mail.live.com/m...s/MsnPUpld.cab
    O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab
    O16 - DPF: {F137B9BA-89EA-4B04-9C67-2074A9DF61FD} (Photo Upload Plugin Class) - http://walmart.pnimedia.com/upload/a...v2.0.0.10.cab?
    O20 - Winlogon Notify: cbxvspq - cbxvspq.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
    O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
    O23 - Service: Intel(R) PROSet/Wireless SSO Service (WLANKEEPER) - Intel(R) Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

    --
    End of file - 13630 bytes
    ---------------------------------------------------------
  2. 2007-10-07, 15:43 #2
    macadoo50
    macadoo50 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default Kaspersky Report for Above

    Kaspersky Logs Follows:

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, October 07, 2007 12:52:13 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.1
    Kaspersky Anti-Virus database last update: 7/10/2007
    Kaspersky Anti-Virus database records: 428494
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\

    Scan Statistics:
    Total number of scanned objects: 71165
    Number of viruses found: 3
    Number of infected objects: 34
    Number of suspicious objects: 0
    Duration of the scan process: 01:33:11

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3ad391678a806ec4d691e83aaa393b6f_50e417e0-e461-474b-96e2-077b80325612 Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10062007-222423.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071006_Time-225058359_EnterceptExceptions.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20071006_Time-225058359_EnterceptRules.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_LMAC.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_LMAC.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\UpdateLog.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\QSLLPSVCShare Object is locked skipped
    C:\Documents and Settings\Leoni M\Application Data\Webroot\Spy Sweeper\Logs\071006225203.ses Object is locked skipped
    C:\Documents and Settings\Leoni M\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\ApplicationHistory\cli.exe.c88dbd71.ini.inuse Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\ApplicationHistory\hpqimzone.exe.3204510e.ini.inuse Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\administrativeInfo.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\albumImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\albumTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\CB_Server_Errors.txt Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\EXIFTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\imageTable.fpt Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\keywordImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\keywordTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\managedFolderTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\pathnameTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\propertiesTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\ROFImagesTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.cdx Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\HP\Digital Imaging\db\ROFTable.dbf Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_360.wmdb Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Application Data\Microsoft\Windows Defender\FileTracker\{53AA90B5-F8CF-4494-83C4-09E038A2F3A6} Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\History\History.IE5\MSHist012007100620071007\index.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\awqagekt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\clclean.0001.dir.0009\~efe2.tmp Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\dcbejxeg.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\emplqvkq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\fhhnpiga.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\foraxsij.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\fuevyovc.exe Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\fuhuobek.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\hluljdpc.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\iubtdgkh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\jcuehefh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\kfywvmgj.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\kgjcvqys.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\mfmsgcgf.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\nlxycsgq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\nmsfjevb.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\Perflib_Perfdata_a9c.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\phblmdga.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\rexnoydq.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\rqmabttw.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\Setup(4).exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\sienxtai.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\sxushuhn.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\symskbas.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\temp.frE67C Infected: Trojan.Win32.Agent.bck skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\ucmdoawh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\ukooaxca.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\utrpnlde.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\uuhicnvm.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\vimqdich.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\whkefsjs.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\wieitqvl.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\wqjymdfj.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\ybbqxnxe.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\yevalcgt.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\ynepchuh.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\~DFA785.tmp Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temp\~DFBD95.tmp Object is locked skipped
    C:\Documents and Settings\Leoni M\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\NTUser.dat Object is locked skipped
    C:\Documents and Settings\Leoni M\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS013FF9E0-02CB-40EE-9EF3-CD35FD3535C2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS02F91235-206B-4529-A993-3DC9A1245EF4.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS03C3945E-3EC1-4357-8C15-0CCD3E3D77CB.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS04E94F62-46E2-43D8-81CD-9CAA8F454D54.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS05BE0B70-39D1-4152-8A28-B42B466C7353.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0AEDD572-C327-4CDA-9985-37C28B523D9A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0BC2EDC2-B36F-4626-A2AB-C72D79832159.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS0C8EC0CD-4D9A-48C4-BF45-DBEB1B967F2C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS12FC65A5-AAA0-4CE2-BA63-E835149C21A0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS18810C3D-2FF3-4EE5-B015-BA5B71B98B79.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1942C8C2-4713-4861-937B-0F4153A05D38.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1AE6F615-F0BD-42E1-BBF7-1F1D69D1199F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS1B75B97B-4527-42E8-9569-4AACD744B70C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2279434A-E709-4B6B-8CB7-8A976316658F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS25D089D7-6050-4C12-8BFA-C990FCDC3B7F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS2A82E7BE-D2E9-4ECF-9A05-65D4DE4B6DDC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3647D92A-965F-42B4-A083-26F71C797149.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS3F18D3B9-2DAD-40B3-BB52-923380A880A2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS40C29E34-31BA-4F19-92FA-4724774F167F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS41C80C94-9D08-479F-A4D9-BE148B49CCF0.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS45BA5D4D-46B0-4B67-88F1-6A4E26F66552.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS47436417-24F9-445F-8D4B-2F36AC0A2034.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS50BADAAD-39D2-4389-8743-2C35E165B21D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS54EF4057-6777-41E8-9EAD-475D213E9B19.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5644FE3C-BF36-4C76-8E46-4381822C46A9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS573AE16C-FB47-4F84-9886-BA85A03007E7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS576EAE9E-C4A2-4D12-9B84-AF8230CD85EC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58217DE0-F58C-4802-89C5-375562A30F40.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS58D6C483-F49C-4EF8-A9FC-FECEF67E8680.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5B09391E-B15D-4D3B-9211-F92713E55AE2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5BA79EBC-F197-4D99-AEA1-FE0FC8E259F3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS5E04D275-D270-4BCC-8382-AEB0E6DB549D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6182A49D-69F9-435A-B316-C67BBCEDD77B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS639CD98D-4EE8-4E9F-9FEF-FF191EFDD4C9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS653CEE1C-D81B-4724-9090-CB97EB7C7417.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS67D43A41-2E8C-4909-92CE-28AE23F26210.tmp Object is locked skipped
  3. 2007-10-07, 15:43 #3
    macadoo50
    macadoo50 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    3

    Default Kaspersky Report for Above 2

    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6AAC7F3E-293F-4648-8A9D-2235BF65DF05.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS6D7FEEFF-2B2D-4CFC-9489-F5E5C37493F7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS707F0DF0-CF14-497B-A525-3B7AD2613B3D.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS70DFC411-7706-4F5D-9A90-4FE92FF45FB3.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS77525F96-1B7C-4E89-8FF5-E65610BCB6CC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7799249A-D266-4722-8112-49608B9D0898.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7D25B603-4C2E-4B4E-8F51-C1E3976B5183.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS7F641CE6-02F4-4A8D-BD9A-BA98E1327522.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS81907049-2D4C-4C34-9825-3414F744D27F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS8640295F-1B5B-456C-8B57-650B749CBB5A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86DB0E98-3627-43A7-9306-CE0CBA416DF8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS86E68BC7-1C68-48EC-BB5A-90EA3B7C6035.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS912ED0AF-5F9A-45D8-81AE-5B9548BF769F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS929B286A-2EED-4731-845E-65205AC21F1C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS98896741-39D3-4A73-B057-71303C47B983.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9ADB9D02-3BBA-4C2C-85D8-21FC1DC253B5.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9BB09416-FBD4-4FFA-98D1-C252A3FDF00C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E39EACB-0BBC-4C77-8C7D-3ADBFD45E84A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMS9E7C9834-AD10-40DE-A568-42344459F65F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSA848A3A8-7115-44AE-A87E-F4CA703CAFE1.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAC533E09-BCC8-4002-8F06-561511782539.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSADADCC69-C580-46D8-B8FC-52DFC638355C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSAEE7DB5D-43A1-4D52-AFDE-9E4A29099DC8.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB1D53800-CDC1-4303-B7D5-7668D5C68E89.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB34FB6B1-AE53-4FA6-A25F-16BAC3AD5452.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSB9F3D366-2643-420C-8476-9FF8CC735166.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSBD249DC3-1C78-4390-87F1-607CC7C2007F.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC113FB23-7FA6-4E05-929E-28FE7D3F5AD7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC32350B2-75D7-479E-9BD6-FC32B6C0A0C2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC690A70C-2C2B-4895-AE05-CB5E91B644EA.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSC8FCC4D8-B4AD-4ACA-B7A3-8ACB71664A99.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCBE56D06-207F-4C41-BF66-9C45314E3A3A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCCF24DA6-E800-49B4-89B0-79B3E15E212A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSCD1FC344-2EA9-4E2E-94A4-30FC8245A923.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD120B2BA-3F98-4E6C-9428-3142F1EF2E84.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD1260DE9-D1C6-4970-A4FF-051F9DBE4992.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD2F93A20-9D9A-4B53-A97C-F243D7224BA7.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSD5257D9A-452A-4B51-BDFA-19E9DBBB5E9B.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDCA0EE43-F50A-4360-B8E6-5A7EF34D9B40.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSDFF73281-0AD1-4CD2-8B6D-89085D84DCD2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1ADC087-B57F-4FBA-8101-645007372C79.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE1EB5747-64BB-42D2-A5B9-CC7CD8BCD5F6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE3AC7102-6F99-4F2B-BFC0-31F406E423CC.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE72BE656-B293-4E08-BFFF-910782DA632C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE800F343-8D00-4D80-8544-C80F9203B592.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSE85022AB-C101-43D0-83E3-ECF0BBD53CC2.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEA5E2519-0291-4314-86D1-E1156CD20F7A.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEBBF484A-4CCE-4F22-87F4-3E7051EBF216.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSEF6EF6E8-A3AA-441B-88DD-2A71F530A8A9.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF49625DC-4328-4DF2-A7BE-A29BF53A8383.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSF503B328-7C64-4497-86B6-F541B2F6DC07.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFBDE69B3-3A34-49F4-8481-3A941E1B9B4C.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\SSMSFE213D4C-B6AF-4363-B71E-4D68937166E6.tmp Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
    C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\WINDOWS\CSC\00000001 Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped
    C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped
    C:\WINDOWS\Internet Logs\LMAC.ldb Object is locked skipped
    C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{6CC05AB7-C53C-4C7A-84A8-22D79CDC9196}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.dat Object is locked skipped
    C:\WINDOWS\system32\drivers\fidbox.idx Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\Temp\ZLT03af6.TMP Object is locked skipped
    C:\WINDOWS\Temp\ZLT03af9.TMP Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  4. 2007-10-14, 03:48 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    The Waiting Room <<< looks like you missed this
    http://forums.spybot.info/forumdisplay.php?f=37

    If you resolved your issues, post to let me know so I can close the topic. If you still need help, follow these directions.

    See this: http://forums.spybot.info/showpost.p...80&postcount=2
    C:\Program Files\Java\j2re1.4.2_03\ <<< very out of date, download the newest version and uninstall all older version in Add Remove program.
    Likely the reason for these infections, hackers exploit the out of date Java.

    It looks like the vast majority of the stuff Kaspersky identified is in this Temp folder:
    C:\Documents and Settings\Leoni M\Local Settings\Temp\ <<< navigate to it and delete the contents (Edit > Select All > Delete a few old files may not go but the junk should delete)

    C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Temp\ <<< clean out that Temp folder also

    Spy Sweeper <<< do you own this program? We need to turn it off until you finish, see SpySweeper here:
    http://wiki.castlecops.com/Malware_R...oring_Programs

    then do this:

    Please download ATF Cleaner by Atribune
    http://www.atribune.org/content/view/25/2/
    Save it to your Desktop. We will use this later.

    Open HijackThis and choose "Do a system scan only" then check the box in front of these line items:

    R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll G

    (unless you know why this is there, remove it)
    O1 - Hosts: HP91567F HP0018FE91567F

    O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\deSrcAs.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: (no name) - {C9831ECF-FE4D-41BB-A2C7-7AD33D581475} - C:\WINDOWS\system32\pmkhg.dll (file missing)
    O20 - Winlogon Notify: cbxvspq - cbxvspq.dll (file missing)

    Close all programs but HJT and all browser windows, then click on "Fix Checked"

    Run ATF Cleaner
    Double-click ATF-Cleaner.exe to run the program.
    Click Select All found at the bottom of the list.
    Click the Empty Selected button.
    Click Exit on the Main menu to close the program.

    Restart the computer and post a new HJT log and the results of a fresh Kaspersky scan once you remove the junk in the Temp folders.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  5. 2007-10-21, 21:49 #5
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    This topic is closed due to lack of a response.

    If you need it re-opened please send me or a forum staff member a private message (pm) and provide a link to the thread; this applies only to the original topic starter.

    Anyone else with similar problems please start a new topic.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules