Page 2 of 2 FirstFirst 12
Results 11 to 17 of 17

Thread: Virtumonde and other nasty things!

  1. 2007-11-25, 11:49 #11
    acoas
    acoas is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default

    Finnaly!!! (Just look at the duration of the scanning process)


    KASPERSKY ONLINE SCANNER REPORT

    Sunday, November 25, 2007 02:29:09
    Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 24/11/2007
    Kaspersky Anti-Virus database records: 464872


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\

    Scan Statistics
    Total number of scanned objects 353929
    Number of viruses found 21
    Number of infected objects 103
    Number of suspicious objects 0
    Duration of the scan process 12:46:39

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\ALEKSANDAR\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\History\History.IE5\MSHist012007112420071125\index.dat Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\Free Download Manager\tic25.tmp Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\Temp\~DFA65C.tmp Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.ag skipped

    C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped

    C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0036 Infected: not-a-virus:AdWare.Win32.SaveNow.aw skipped

    C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe/data0037 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped

    C:\Documents and Settings\ALEKSANDAR\My Documents\My Movies\DiVX\Original Sin\Install\Player\RadLight 3.03 R5.2\RadLight3.exe Inno: infected - 4 skipped

    C:\Documents and Settings\ALEKSANDAR\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\ALEKSANDAR\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2007-11-24.04-42-59.log Object is locked skipped

    C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped

    C:\Program Files\ESET\infected\0SITPUDA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Program Files\ESET\infected\EUEHMKAA.NQF Infected: Trojan-Proxy.Win32.Wopla.ac skipped

    C:\Program Files\ESET\infected\FQ0ZZCBA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Program Files\ESET\infected\H540WHBA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Program Files\ESET\infected\L04KMZDA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Program Files\ESET\infected\N55Q0UCA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Program Files\ESET\infected\PG2LNUAA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Program Files\ESET\infected\RZJYCJAA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ava skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF/stream Infected: Trojan-Downloader.Win32.Zlob.ava skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF NSIS: infected - 2 skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF UPX: infected - 2 skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF PE_Patch.UPX: infected - 2 skipped

    C:\Program Files\ESET\infected\UG4K01CA.NQF PE-Crypt.XorPE: infected - 2 skipped

    C:\Program Files\ESET\infected\V0KWPZBA.NQF Infected: not-a-virus:AdWare.Win32.Virtumonde.aps skipped

    C:\Program Files\ESET\infected\ZDH50ACA.NQF Infected: not-a-virus:AdWare.Win32.SecToolBar.k skipped

    C:\Program Files\ESET\infected\ZEKZF4CA.NQF Infected: Trojan.Win32.Obfuscated.kp skipped

    C:\Program Files\ESET\logs\virlog.dat Object is locked skipped

    C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped

    C:\Razno\baby_balloons.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

    C:\Razno\baby_balloons.exe Inno: infected - 1 skipped

    C:\Razno\brgcg203.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\Razno\brgcg203.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\Razno\brgcg203.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\Razno\brgcg203.exe ZIP: infected - 3 skipped

    C:\Razno\cherry_cook.exe/file12 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

    C:\Razno\cherry_cook.exe Inno: infected - 1 skipped

    C:\Razno\eastern_mahjong.exe/file7 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

    C:\Razno\eastern_mahjong.exe Inno: infected - 1 skipped

    C:\Razno\help_santa.exe/file07 Infected: not-a-virus:AdTool.Win32.WhenU.a skipped

    C:\Razno\help_santa.exe Inno: infected - 1 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510677.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510685.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1067\A0510686.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.aqj skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe/data0007 Infected: Trojan-Downloader.Win32.Zlob.xp skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.xp skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.xp skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513808.exe ZIP: infected - 3 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513809.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513809.exe ZIP: infected - 1 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513811.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513811.exe ZIP: infected - 1 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513812.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513812.exe ZIP: infected - 1 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513813.exe ZIP: infected - 3 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513814.exe ZIP: infected - 3 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.aan skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513815.exe ZIP: infected - 3 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513818.exe/run.exe Infected: Trojan-Downloader.Win32.Zlob.vg skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513818.exe ZIP: infected - 1 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe NSIS: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe PE_Patch.UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe NSIS: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe PE_Patch.UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe NSIS: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe PE_Patch.UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe/stream Infected: Trojan-Downloader.Win32.Zlob.aum skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe NSIS: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe PE_Patch.UPX: infected - 2 skipped

    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\change.log Object is locked skipped

    C:\WINDOWS\Debug\oakley.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\ModemLog_Agere Systems PCI Soft Modem.txt Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    D:\My Fun\freeripmp3.exe/file35 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped

    D:\My Fun\freeripmp3.exe Inno: infected - 1 skipped

    D:\My Fun\Razno\maturestown_com - free galleries2.htm Object is locked skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel.b skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe/v2.0.3.cab Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

    D:\My Fun\ZodiacInst.exe/ss20030521.exe Infected: not-a-virus:AdWare.Win32.NavExcel.d skipped

    D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe/Sync.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    D:\My Fun\ZodiacInst.exe/SAVE-SYNCm-WHSE_searchbar.min.googleInst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.v skipped

    D:\My Fun\ZodiacInst.exe CreateInstall: infected - 9 skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.ava skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe/stream Infected: Trojan-Downloader.Win32.Zlob.ava skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe NSIS: infected - 2 skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe UPX: infected - 2 skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe PE_Patch.UPX: infected - 2 skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0030.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0053.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe/WISE0053.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513987.exe WiseSFX: infected - 3 skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513993.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\change.log Object is locked skipped

    Scan process completed.
  2. 2007-11-25, 14:22 #12
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Sometimes these games come bundled with adware, if you keep downloading them the way you have your going to keep infecting yourself, even though your HJT log looks clean, I would like you to run these two scans to be sure all is well


    First go into your ESET virus program to the Quarantine folder and remove it all.


    This wont take long
    Please download SmitfraudFix
    Extract the content (a folder named SmitfraudFix) to your Desktop.

    Open the SmitfraudFix folder and double-click smitfraudfix.cmd
    Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
    Please copy/paste the content of that report into your next reply.




    This should not take longer than an hour

    Please download and install AVG Anti-Spyware Free to your desktop.
    • Once you have downloaded AVG Anti-Spyware 7.5, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run AVG and update the definition files.
    • On the main screen select the icon Update then select the Update now link.
    • Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the Scanner icon at the top of the screen, then select the Settings tab.
    • Once in the Settings screen click on Recommended actions and then select Quarantine <-- Dont forget this
    • Under Reports
    • Select Automatically generate report after every scan
    • Un-Select Only if threats were found <-- Don't forget this
    • Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan.
    • AVG will now begin the scanning process, be patient this may take a little time.
    • Once the scan is complete do the following:
    • If you have any infections you will prompted, then select Apply all actions
    • Next select the Reports icon at the top.
    • Select the Save report as button in the lower left hand of the screen and save it to a text file on your system <--Don't forget this
    • make sure to remember where you saved that file, this is important, I need to see that log.
    • Close AVG Anti-Spyware Free


    IMPORTANT: Do not open any other windows or programs while ewido is scanning, it may interfere with the scanning process:



    Post both reports along with a new HJT log please
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  3. 2007-11-26, 23:06 #13
    acoas
    acoas is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default

    SMITFRAUDFIX LOG

    SmitFraudFix v2.254

    Scan done at 20:08:39.84, 11/26/2007
    Run from C:\Documents and Settings\ALEKSANDAR\Desktop\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
    The filesystem type is NTFS
    Fix run in normal mode

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\System32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts


    »»»»»»»»»»»»»»»»»»»»»»»» C:\


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ALEKSANDAR


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\ALEKSANDAR\Application Data


    »»»»»»»»»»»»»»»»»»»»»»»» Start Menu


    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ALEKSA~1\FAVORI~1


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop


    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


    »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


    »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components



    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, following keys are not inevitably infected!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll


    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, following keys are not inevitably infected!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""


    »»»»»»»»»»»»»»»»»»»»»»»» Rustock



    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: WAN (PPP/SLIP) Interface
    DNS Server Search Order: 194.247.192.33
    DNS Server Search Order: 194.247.192.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer=194.247.192.33 194.247.192.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer=194.247.192.33 194.247.192.1


    »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


    »»»»»»»»»»»»»»»»»»»»»»»» End



    AVG LOG

    ---------------------------------------------------------
    AVG Anti-Spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 22:57:16 11/26/2007

    + Scan result:



    C:\Program Files\Trend Micro\HijackThis\backups\backup-20071121-231614-822.inf -> Adware.MediaTickets : Cleaned.
    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513855.exe -> Downloader.Zlob.aum : Cleaned.
    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513860.exe -> Downloader.Zlob.aum : Cleaned.
    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513869.exe -> Downloader.Zlob.aum : Cleaned.
    C:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513962.exe -> Downloader.Zlob.aum : Cleaned.
    D:\System Volume Information\_restore{1F2EDC4E-595B-4B18-835C-73B1C50D2C2C}\RP1069\A0513797.exe -> Downloader.Zlob.ava : Cleaned.
    C:\Program Files\SHISEN\SHISEN.EXE -> Heuristic.Win32.Dialer : Cleaned.
    D:\My Fun\Total Commander v.6.52\tc6Uni_crk.exe -> Logger.Agent : Cleaned.
    :mozilla.7:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@2.adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@adbrite[2].txt -> TrackingCookie.Adbrite : Cleaned.
    :mozilla.131:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    :mozilla.132:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
    :mozilla.28:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@connextra[2].txt -> TrackingCookie.Connextra : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@i12[1].txt -> TrackingCookie.I12 : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@max.i12[2].txt -> TrackingCookie.I12 : Cleaned.
    :mozilla.49:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    :mozilla.50:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Imrworldwide : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@intelli-direct[1].txt -> TrackingCookie.Intelli-direct : Cleaned.
    :mozilla.77:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    :mozilla.78:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@realguide.real[1].txt -> TrackingCookie.Real : Cleaned.
    :mozilla.27:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.90:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.91:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.92:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.93:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    :mozilla.94:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@statcounter[1].txt -> TrackingCookie.Statcounter : Cleaned.
    :mozilla.100:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\Cookies\aleksandar@m.webtrends[1].txt -> TrackingCookie.Webtrends : Cleaned.
    :mozilla.125:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.126:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.127:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    :mozilla.128:C:\Documents and Settings\ALEKSANDAR\Application Data\Mozilla\Firefox\Profiles\2kg3rl2s.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
    C:\Documents and Settings\ALEKSANDAR\My Documents\Downloads\Water Bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.
    C:\Program Files\PopCap Games\Water Bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.
    D:\Downloads 2\Water bugs\PopCap Games DRM Protection Remover 0.1.exe -> Trojan.Small : Cleaned.


    ::Report end



    HJT LOG

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 22:59:44, on 11/26/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\Trend Micro\HijackThis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - WWW. Prefix: http://
    O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 6999 bytes
  4. 2007-11-27, 01:26 #14
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your log looks fine

    Download CCleaner from here to clean temp files from your computer.
    • Double click on the file to start the installation of the program.
    • Select your language and click OK, then next.
    • Read the license agreement and click I Agree.
    • Click next to use the default install location. Click Install then finish to complete installation.
    • Double click the CCleaner shortcut on the desktop to start the program.
    • On the "Windows" tab, under "Internet Explorer," uncheck "Cookies" if you do not want them deleted. (If deleted, you will likely need to reenter your passwords at all sites where a cookie is used to recognize you when you visit).
    • If you use either the Firefox or Mozilla browsers, the box to uncheck for "Cookies" is on the Applications tab, under Firefox/Mozilla.
    • Click on the "Options" icon at the left side of the window, then click on "Advanced."
      deselect "Only delete files in Windows Temp folders older than 48 hours."
    • Click on the "Cleaner" icon on the left side of the window, then click Run Cleaner to run the program.
    • Caution: It is not recommended that you use the "Issues" feature unless you are very familiar with the registry as it has been known to find legitimate items.
    • After CCleaner has completed its process, click Exit.


    *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!



    • Your Java is out of date and leaving your system vulnerable.
    • Go to your Add-Remove Programs in the Control Panel and uninstall any previous versions of Java (J2SE Runtime Environment)
    • It should have an icon next to it:

      Select it and click Remove.
    • Reboot your system.
    • Then go to the Sun Microsystems and install the update
    • Java Runtime Environment Version 6 Update 3 <--This is what you need to download and install.
    • If you chose the online installation, it will prompt you to run the program.
    • If you chose the offline installation, you will be prompted to save the file and you can run it from wherever you saved it.
    • Then after install you can verify your installation here Sun Java Verify
    I like to to do the offline installation and save the setup file in case I may need it in the future


    How are things running now??
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  5. 2007-11-27, 19:47 #15
    acoas
    acoas is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default

    I have completed everything you said. During installation of newest version of Java I was informed that for that version I should have Windows SP2, which I don't. Installation was successful, but could I have some problem with this because of lack of SP2.
    Is now the right time to install SP2 since we, hopefully, cleaned all the threats from my computer, or should I do something else before?

    My latest HJT log looks like this:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:45:27, on 11/27/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\Eset\nod32krn.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\WINDOWS\system32\pctspk.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Eset\nod32kui.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\VIA\RAID\raid_tool.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Program Files\Trend Micro\HijackThis\Scanner.exe

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = cache.eunet.yu:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.eunet.yu;*.eunet.yu;<local>
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
    O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
    O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [SysMetrix] C:\Program Files\SysMetrix\SysMetrix.exe
    O4 - HKLM\..\Run: [Desktop Service] C:\Program Files\Free-Soft\Virtual Desktop\DesktopLoader.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Startup: Sid Registration.lnk = F:\ATR1.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
    O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
    O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
    O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
    O8 - Extra context menu item: Download with Go!Zilla - file://C:\Program Files\Go!Zilla\download-with-gozilla.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O13 - WWW. Prefix: http://
    O15 - Trusted Zone: www.vetup.minpolj.sr.gov.yu
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {62BC5DB2-0044-4040-B366-D628F3CFD551} (PowerTeam HTML Printing Behavior) - http://www.vetup.minpolj.sr.gov.yu/V...PrinterBvr.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{D515463C-AD78-4558-AAAD-6973E8741F5B}: NameServer = 194.247.192.33 194.247.192.1
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

    --
    End of file - 6964 bytes
  6. 2007-11-27, 20:00 #16
    ken545
    ken545 is offline
    Emeritus-Security Expert
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Your ready for SP2,

    Run a cleaner.
    Please download ATF Cleaner by Atribune to your desktop.
    • This program is for XP and Windows 2000 only
    • Double-click ATF-Cleaner.exe to run the program.
    • Under Main choose: Select All
    • Click the Empty Selected button.


    Your system may start up slower after running ATF Cleaner, this is expected but will be back to normal after the first or second boot up


    Go to Start> All Programs> Assessories > System Tools> Defragmenter and select your C: drive and run the tool.


    Open IE and go to Tools> Windows Updates and go for it, you can also download it here.
    http://www.microsoft.com/windowsxp/sp2/default.mspx






    Here are some free programs to install, don't leave home without them
    • Spybot Search and Destroy 1.5
      Check for Updates/ Immunize and run a Full System Scan on a regular basis.
    • Spyware Blaster It will prevent most spyware from ever being installed.
    • Spyware Guard It offers realtime protection from spyware installation attempts.
    • Win Patrol This program will warn you when any changes are being made to your system and give
      you the option to deny the change.
    • IE-Spyad
      IE-Spyad places over 4000 web sites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads
      (cookies etc) from the sites listed, although you will still be able to connect to the sites.
    • Firefox 2.0 It has more features and is a lot more secure than IE. It is a very easy and
      painless download and install, it will no way interfere with IE, you can use them both.
    • Zone Alarm Here is a free Firewall from Zone Labs, I
      wouldn't access the internet without it.


    Glad we could help.

    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.
  7. 2007-11-27, 21:09 #17
    acoas
    acoas is offline
    Junior Member
    Join Date
    Nov 2007
    Posts
    10

    Default

    Thanks a lot!!!

    And goodbye!

« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules