Results 1 to 4 of 4

Thread: Win32: Jeefo and Keylogger

  1. 2007-10-23, 16:58 #1
    mhigg04
    mhigg04 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    13

    Default Win32: Jeefo and Keylogger

    This computer is runnin seemingly ok. On startup I had a warning from windows that an .exe file was trying to run. The file was xpupdate.exe. I looked it up on google and found out it probably was not a good idea to run it so I canceled. This happened everytime at bootup. I ran Avast antivirus and it started a whole thing! It found 551 infections. Most of them were Win32: jeefo, but there was also keylogger, agent-lmf, agent-lmg, trojan-gen, renos-ae, and spyware-gen. From what I understand about the win32: jeefo is that it attacked PE files and may cause the corresponding programs to work improperly or not at all. Many of the programs on my computer will not run now.

    I followed the "before you post" things and here are the 2 reports (this post and following)--Any help is appreciated.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 10:48:26 AM, on 10/23/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\hkcmd.exe
    F:\Program Files\HP DVD\HP DVD\Umbrella\DVDTray.exe
    C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    F:\HP Software Update\HPWuSchd2.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    F:\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files\NETGEAR\WPN111 Configuration Utility\wpn111.exe
    C:\WINDOWS\system32\brsvc01a.exe
    C:\WINDOWS\system32\brss01a.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\CTSvcCDA.EXE
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    F:\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.logmein.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.10.2:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.hopechildrenshome.org;192.168.1.9
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [DVDTray] "F:\Program Files\HP DVD\HP DVD\Umbrella\DVDTray.exe"
    O4 - HKLM\..\Run: [DVDBitSet] "F:\Program Files\HP DVD\HP DVD\Umbrella\DVDBitSet.exe" /NOUI
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\NASDAK\OmniMouse Driver\4.06\MOUSE32A.EXE
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
    O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmflp03\BrStDvPt.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [InternetSpy] C:\Program Files\Internet Spy\InternetSpy.exe
    O4 - HKLM\..\Run: [HP Software Update] F:\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKCU\..\Run: [con] C:\Documents and Settings\Mike Higgins\Local Settings\Temporary Internet Files\Content.IE5\YHG321EH\Install115[1].exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = F:\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: NETGEAR WPN111 Smart Wizard.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} (Performance Viewer Activex Control) - https://secure.logmein.com/activex/ractrl.cab?lmi=100
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Unknown owner - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

    --
    End of file - 5698 bytes
  2. 2007-10-23, 17:00 #2
    mhigg04
    mhigg04 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    13

    Default continued

    KASPERSKY ONLINE SCANNER REPORT
    Monday, October 22, 2007 10:37:37 AM
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 22/10/2007
    Kaspersky Anti-Virus database records: 442321
    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true
    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\
    Scan Statistics:
    Total number of scanned objects: 67053
    Number of viruses found: 5
    Number of infected objects: 167
    Number of suspicious objects: 0
    Duration of the scan process: 00:51:01

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\History\History.IE5\MSHist012007102120071022\index.dat Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\Temp\hpodvd09.log Object is locked skipped
    C:\Documents and Settings\Mike Higgins\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Mike Higgins\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Mike Higgins\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
    C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped
    C:\Program Files\MySearch\bar\1.bin\NPMYSRCH.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
    C:\Program Files\MySearch\bar\1.bin\S4BAR.DLL Infected: not-a-virus:AdWare.Win32.MySearch.g skipped
    C:\Program Files\MySearch\bar\1.bin\S4PLUGIN.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048883.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048884.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048885.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048908.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048909.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048910.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048911.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048914.dll Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 skipped
    C:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\change.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxdiag.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\Drivers\Intel\Graphics\win2000\igfxtray.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\MVUNINST\App1\mvuninst.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{AAC1D942-0B38-4E37-9E4E-5B96A9DD2170}$BACKUP$\System\logagent.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\migrate.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\unregmp2.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}\wmlaunch.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\migrate.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\RegisteredPackages\{DD90D410-1823-43EB-9A16-A2331BF08799}$BACKUP$\System\unregmp2.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{FE70BBB1-B295-49D5-89B5-240E94D78B87}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\system32\BRS1MF3A.EXE Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\CTF\ctfmon.dll Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 skipped
    C:\WINDOWS\system32\CTF\ctfmon.exe Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 skipped
    C:\WINDOWS\system32\CTF\CTFS.DLL Infected: not-a-virus:Monitor.Win32.FamilyKeyLogger.280 skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\igfxcfg.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\igfxdiag.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\javaw.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\javaws.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\hkcmd.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxcfg.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxdiag.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\igfxtray.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\BRS1MF3A.EXE Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\BRS2MF3A.EXE Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpzcfg04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpzeng04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpzpre04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpzstc04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpztbu04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\spool\drivers\w32x86\hewlett_packarddeskj9300000\hpztbx04.exe Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\WISPTIS.EXE Infected: Virus.Win32.Hidrag.a skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_610.dat Object is locked skipped
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    F:\CTCMS.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqdirec.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqisc01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqise01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqpanos.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\HPQPSXP.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqqpawp.exe Infected: Virus.Win32.Hidrag.a skipped
  3. 2007-10-23, 17:00 #3
    mhigg04
    mhigg04 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    13

