View Full Version : Virtumonde Smitfraud-C
TaylorKC
2007-09-21, 03:41
Been trying to remove these two myself, no luck so far. Followed the listed instructions, here's some notes.
1)Wasn't able to boot in safe mode (hung at a certain point).
2) The McAfee program is out of date. I haven't been able to remove it from the system.
3) Virtumonde isn't showing up in spybot right now, but i doubt i've removed it.
4) Kaspersky scan was 170k. attached as zip.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:12, on 2007-09-21
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Utilities Pat\Source\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: McAfee Privacy Service Helper Object - {cc4b2ee5-4803-11d7-8a38-00b0d0c6b814} - C:\Program Files\McAfee\McAfee Privacy Service\GDIEHELP.DLL
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] C:\PROGRA~1\McAfee.com\Agent\McAgent.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Utilities Pat\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-21-823518204-920026266-725345543-1004\..\Run: [SpybotSD TeaTimer] C:\Utilities Pat\Spybot - Search & Destroy\TeaTimer.exe (User '?')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\UTILIT~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,83/mcinsctl.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8300.cab
O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupdate.exe
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,20/mcgdmgr.cab
O18 - Filter: text/plain - {C2F9E5DC-D848-4833-8BCE-C74DC23336C6} - (no file)
O23 - Service: McAfee Privacy Service (GuardDogEXE) - Network Associates, Inc. - C:\Program Files\McAfee\McAfee Privacy Service\GUARDDOG.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: McAfee SpamKiller Server (MskService) - Networks Associates Technology. Inc. - C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O24 - Desktop Component 1: Intelligent Explorer[ieplugin.com] OnScreen Portal - http://active.ieplugin.com/active/?17459022
--
End of file - 6222 bytes
TaylorKC
2007-09-21, 03:46
C:\SPYWARE\Windows\System32\pcs\pcsvcAccess.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped
C:\SPYWARE\Windows\Temp\Altnet\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\admdata.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\admdloader.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\admfdi.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\admprog.dll Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Windows\Temp\Altnet\mysearch.cab/mySetp.exe Infected: not-a-virus:AdWare.Win32.MyWay.g skipped
C:\SPYWARE\Windows\Temp\Altnet\mysearch.cab CAB: infected - 1 skipped
C:\SPYWARE\Windows\Temp\Altnet\pmexe.cab/Points Manager.exe Infected: not-a-virus:AdWare.Win32.Altnet.h skipped
C:\SPYWARE\Windows\Temp\Altnet\pmexe.cab CAB: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1314\A0578879.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1314\A0579878.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1314\A0580877.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1314\A0581877.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1314\A0582877.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699803.exe Infected: Trojan.Win32.Agent.anr skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699805.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699806.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699808.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699809.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699810.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699822.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\A0699823.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{B995C553-D09A-4FAC-B809-73C4427BB574}\RP1316\change.log Object is locked skipped
C:\temp\package8029_CDT3.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.l skipped
C:\temp\package8029_CDT3.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0003 Infected: not-a-virus:AdWare.Win32.BargainBuddy.q skipped
C:\temp\package8029_CDT3.exe/stream/data0005 Infected: Trojan-Clicker.Win32.VB.ex skipped
C:\temp\package8029_CDT3.exe/stream/data0006/stream/data0001 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0006/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0002 Infected: not-a-virus:AdWare.Win32.BargainBuddy.y skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0005 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0006 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe/stream Infected: not-a-virus:AdWare.Win32.BargainBuddy.n skipped
C:\temp\package8029_CDT3.exe NSIS: infected - 14 skipped
C:\VundoFix Backups\amvpccfc.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\bjttdgpt.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\cliioasw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\drhdrcrf.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\drwisreo.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\efcyxvv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.gl skipped
C:\VundoFix Backups\eihcunnm.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\emggwgcs.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\eunyepkf.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\eyojvscj.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\fhcnhjgv.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\fkncbuqd.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\foo.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ar skipped
C:\VundoFix Backups\fyibthhn.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\gpukkisu.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\hlubuhlo.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\hohbrbfl.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\huiiivfp.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\hxteckqs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\iqglbofh.exe.bad Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\VundoFix Backups\iyilabak.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\j8211230.dll.bad Infected: Trojan-Clicker.Win32.Small.mw skipped
C:\VundoFix Backups\jbfskyvv.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\jhlbxwtf.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\jxpribko.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\ldbtvutb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\lnlfefcw.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\lwgoqcbk.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\mlljh.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.tm skipped
C:\VundoFix Backups\mtgwiodt.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\ncvsfvuc.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\nvotqvpx.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\nxwfxvkv.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\obcmlhln.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\opnlkii.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.id skipped
C:\VundoFix Backups\pcvxxkfk.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\pmnll.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.tm skipped
C:\VundoFix Backups\priitluv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\rcsenmfl.dll.bad Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\VundoFix Backups\rpaasxyo.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\skqyqfnv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\tjfdfott.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\tsbosifa.dll.bad Suspicious: Packed.Win32.Morphine.a skipped
C:\VundoFix Backups\vdyjxjwd.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\vrbewqox.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\vtuvuvv.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\VundoFix Backups\vuqxdwcx.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\vuwwlxiu.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\wccoltdc.exe.bad Infected: Trojan.Win32.Agent.anr skipped
C:\VundoFix Backups\wdwfjuru.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\VundoFix Backups\wjypplrg.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\VundoFix Backups\wximeelo.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\VundoFix Backups\wybyjlxq.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.ki skipped
C:\VundoFix Backups\xiqytjoo.exe.bad Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\b103.exe/stream/data0002 Infected: Trojan-Downloader.Win32.TSUpdate.o skipped
C:\WINDOWS\b103.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b103.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b103.exe NSIS: infected - 3 skipped
C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
C:\WINDOWS\b129.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0005 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.390 skipped
C:\WINDOWS\b129.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b129.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
C:\WINDOWS\b129.exe NSIS: infected - 6 skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\S3Jpc3Rpbg\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\S3Jpc3Rpbg\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\WINDOWS\svchost.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\WINDOWS\system32\ahkscukc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ahowuvnr.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ajuumbng.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\akmutyaj.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\aodcftih.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\avlgitri.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\axuninstall.exe Infected: not-a-virus:AdWare.Win32.BlazeFind.b skipped
C:\WINDOWS\system32\begrcdna.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\binltslw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\BO2802040113.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.d skipped
C:\WINDOWS\system32\camojttk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\cewqayif.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\cgdpvjet.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\dinkusnc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\dqnkberl.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\drivers\etc\hosts.1 Infected: Trojan.Win32.Qhost.f skipped
C:\WINDOWS\system32\dtgbsocx.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\dvutlrix.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\fdjucnac.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\fwrxqsor.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\gektyygk.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\glusdnhf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\gnkygadq.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\hgcxhcca.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\hkgajlce.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kp skipped
C:\WINDOWS\system32\hvisdhrs.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ifnyxkij.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ilnufixf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ingnmhcw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ipteiajd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jdvjpvnd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jeqejsyi.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\joqwcrxa.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jsglpbgt.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\jvhonadv.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\kuonwtxh.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\kyyywpgi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\lliursaj.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\mdobchek.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\mrnppkip.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\mscnarcd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\nhfdikus.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\nlkwpvrc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ntjimdew.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\nvelmanl.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\oaerfhct.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ofrevtye.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\oostbhaj.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ooxhasec.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\pakxrmkd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\pgrlqkyd.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\piludvwg.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\pkhgcrob.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\pllrrfxf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\qablfule.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\qqyavrep.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\qrpmlrdi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ripudvhk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\rkewraoc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\rmvrobxr.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\runvwaco.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\rutetkoc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\rxbnfrwl.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\smovpcys.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\tajfgbsc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\tiqfdvnp.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\tkkinlqr.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\tlccxfih.dll Infected: Trojan.Win32.BHO.o skipped
C:\WINDOWS\system32\uhieeqaf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\uhswjggc.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\uohffvfs.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\uuhwhtne.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\uwwirghn.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\v7.exe Infected: Trojan-Clicker.Win32.Agent.jc skipped
C:\WINDOWS\system32\vcqcuolk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\vduuoetg.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\vgdlnuht.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\vunkypdj.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wacpmsuc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wflivlvc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wprqekde.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wqmeovcg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\wvjbvukk.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\xenqtwdc.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\xgojkefe.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\xhbgrddi.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\xmfmtqsx.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\WINDOWS\system32\ycwlehlw.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\WINDOWS\system32\yopmcwwb.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\WINDOWS\system32\ywfvnsmw.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
Scan process completed.
TaylorKC
2007-09-21, 03:47
** I've trimmed some of the repeated entries in the kaspersky file here.
------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, September 21, 2007 6:03:52 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 21/09/2007
Kaspersky Anti-Virus database records: 421344
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
Scan Statistics:
Total number of scanned objects: 96930
Number of viruses found: 69
Number of infected objects: 1026
Number of suspicious objects: 2
Duration of the scan process: 01:23:31
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Logs\Filtering.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000005920.eml Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000013134.eml/[From "HERBVIAG AMAZINGERECTION" Cdkbud <Cdkbud@Cdkbud.bkhjefpn.com>][Date Thu, 24 Nov 2005 11:38:57 -0800]/Corcoran_Buy_HERBALVIAGRA.HTML Infected: Trojan.JS.Redirector.b skipped
C:\Documents and Settings\All Users\Application Data\McAfee\SpamKiller\Users\1\Front\1\M0000013134.eml Mail: infected - 1 skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\cert8.db Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\history.dat Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\key3.db Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\parent.lock Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3846e56d-2d236ad9.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3846e56d-2d236ad9.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3846e56d-2d236ad9.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3846e56d-2d236ad9.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-19bf30c9-16c26730.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-19bf30c9-16c26730.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-19bf30c9-16c26730.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-19bf30c9-16c26730.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f24df65-664d4151.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f24df65-664d4151.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f24df65-664d4151.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\crtdcghcn.jar-2f24df65-664d4151.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-51e543a5-13b58feb.zip/MagicApplet.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-51e543a5-13b58feb.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\dsbr.jar-51e543a5-13b58feb.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-2f7d2139.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-2f7d2139.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-2f7d2139.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ms-counter.jar-5aecf5b2-2f7d2139.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-76adb5af-551e2643.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-76adb5af-551e2643.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-76adb5af-551e2643.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\statistic.jar-76adb5af-551e2643.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-1a5175fd-65be8fff.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-1a5175fd-65be8fff.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-1a5175fd-65be8fff.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-1a5175fd-65be8fff.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3ffe42e5-72504fb2.zip/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3ffe42e5-72504fb2.zip/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3ffe42e5-72504fb2.zip/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
C:\Documents and Settings\Kristin\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\version.jar-3ffe42e5-72504fb2.zip ZIP: infected - 3 skipped
C:\Documents and Settings\Kristin\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Kristin\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Kristin\Incomplete\T-172094-_live_ 10s pantera (REPLiCA) 07.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\djgcmtd.dll Infected: Trojan.Win32.Obfuscated.ev skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\633285D9d01/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\633285D9d01 ZIP: infected - 1 skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Application Data\Mozilla\Firefox\Profiles\yqg7rsb0.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\bgsnaues.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\crfgnhlw.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\jhqwofhn.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\mnayuigt.dll Infected: not-a-virus:AdWare.Win32.BHO.v skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\orihqtdf.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\pkodhujw.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\tdftebvg.exe Infected: Trojan-Dropper.Win32.Agent.bmk skipped
C:\Documents and Settings\Kristin\Local Settings\Temp\xm0cj13f.exe Object is locked skipped
C:\Documents and Settings\Kristin\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Kristin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Kristin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\svchost.exe Infected: Trojan-Spy.Win32.Agent.or skipped
C:\Program Files\True Sword 4\backuped\10\bapcgcms.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ft skipped
C:\Program Files\True Sword 4\backuped\11\bidbcdcj.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\True Sword 4\backuped\14\cqrewifm.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\True Sword 4\backuped\15\csdyqpbh.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\True Sword 4\backuped\16\ctgcblyn.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.hb skipped
C:\Program Files\True Sword 4\backuped\17\drksdsvn.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Program Files\True Sword 4\backuped\4\mstD707.tmp Infected: Trojan.Win32.Agent.qt skipped
C:\Program Files\True Sword 4\backuped\5\winD6FD.tmp.exe Infected: Trojan-Clicker.Win32.Agent.jc skipped
C:\Program Files\True Sword 4\backuped\6\winD70C.tmp.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.dc skipped
C:\Program Files\True Sword 4\backuped\6\winD70C.tmp.exe NSIS: infected - 1 skipped
C:\Program Files\True Sword 4\backuped\9\axlycsfg.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\RECYCLER\S-1-5-18\Dc1\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc8\Update.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc9\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-18\Dc9\Update.exe Infected: not-a-virus:AdWare.Win32.Mostofate.ac skipped
C:\RECYCLER\S-1-5-21-823518204-920026266-725345543-1004\Dc56.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\RECYCLER\S-1-5-21-823518204-920026266-725345543-1004\Dc56.zip ZIP: infected - 1 skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\btiein.dll Infected: Trojan-Downloader.Win32.QDown.aa skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\ss_cdt_setup.exe/data0002 Infected: not-a-virus:AdWare.Win32.Sidesearch.e skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\ss_cdt_setup.exe NSIS: infected - 1 skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\__unin__.exe Infected: not-a-virus:AdWare.Win32.Altnet.b skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~7885768687.tmp Infected: Trojan-Downloader.Win32.Siboco skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/init.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.h skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/pcsvc.exe Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/pcsvc.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/init.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.h skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/pcsvcAccess.ocx Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.a skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe/dpi.exe Infected: not-a-virus:NetTool.Win32.Dpi skipped
C:\SPYWARE\Documents and Settings\Kristin\Local Settings\Temp\~MySetup.exe Vise: infected - 6 skipped
C:\SPYWARE\Program Files\Kazaa\TopSearch.dll Infected: not-a-virus:AdWare.Win32.Altnet.f skipped
C:\SPYWARE\Program Files\MyWebSearch\bar\1.bin\F3HTMLMU.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\SPYWARE\Program Files\MyWebSearch\bar\1.bin\F3POPSWT.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.d skipped
C:\SPYWARE\Program Files\MyWebSearch\bar\1.bin\F3SCRCTR.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.d skipped
C:\SPYWARE\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\SPYWARE\Program Files\MyWebSearch\bar\1.bin\MWSOESTB.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\SPYWARE\Windows\System32\pcs\init.dll Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.h skipped
teacup61
2007-09-29, 01:19
Hello TaylorKC,
Welcome to Safer Networking Forums :)
Sorry about the delay.:( When you post multiple times like that it looks like you're being helped already. Helpers look for the topics with 0 replies first. If you still need help, please post a new HijackThis log and I'll be happy to look at it. :)
Thanks,
tea
This topic has been moved to archives.
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.