poorlilthingy
2007-04-20, 15:55
Hello! Im sure i have a virus, (trojan?) as my NOD keeps popping up telling me that my computer is being infiltrated. Ive run the spybot scanner and deleted 24 items that turned up (most tracking cookies), but my computer is still infected.
Im currently runnin the VUNDOFIX scanner, and its not finished yet, but a lot of .dll files are turning up as threats.
I am posting below my hijack this scan, and also the threat event notices from NOD. Any help on this issue woudl be greatly appreciated, as i consider myself fairly computer illiterate, but also good at following instructions :)
Thanks a lot
Kelly
Logfile of HijackThis v1.99.1
Scan saved at 3:28:10 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kelly\Desktop\VundoFix.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\abin906k.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles/abin906k.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
NOD THREAT LOG
Time Module Object Name Threat Action User Information
4/20/2007 15:24:45 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\uuuajddu.dll Win32/Adware.BHO.NAW application quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
4/20/2007 15:24:35 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 15:24:11 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/20/2007 13:46:12 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\yidhhqom.dll Win32/Adware.BHO.NAW application quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
4/20/2007 13:37:06 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 13:36:55 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/20/2007 13:18:41 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\wynfbovo.dll Win32/Adware.BHO.NAW application quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
4/20/2007 12:50:22 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 0:21:51 AM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/19/2007 19:36:33 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/19/2007 19:29:47 PM AMON file C:\WINDOWS\system32\bund1\temp.txt multiple infiltrations quarantined - deleted Event occurred on a new file created by the application: C:\DOCUME~1\Kelly\LOCALS~1\Temp\RarSFX0\AnyDVD6136.exe. The file was moved to quarantine. You may close this window.
4/19/2007 19:29:39 PM IMON self-extracting archive http://216.150.19.89/reporting/cFL.aspx?code=BundleBase1.1086 multiple infiltrations Connection terminated WTF\Kelly
4/19/2007 19:29:14 PM AMON file C:\WINDOWS\system32\bund1\ClientBundle1.exe multiple infiltrations quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\DOCUME~1\Kelly\LOCALS~1\Temp\RarSFX0\AnyDVD6136.exe. The file was moved to quarantine. You may close this window.
4/19/2007 19:28:55 PM IMON self-extracting archive http://216.150.19.89/privatearea/campaign/mediacenter/adtypes/downloads/loader1/ClientBundle1.exe multiple infiltrations Connection terminated WTF\Kelly
Im currently runnin the VUNDOFIX scanner, and its not finished yet, but a lot of .dll files are turning up as threats.
I am posting below my hijack this scan, and also the threat event notices from NOD. Any help on this issue woudl be greatly appreciated, as i consider myself fairly computer illiterate, but also good at following instructions :)
Thanks a lot
Kelly
Logfile of HijackThis v1.99.1
Scan saved at 3:28:10 PM, on 4/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Eset\nod32krn.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe
C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\ESET\nod32kui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Kelly\Desktop\VundoFix.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [OSSelectorReinstall] C:\Program Files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom\apdproxy.exe"
O4 - HKLM\..\Run: [HPWRTOOLBOX] C:\Program Files\Hewlett-Packard\hp deskjet 460 series\Toolbox\HPWRTBX.exe "-i"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\RunOnce: [FFTI] C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles\abin906k.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\ffti.exe /VERYSILENT /SUPPRESSMSGBOXES /NORESTART /DestPath="C:\Documents and Settings\Kelly\Application Data\Mozilla\Firefox\Profiles/abin906k.default\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
NOD THREAT LOG
Time Module Object Name Threat Action User Information
4/20/2007 15:24:45 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\uuuajddu.dll Win32/Adware.BHO.NAW application quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
4/20/2007 15:24:35 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 15:24:11 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/20/2007 13:46:12 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\yidhhqom.dll Win32/Adware.BHO.NAW application quarantined - deleted Event occurred on a new file created by the application: C:\WINDOWS\explorer.exe. The file was moved to quarantine. You may close this window.
4/20/2007 13:37:06 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 13:36:55 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/20/2007 13:18:41 PM AMON file C:\DOCUME~1\Kelly\LOCALS~1\Temp\wynfbovo.dll Win32/Adware.BHO.NAW application quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\WINDOWS\Explorer.EXE. The file was moved to quarantine. You may close this window.
4/20/2007 12:50:22 PM IMON file http://69.31.80.179/kbdmv.dll Win32/Adware.BHO.NAW application Connection terminated WTF\Kelly
4/20/2007 0:21:51 AM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/19/2007 19:36:33 PM IMON file http://82.98.235.61/ms_s_2.dll?uid=582F8030EE9C11DBA339003048895BFC&guid=b40fc68f+6BD530A9CD9D4514B47088891A332C23 Win32/Spy.VBStat.J trojan Connection terminated WTF\Kelly
4/19/2007 19:29:47 PM AMON file C:\WINDOWS\system32\bund1\temp.txt multiple infiltrations quarantined - deleted Event occurred on a new file created by the application: C:\DOCUME~1\Kelly\LOCALS~1\Temp\RarSFX0\AnyDVD6136.exe. The file was moved to quarantine. You may close this window.
4/19/2007 19:29:39 PM IMON self-extracting archive http://216.150.19.89/reporting/cFL.aspx?code=BundleBase1.1086 multiple infiltrations Connection terminated WTF\Kelly
4/19/2007 19:29:14 PM AMON file C:\WINDOWS\system32\bund1\ClientBundle1.exe multiple infiltrations quarantined - deleted WTF\Kelly Event occurred on a new file created by the application: C:\DOCUME~1\Kelly\LOCALS~1\Temp\RarSFX0\AnyDVD6136.exe. The file was moved to quarantine. You may close this window.
4/19/2007 19:28:55 PM IMON self-extracting archive http://216.150.19.89/privatearea/campaign/mediacenter/adtypes/downloads/loader1/ClientBundle1.exe multiple infiltrations Connection terminated WTF\Kelly