View Full Version : Viruses, spyware and no idea what to do!!
cmcveigh
2007-10-21, 23:14
Hi there,
I believe I have a problem with spyware, viruses, and all sorts on my pc.
I'm experiencing ridiculous slowdown, system crashes and also trouble with Symantec, auto-protect disabling itself being the most often occurance.
Symantec finds 2 trojans, tells me to reboot, but doesnt seem to get rid of them.
Spybot usually starts, but tends to stop halfway, and even shutdown the pc midway through a scan tonight. I installed Adaware, but that does the same. It's closed down halfway every time I've run it. Both programs often fail to start up at all.
Please be patient with me, I'm a bit of a novice I'm afraid...
Here's my Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:01:18, on 21/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\cadix\screen saver\cssCtrl.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\WINDOWS\system32\dwwin.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [srmclean] -C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] -C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] -"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] -C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] -C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] -C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] -C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] -atwtusb.exe beta
O4 - HKLM\..\Run: [PenLock] -
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\WINDOWS\system32\tubhkjfs.dll",sitypnow
O4 - HKLM\..\RunOnce: [SpybotDeletingA3353] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC92] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA2824] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6942] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA8286] command /c del "C:\WINDOWS\system32\pmkjk.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC2180] cmd /c del "C:\WINDOWS\system32\pmkjk.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotSnD] "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe" /autocheck
O4 - HKLM\..\RunOnce: [SpybotDeletingA8569] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC4040] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA4934] command /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC6097] cmd /c del "C:\WINDOWS\system32\drivers\core.sys_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingA1632] command /c del "C:\WINDOWS\system32\pmkjk.dll_tobedeleted"
O4 - HKLM\..\RunOnce: [SpybotDeletingC5568] cmd /c del "C:\WINDOWS\system32\pmkjk.dll_tobedeleted"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Startup: Quick StartUp.lnk = ?
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 9974 bytes
cmcveigh
2007-10-21, 23:15
And now Kaspersky log:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, October 16, 2007 9:45:21 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/10/2007
Kaspersky Anti-Virus database records: 436887
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 58868
Number of viruses found: 10
Number of infected objects: 90
Number of suspicious objects: 0
Duration of the scan process: 00:59:38
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\nicola\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe/data0000.cab/CLONED~1.EXE Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe/data0000.cab Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\History\History.IE5\MSHist012007101620071017\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temp\NDLC3 Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\Content.IE5\C0G9P5YK\PodshowRocks_PSPromo_large[2].flv Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\Content.IE5\F8KBHDYF\PodshowRocks_PSPromo_large[2].flv Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nicola\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\nicola\ntuser.dat.LOG Object is locked skipped
C:\fbipukh.exe Infected: Trojan-Spy.Win32.Banker.eiq skipped
C:\RECYCLER\S-1-5-21-3404089466-3444014056-1454874084-1005\Dc5\Clone Dvd 2.exe/data0000.cab/CLONED~1.EXE Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\RECYCLER\S-1-5-21-3404089466-3444014056-1454874084-1005\Dc5\Clone Dvd 2.exe/data0000.cab Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\RECYCLER\S-1-5-21-3404089466-3444014056-1454874084-1005\Dc5\Clone Dvd 2.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021220.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021221.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021222.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021360.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021392.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021435.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP167\A0021473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP167\A0021492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP168\A0021545.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP169\A0021642.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP171\A0021748.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022092.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022093.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022096.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022098.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022099.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022100.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0023261.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0024251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0025251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP179\A0025284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP179\A0025297.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\A0025372.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\A0026408.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{00C8C757-1D9D-42C0-B36C-6921A0AA6400}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\anbyrbmj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\awqtiyvk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\detadjxw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\drivers\core.cache.dsk Object is locked skipped
C:\WINDOWS\system32\drivers\core.sys Object is locked skipped
C:\WINDOWS\system32\duhduesu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\efurqbfv.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\elfxeqie.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\enpkpnwa.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\fvbepgjx.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gedsmpwg.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gtnndpra.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\gxwthylt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\hrwhfrct.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\igvtpven.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\incualry.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\jaxsnrsc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\jhdgreww.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\jpgjijoe.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\WINDOWS\system32\kdywfmts.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\kjrxeaie.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\kutarren.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\mljiijh.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\WINDOWS\system32\mqnsawkq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nnhtilaj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\WINDOWS\system32\nnijsjsa.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nsogulca.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\nwvwcmku.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\obfpelph.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\ocesqhbd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\oonkopjc.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\phldqdep.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\WINDOWS\system32\pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\WINDOWS\system32\qireqvkt.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\qqqxekkl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rarwxsrj.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rgocsgmc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rjpnvihe.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\rplnlxhf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\WINDOWS\system32\sgeerdlk.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tdiumcia.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\thrmbakl.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\thwciied.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tkcuogua.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\tmswihat.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\umjvepdv.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\WINDOWS\system32\usagkypw.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vgxdccim.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vnruvwcp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\vsvmlvxf.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\system32\wflmivtc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\wutwkoxr.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\xouxeoca.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\system32\xpdx.sys Object is locked skipped
C:\WINDOWS\system32\ymbdsqvh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Many thanks,
C McVeigh
Hello cmcveigh and welcome to the Forums :)
YOu're infected.
1. Download this file - combofix.exe (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
cmcveigh
2007-10-24, 22:28
Combofix log:
ComboFix 07-10-23.1 - nicola 2007-10-24 20:13:52.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.185 [GMT 1:00]
Running from: C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\Content.IE5\N0RP1LQ4\ComboFix[1].exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\nicola\Application Data\macromedia\Flash Player\#SharedObjects\M55YJRRG\iforex.com
C:\Documents and Settings\nicola\Application Data\macromedia\Flash Player\#SharedObjects\M55YJRRG\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\nicola\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\nicola\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\temp\tn3
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bbecglxf.ini
C:\WINDOWS\system32\bcfwfoib.exe
C:\WINDOWS\system32\ckyeaxir.dll
C:\WINDOWS\system32\commands.xml
C:\WINDOWS\system32\dimrbayy.dll
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\drivers\core.sys
C:\WINDOWS\system32\ebtdnfdc.dll
C:\WINDOWS\system32\eojijgpj.ini
C:\WINDOWS\system32\fnmhrnsy.exe
C:\WINDOWS\system32\fxlgcebb.dll
C:\WINDOWS\system32\fyrnxyra.exe
C:\WINDOWS\system32\help.txt
C:\WINDOWS\system32\jpgjijoe.dll
C:\WINDOWS\system32\jqmwmavg.exe
C:\WINDOWS\system32\kjkmp.bak1
C:\WINDOWS\system32\kjkmp.bak2
C:\WINDOWS\system32\kjkmp.ini
C:\WINDOWS\system32\kjkmp.ini2
C:\WINDOWS\system32\kjkmp.tmp
C:\WINDOWS\system32\mljiijh.dll
C:\WINDOWS\system32\pmkjk.dll
C:\WINDOWS\system32\qhifmuat.exe
C:\WINDOWS\system32\rixaeykc.ini
C:\WINDOWS\system32\sfjkhbut.ini
C:\WINDOWS\system32\sxmmibwp.exe
C:\WINDOWS\system32\tubhkjfs.dll
C:\WINDOWS\system32\twwujc.dat
C:\WINDOWS\system32\twwujc_nav.dat
C:\WINDOWS\system32\twwujc_navps.dat
C:\WINDOWS\system32\vhvpusgs.dll
C:\WINDOWS\system32\xpdx.sys
C:\WINDOWS\system32\xumvddgu.exe
C:\WINDOWS\system32\yefvdrfp.exe
C:\WINDOWS\system32\yppcwcmv.exe
C:\WINDOWS\system32\yyabrmid.ini
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_CORE
-------\LEGACY_DOMAINSERVICE
-------\core
-------\DomainService
-------\xpdx
((((((((((((((((((((((((( Files Created from 2007-09-24 to 2007-10-24 )))))))))))))))))))))))))))))))
.
2007-10-24 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-21 21:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 15:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-20 14:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-16 20:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-09 20:25 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 17:01 <DIR> d-------- C:\Documents and Settings\nicola\Phone Browser
2007-10-07 17:01 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Datalayer
2007-10-07 16:59 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Nokia
2007-10-07 14:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-06 17:20 <DIR> d-------- C:\Program Files\DIFX
2007-10-06 17:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 17:10 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\PC Suite
2007-10-06 16:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-06 16:35 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-10-06 16:35 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-10-06 16:35 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-10-06 16:35 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-10-06 16:35 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-10-06 16:35 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-10-06 16:35 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-10-06 16:33 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 16:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 16:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-06 16:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-06 15:48 <DIR> d-------- C:\Documents and Settings\nicola\.housecall6.6
2007-09-30 16:29 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2007-09-30 16:28 <DIR> d-------- C:\Program Files\Juniper
2007-09-30 16:28 323,636 --a------ C:\WINDOWS\system32\IreMgmt.dll
2007-09-30 16:28 143,360 --a------ C:\WINDOWS\system32\nsldap32v50.dll
2007-09-30 16:28 78,848 -ra------ C:\WINDOWS\system32\soedber.dll
2007-09-30 16:28 46,080 -ra------ C:\WINDOWS\system32\soedapi.dll
2007-09-30 16:28 28,160 -ra------ C:\WINDOWS\system32\cstrain.dll
2007-09-30 16:28 23,552 -ra------ C:\WINDOWS\system32\ossapi.dll
2007-09-30 16:28 16,896 -ra------ C:\WINDOWS\system32\ossdmem.dll
2007-09-30 16:28 11,264 -ra------ C:\WINDOWS\system32\soedoid.dll
2007-09-30 12:01 <DIR> d-------- C:\Webroot
2007-09-30 12:01 <DIR> d-------- C:\Quarantine
2007-09-30 12:01 <DIR> d-------- C:\Masters
2007-09-29 15:23 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\AVG7
2007-09-29 15:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 21:07 --------- d-----w C:\Documents and Settings\nicola\Application Data\uTorrent
2007-10-07 14:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-07 14:42 --------- d-----w C:\Program Files\QuickTime
2007-10-07 14:36 --------- d-----w C:\Program Files\iTunes
2007-10-07 14:36 --------- d-----w C:\Program Files\Google
2007-09-30 20:21 --------- d-----w C:\Program Files\AoA DVD Ripper
2007-09-30 16:25 --------- d-----w C:\Program Files\MagicISO
2007-09-30 16:02 --------- d-----w C:\Program Files\Elaborate Bytes
2007-09-23 12:07 --------- d-----w C:\Documents and Settings\nicola\Application Data\dvdcss
2007-09-21 23:15 60,416 ----a-w C:\fbipukh.exe
2007-09-21 20:33 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-21 20:16 --------- d-----w C:\Program Files\dvdSanta
2007-09-21 20:06 --------- d-----w C:\Program Files\Agogo DVD Ripper
2007-09-21 18:34 --------- d-----w C:\Program Files\SlySoft
2007-09-15 16:59 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-09 18:04 --------- d-----w C:\Program Files\Chord Alchemy 4
2007-09-08 17:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-08 17:37 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-29 17:23 --------- d-----w C:\Program Files\CCleaner
2007-08-29 17:09 --------- d-----w C:\Program Files\Washer
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C61F8DB6-1565-4850-BBCB-9F82B3FB6062}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="-C:\Cpqs\Scom\srmclean.exe" []
"SetRefresh"="-C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" []
"ccApp"="-C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2005-06-23 19:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-14 14:48]
"SSBkgdUpdate"="-C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" []
"PaperPort PTD"="-C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" []
"IndexSearch"="-C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" []
"SetDefPrt"="-C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" []
"ControlCenter2.0"="-C:\Program Files\Brother\ControlCenter2\brctrcen.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"atwtusb"="-atwtusb.exe" []
"PenLock"="-" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="-C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"Washer"="c:\Program Files\Washer\washer.exe" [2002-07-17 04:07]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
C:\Documents and Settings\nicola\Start Menu\Programs\Startup\
CADIX Screen Saver Control.lnk - C:\cadix\screen saver\cssCtrl.exe [2007-07-06 12:40:44]
Quick StartUp.lnk - C:\PENSOFT\fquick32.exe~ [2007-07-06 12:43:54]
Start.lnk - C:\PENSOFT\Quick95.exe~ [2007-07-06 12:43:55]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg]
C:\WINDOWS\system32\jkhfg.dll
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys
R2 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
S3 8fbcf4d0-b0d1-4747-83cb-b55ac1f15f45;8fbcf4d0-b0d1-4747-83cb-b55ac1f15f45;\??\D:\Player\cds300.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-04-05 16:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-24 20:24:34
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-24 20:25:26 - machine was rebooted
.
--- E O F ---
Hi
Open notepad and copy/paste the text in the quotebox below into it:
File::
C:\fbipukh.exe
C:\WINDOWS\system32\jkhfg.dll
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{C61F8DB6-1565-4850-BBCB-9F82B3FB6062}]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkhfg]
Save this as "CFScript"
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif
This will start ComboFix again. After reboot, (in case it asks to reboot), post the contents of Combofix.txt in your next reply together with a new HijackThis log.
cmcveigh
2007-10-27, 11:25
Hi there, thanks for this.
Combofix log:
ComboFix 07-10-26.4 - nicola 2007-10-27 9:18:45.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.244 [GMT 1:00]
Running from: C:\Documents and Settings\nicola\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\nicola\Desktop\CFScript.txt
* Created a new restore point
FILE::
C:\fbipukh.exe
C:\WINDOWS\system32\jkhfg.dll
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\fbipukh.exe
.
((((((((((((((((((((((((( Files Created from 2007-09-27 to 2007-10-27 )))))))))))))))))))))))))))))))
.
2007-10-24 20:11 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-21 21:01 <DIR> d-------- C:\Program Files\Trend Micro
2007-10-20 15:16 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-20 15:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-20 14:58 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-16 20:27 <DIR> d-------- C:\WINDOWS\system32\Kaspersky Lab
2007-10-16 20:27 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-10-09 20:25 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2007-10-07 17:01 <DIR> d-------- C:\Documents and Settings\nicola\Phone Browser
2007-10-07 17:01 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Datalayer
2007-10-07 16:59 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\Nokia
2007-10-07 14:00 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-10-06 17:20 <DIR> d-------- C:\Program Files\DIFX
2007-10-06 17:11 <DIR> d-------- C:\Program Files\Common Files\Nokia
2007-10-06 17:10 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\PC Suite
2007-10-06 17:10 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Suite
2007-10-06 16:35 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2007-10-06 16:35 127,488 --a------ C:\WINDOWS\system32\drivers\nmwcd.sys
2007-10-06 16:35 50,688 --a------ C:\WINDOWS\system32\nmwcdcls.dll
2007-10-06 16:35 30,720 --a------ C:\WINDOWS\system32\nmwcdcocls.dll
2007-10-06 16:35 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcm.sys
2007-10-06 16:35 13,312 --a------ C:\WINDOWS\system32\drivers\nmwcdcj.sys
2007-10-06 16:35 8,704 --a------ C:\WINDOWS\system32\drivers\nmwcdc.sys
2007-10-06 16:35 4,608 --a------ C:\WINDOWS\system32\nmwcdlog.dll
2007-10-06 16:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
2007-10-06 16:33 <DIR> d-------- C:\Program Files\Nokia
2007-10-06 16:33 <DIR> d-------- C:\Program Files\Common Files\PCSuite
2007-10-06 16:32 <DIR> d-------- C:\WINDOWS\Downloaded Installations
2007-10-06 16:27 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2007-10-06 15:48 <DIR> d-------- C:\Documents and Settings\nicola\.housecall6.6
2007-09-30 16:29 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2007-09-30 16:28 <DIR> d-------- C:\Program Files\Juniper
2007-09-30 16:28 323,636 --a------ C:\WINDOWS\system32\IreMgmt.dll
2007-09-30 16:28 143,360 --a------ C:\WINDOWS\system32\nsldap32v50.dll
2007-09-30 16:28 78,848 -ra------ C:\WINDOWS\system32\soedber.dll
2007-09-30 16:28 46,080 -ra------ C:\WINDOWS\system32\soedapi.dll
2007-09-30 16:28 28,160 -ra------ C:\WINDOWS\system32\cstrain.dll
2007-09-30 16:28 23,552 -ra------ C:\WINDOWS\system32\ossapi.dll
2007-09-30 16:28 16,896 -ra------ C:\WINDOWS\system32\ossdmem.dll
2007-09-30 16:28 11,264 -ra------ C:\WINDOWS\system32\soedoid.dll
2007-09-30 12:01 <DIR> d-------- C:\Webroot
2007-09-30 12:01 <DIR> d-------- C:\Quarantine
2007-09-30 12:01 <DIR> d-------- C:\Masters
2007-09-29 15:23 <DIR> d-------- C:\Documents and Settings\nicola\Application Data\AVG7
2007-09-29 15:23 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\AVG7
2007-09-29 15:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\avg7
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-21 21:07 --------- d-----w C:\Documents and Settings\nicola\Application Data\uTorrent
2007-10-07 14:42 --------- d-----w C:\Program Files\Symantec AntiVirus
2007-10-07 14:42 --------- d-----w C:\Program Files\QuickTime
2007-10-07 14:36 --------- d-----w C:\Program Files\iTunes
2007-10-07 14:36 --------- d-----w C:\Program Files\Google
2007-09-30 20:21 --------- d-----w C:\Program Files\AoA DVD Ripper
2007-09-30 20:21 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-09-30 16:25 --------- d-----w C:\Program Files\MagicISO
2007-09-30 16:02 --------- d-----w C:\Program Files\Elaborate Bytes
2007-09-23 12:07 --------- d-----w C:\Documents and Settings\nicola\Application Data\dvdcss
2007-09-21 20:33 --------- d-----w C:\Program Files\Common Files\Ahead
2007-09-21 20:16 --------- d-----w C:\Program Files\dvdSanta
2007-09-21 20:06 --------- d-----w C:\Program Files\Agogo DVD Ripper
2007-09-21 18:34 --------- d-----w C:\Program Files\SlySoft
2007-09-15 16:59 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-15 15:40 --------- d-----w C:\Documents and Settings\All Users\Application Data\Elaborate Bytes
2007-09-09 18:04 --------- d-----w C:\Program Files\Chord Alchemy 4
2007-09-08 17:39 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-09-08 17:37 --------- d-----w C:\Program Files\Microsoft.NET
2007-08-29 17:23 --------- d-----w C:\Program Files\CCleaner
2007-08-29 17:09 --------- d-----w C:\Program Files\Washer
2007-08-21 06:15 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-08-21 06:15 683,520 ------w C:\WINDOWS\system32\dllcache\inetcomm.dll
2007-08-20 10:04 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-08-20 10:04 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-08-20 10:04 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-08-20 10:04 6,058,496 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-08-20 10:04 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-08-20 10:04 477,696 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-08-20 10:04 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-08-20 10:04 44,544 ------w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-08-20 10:04 384,512 ------w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-08-20 10:04 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-08-20 10:04 3,584,512 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-08-20 10:04 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-08-20 10:04 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-08-20 10:04 232,960 ------w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-08-20 10:04 230,400 ------w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-08-20 10:04 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-08-20 10:04 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-08-20 10:04 153,088 ------w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-08-20 10:04 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-08-20 10:04 124,928 ------w C:\WINDOWS\system32\dllcache\advpack.dll
2007-08-20 10:04 105,984 ------w C:\WINDOWS\system32\dllcache\url.dll
2007-08-20 10:04 102,400 ------w C:\WINDOWS\system32\dllcache\occache.dll
2007-08-20 10:04 1,152,000 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-08-17 10:21 625,152 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-08-17 10:20 63,488 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-08-17 10:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-08-17 07:34 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-08-02 16:16 1,047,615 --sha-w C:\WINDOWS\system32\gfhkj.bak1
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2007-07-30 18:19 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-07-30 18:19 549,720 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-07-30 18:19 53,080 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2007-07-30 18:19 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-07-30 18:19 325,976 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-07-30 18:19 203,096 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-07-30 18:19 1,712,984 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-07-30 18:18 33,624 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
.
((((((((((((((((((((((((((((( snapshot@2007-10-24_20.24.52.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-04-02 13:21:27 139,776 ----a-w C:\WINDOWS\system32\swreg.exe
+ 2007-07-22 17:39:27 279,552 ----a-w C:\WINDOWS\system32\swreg.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"srmclean"="-C:\Cpqs\Scom\srmclean.exe" []
"SetRefresh"="-C:\Program Files\Compaq\SetRefresh\SetRefresh.exe" []
"ccApp"="-C:\Program Files\Common Files\Symantec Shared\ccApp.exe" []
"vptray"="C:\PROGRA~1\SYMANT~1\\vptray.exe" [2005-06-23 19:27]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-01-14 14:48]
"SSBkgdUpdate"="-C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" []
"PaperPort PTD"="-C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" []
"IndexSearch"="-C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" []
"SetDefPrt"="-C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe" []
"ControlCenter2.0"="-C:\Program Files\Brother\ControlCenter2\brctrcen.exe" []
"SunJavaUpdateSched"="-C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe" []
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-02-16 10:54]
"iTunesHelper"="-C:\Program Files\iTunes\iTunesHelper.exe" []
"atwtusb"="-atwtusb.exe" []
"PenLock"="-" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [2006-11-28 01:12]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="-C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" []
"Washer"="c:\Program Files\Washer\washer.exe" [2002-07-17 04:07]
"PcSync"="C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe" [2006-06-27 16:21]
C:\Documents and Settings\nicola\Start Menu\Programs\Startup\
CADIX Screen Saver Control.lnk - C:\cadix\screen saver\cssCtrl.exe [2007-07-06 12:40:44]
Quick StartUp.lnk - C:\PENSOFT\fquick32.exe~ [2007-07-06 12:43:54]
Start.lnk - C:\PENSOFT\Quick95.exe~ [2007-07-06 12:43:55]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-11-14 23:18:11]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [2004-04-28 09:22:01]
NetScreen-Remote.lnk - C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe [2007-09-30 16:28:54]
Status Monitor.lnk - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [2007-03-10 18:57:53]
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys
R2 Crypto;Crypto;C:\WINDOWS\system32\drivers\Crypto.sys
R2 IPSECDRV;SafeNet IPSec Plugin;\??\C:\WINDOWS\system32\Drivers\IPSECDRV.sys
R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\Drivers\BrScnUsb.sys
R3 DniVap;SafeNet WAN Miniport (VA);C:\WINDOWS\system32\DRIVERS\vap.sys
S3 8fbcf4d0-b0d1-4747-83cb-b55ac1f15f45;8fbcf4d0-b0d1-4747-83cb-b55ac1f15f45;\??\D:\Player\cds300.dll
.
Contents of the 'Scheduled Tasks' folder
"2007-04-05 16:57:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************
catchme 0.3.1232 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-27 09:20:20
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2007-10-27 9:21:00
C:\ComboFix2.txt ... 2007-10-24 20:25
.
--- E O F ---
cmcveigh
2007-10-27, 11:26
Hijackthis log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:23:47, on 27/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
C:\PROGRA~1\SYMANT~1\vptray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\cadix\screen saver\cssCtrl.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\COMMON~1\PCSuite\DATALA~1\DATALA~1.EXE
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.co.uk/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [srmclean] -C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] -C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [ccApp] -"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SSBkgdUpdate] -"C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] -C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] -C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] -C:\Program Files\Brother\Brmfl05a\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] -C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [SunJavaUpdateSched] -"C:\Program Files\Java\j2re1.4.2_01\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] -"C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [atwtusb] -atwtusb.exe beta
O4 - HKLM\..\Run: [PenLock] -
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] -"C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Washer] c:\Program Files\Washer\washer.exe /0
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: CADIX Screen Saver Control.lnk = C:\cadix\screen saver\cssCtrl.exe
O4 - Startup: Quick StartUp.lnk = ?
O4 - Startup: Start.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: NetScreen-Remote.lnk = C:\Program Files\Juniper\NetScreen-Remote\SafeCfg.exe
O4 - Global Startup: Status Monitor.lnk = C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_01\bin\npjpi142_01.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (a-squared Scanner) - http://ax.emsisoft.com/asquared.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe" (file missing)
O23 - Service: Symantec Password Validation (ccPwdSvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe" (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe" (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\DefWatch.exe" (file missing)
O23 - Service: Google Updater Service (gusvc) - Unknown owner - -"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SafeNet Monitor Service (IPSECMON) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IPSecMon.exe
O23 - Service: SafeNet IKE Service (IreIKE) - SafeNet - C:\Program Files\Juniper\NetScreen-Remote\IreIKE.exe
O23 - Service: SAVRoam (SavRoam) - Unknown owner - -"C:\Program Files\Symantec AntiVirus\SavRoam.exe" (file missing)
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Unknown owner - -"C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe" (file missing)
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Unknown owner - -C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (file missing)
O23 - Service: Symantec AntiVirus - Unknown owner - -"C:\Program Files\Symantec AntiVirus\Rtvscan.exe" (file missing)
O23 - Service: Windows Media Player Network Sharing Service (WMPNetworkSvc) - Unknown owner - -"C:\Program Files\Windows Media Player\WMPNetwk.exe" (file missing)
--
End of file - 8675 bytes
Ok good.
Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information in your next post.
cmcveigh
2007-10-28, 21:10
Hi, and thanks again
Kaspersky log (in two parts I'm afraid):
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, October 28, 2007 6:46:14 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/10/2007
Kaspersky Anti-Virus database records: 447617
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 52962
Number of viruses found: 13
Number of infected objects: 219
Number of suspicious objects: 0
Duration of the scan process: 01:00:40
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde18.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde18.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde20.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde20.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde22.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde22.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde31.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde31.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde9.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBStat.zip/qylwbbhc.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBStat.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBStat1.zip/rbaoohdb.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WinVBStat1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip/mkdsregp.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch1.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip/dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch2.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch4.zip/owinlndt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ZenoSearch4.zip ZIP: infected - 1 skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06040000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ahykdbtn.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\anbyrbmj.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\awqtiyvk.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\cijbfimo.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ckyeaxir.dll.bac_a00532 Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\detadjxw.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\duhduesu.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\efurqbfv.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\elfxeqie.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\enpkpnwa.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\fvbepgjx.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gedsmpwg.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gtnndpra.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\gxwthylt.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\hrwhfrct.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\iccbsugy.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\igvtpven.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\incualry.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ipmwryed.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jaxsnrsc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\jhdgreww.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kdywfmts.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kjrxeaie.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\kutarren.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mljiijh.dll.bac_a00532 Infected: Trojan.Win32.Pakes.akr skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\mqnsawkq.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nnijsjsa.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nsogulca.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\nwvwcmku.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\obfpelph.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ocesqhbd.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\oonkopjc.dll.bac_a00532 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\pcelaiwm.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\phldqdep.dll.bac_a00532 Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qireqvkt.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\qqqxekkl.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rarwxsrj.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rgocsgmc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\rjpnvihe.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\sgeerdlk.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tdiumcia.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thrmbakl.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\thwciied.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tkcuogua.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\tmswihat.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\umjvepdv.dll.bac_a00532 Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\usagkypw.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vgxdccim.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vhenoyfx.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vnruvwcp.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\vsvmlvxf.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wflmivtc.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\whqhgtay.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\wutwkoxr.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\xouxeoca.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\.housecall6.6\Quarantine\ymbdsqvh.exe.bac_a00532 Infected: Trojan.Win32.Agent.bck skipped
C:\Documents and Settings\nicola\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe/data0000.cab/CLONED~1.EXE Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe/data0000.cab Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\Documents and Settings\nicola\Desktop\torrents\Clone Dvd 2\Clone Dvd 2.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\History\History.IE5\MSHist012007102820071029\index.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\nicola\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\nicola\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\nicola\ntuser.dat.LOG Object is locked skipped
C:\qoobox\Quarantine\C\fbipukh.exe.vir Infected: Trojan-Spy.Win32.Banker.eiq skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\bcfwfoib.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\ckyeaxir.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dimrbayy.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fnmhrnsy.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fxlgcebb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fyrnxyra.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jpgjijoe.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\jqmwmavg.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mljiijh.dll.vir Infected: Trojan.Win32.Pakes.akr skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\qhifmuat.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\sxmmibwp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\tubhkjfs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\vhvpusgs.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\xumvddgu.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yefvdrfp.exe.vir Infected: Trojan.Win32.Agent.bck skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yppcwcmv.exe.vir Infected: Trojan.Win32.Agent.bck skipped
cmcveigh
2007-10-28, 21:10
C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip/xpdx.sys Infected: Trojan-Downloader.Win32.Agent.dkc skipped
C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip/core.sys Infected: Rootkit.Win32.Agent.eq skipped
C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip/pmkjk.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip/mljiijh.dll Infected: Trojan.Win32.Pakes.akr skipped
C:\qoobox\Quarantine\catchme2007-10-24_202420.89.zip ZIP: infected - 4 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\tracking.log Object is locked skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021220.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021221.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP163\A0021222.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.r skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021325.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021360.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021392.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP165\A0021435.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP167\A0021473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP167\A0021492.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP168\A0021545.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP169\A0021642.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP171\A0021748.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022091.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022092.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022093.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022094.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022095.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022096.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022097.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022098.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022099.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP174\A0022100.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0023261.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0024251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP178\A0025251.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP179\A0025284.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP179\A0025297.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\A0025372.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\A0026408.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP180\A0026418.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027436.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027443.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027488.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027499.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027500.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027501.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027502.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027503.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027504.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027505.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027506.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027507.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027508.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027509.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027510.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027511.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027512.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027513.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027514.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027515.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027516.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027517.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027518.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027519.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027520.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027521.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027522.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027523.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027524.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027525.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027526.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027527.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027528.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027529.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027530.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027531.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027532.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027533.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027534.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027535.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027536.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027537.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027538.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027539.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027540.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027541.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027542.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027543.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027544.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027545.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027546.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027547.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027548.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027549.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027550.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027551.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027552.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027555.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027564.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0027581.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0028587.dll Infected: Trojan-Spy.Win32.VBStat.h skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0028599.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP181\A0028618.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028627.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028628.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028629.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028630.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028631.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028632.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028633.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028634.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028635.exe Infected: Trojan.Win32.Agent.bck skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028636.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028637.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028639.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028640.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028641.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028642.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.acy skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028653.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.wi skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028654.dll Infected: Trojan.Win32.Pakes.akr skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028670.exe/data0000.cab/CLONED~1.EXE Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028670.exe/data0000.cab Infected: Trojan-Dropper.Win32.VB.oz skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP182\A0028670.exe Rsrc-Package: infected - 2 skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP183\A0028709.exe Infected: Trojan-Spy.Win32.Banker.eiq skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP183\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
Scan process completed.
Ok some infections in quarantines and in system restore. These are easily cleaned.
How is the pc running now ?
cmcveigh
2007-10-30, 10:10
Ok some infections in quarantines and in system restore. These are easily cleaned.
How is the pc running now ?
Hi there,
it's running a lot better now thanks, slowdown's almost non-existent, and I haven't seen a pop up in days!!!
You're a lifesaver!!!
Hi again, it is looking clean now :)
You can remove the tools we used.
Then you should update your Java to the latest version (6u1) Start
Control Panel
Add/Remove Programs
Delete the old Java,
Java 2 Runtime Environment, SE v1.4.2_01
Download the latest version of Java Runtime Environment (JRE) 6u1 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
Click the "Download" button to the right.
Check the box that says: "Accept License Agreement."
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Install it
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Clear your system restore (http://www.microsoft.com/windowsxp/using/helpandsupport/learnmore/tips/mcgill1.mspx)
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use AVG Anti-Spyware (http://www.ewido.net/en/)
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.bleepingcomputer.com/tutorials/tutorial49.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster and more secure browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly. How to enable Automatic Updates? (http://www.bleepingcomputer.com/tutorials/tutorial35.html)
Keep your antivirus (http://forum.malwareremoval.com/viewtopic.php?p=53#53) and firewall (http://forum.malwareremoval.com/viewtopic.php?p=56#56) up-to-date
Scan your computer regularly with you antivirus software.
Read this article by TonyKlein (http://forums.spybot.info/showthread.php?t=279)
So how did I get infected in the first place?
Stand Up and Be Counted ! (http://www.malwarecomplaints.info/index.php)
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe ;)
cmcveigh
2007-10-31, 11:51
Thanks very much Mr_JAk3, I'll do all this tonight!!!
While I've got your attention though, my symantec keeps flashing up the message "auto-protect is disabled" and won't allow me to enable it again - can you shed any light on this??
Hi :)
Hmm that could be something that a repair/re-installation could fix. Maybe some component is missing (just keep the pc offline when you do this).
You do have a up-to-date subscription to it, right?
This topic has been moved to archives. :)
If you need the thread re-opened, please send me a private message (pm) and provide a link.
Applies only to the original poster, anyone else with similar problems please start your own topic.