    Default again

    F:\Digital Imaging\bin\hpqtbx01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqusgh.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqusgl.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\bin\hpqvpswp.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\devicemanagement\hpzscr01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\esupport\hpzscr01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\extcapuninstall\hpzscr01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\help\player\FlashPla.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Product Assistant\bin\hprbui.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Unload\HpqDIA.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Unload\HpqDIAS.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Unload\HpqPhUnl.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Unload\HpqPSmon.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\Unload\HpqXfer.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\hpzcdl01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\hpzsetup.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\contextid.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzcdl01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzpnp01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzpsl01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzrcn01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup\hpzscr01.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Digital Imaging\{D2A3C9D5-0B56-4656-8277-7EDC65D62B6E}\setup.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Disc Title Printer.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\HP Software Update\HPWUCli.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\HP Software Update\SelfUpdate.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\DivX\DivX Player\DivX Player.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\DVDFab Express\PcSetup.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\DVDFab Express\unins000.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\ArcRegister.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\CD_Label.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\checkupdate.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\printlabel\Print_Label.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\ShowBiz.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\ArcSoft\ShowBiz DVD 2\Wizard.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\ARS\launch.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\Troubleshooting\HPInfo.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\Troubleshooting\tslaunch.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\Umbrella\DVDFormat.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\Umbrella\JS04.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\HP DVD\Umbrella\MyDrive.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\PowerDVD\CLTEST.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\PowerDVD\DDTESTER.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\PowerDVD\PowerDVD.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\HP DVD\Sonic_RecordNow\RecordNow.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Program Files\SureThing\STCD\stcd.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Sierra\CHCSTU\CSChr.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP589\A0045129.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP591\A0045140.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP593\A0045163.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP595\A0045176.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP597\A0046106.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP597\A0047100.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP599\A0047107.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP600\A0047122.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP602\A0047134.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP603\A0048124.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP605\A0048126.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP607\A0048132.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP610\A0048135.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP612\A0048138.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP614\A0048143.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP616\A0048144.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP618\A0048146.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP620\A0048149.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP620\A0048162.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP622\A0048207.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP625\A0048211.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP627\A0048225.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP628\A0048239.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP632\A0048364.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP632\A0048365.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP632\A0048366.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP632\A0048367.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP632\A0048373.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP634\A0048376.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP636\A0048378.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP636\A0048384.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP636\A0048386.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP636\A0048399.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP638\A0048403.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP638\A0048406.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP638\A0048407.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP641\A0048409.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP641\A0048410.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP644\A0048415.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP647\A0048421.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP648\A0048457.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP649\A0048481.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP650\A0048490.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP650\A0048494.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP650\A0048507.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP652\A0048517.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP654\A0048520.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP655\A0048534.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP655\A0048535.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048589.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048615.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP658\A0048624.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048897.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048898.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048899.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048900.EXE Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048901.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048902.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048903.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048904.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048905.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048906.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\System Volume Information\_restore{2AC1A9CB-5385-48BE-8B8E-3E1D0E927FEB}\RP659\A0048907.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Wizard\AudioSyn\CTAudSyn.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Wizard\Import\CTImport.exe Infected: Virus.Win32.Hidrag.a skipped
    F:\Wizard\ImportPlaylist\CTEPLImp.exe Infected: Virus.Win32.Hidrag.a skipped

    Scan process completed.
  4. 2007-11-05, 21:44 #4
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Hello.

    Because of the amount of posts in your thread, helpers probably thought you were already being assisted.

    Copy and paste that information in your next post if the content will take no more than two posts to do so.
    If the result of your anti-virus scan is extremely long, please do not post it, but rather inform us when posting the HJT log.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)

    For people waiting who have not resolved their problem, we have a sticky topic:
    The Waiting Room: Post here if waiting for help longer than four days

    However if members waiting for assistance do not post in the waiting room, their topic is archived.


    Regards.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules