Shiroc
2008-11-25, 06:08
I believe I have both virtumond and smithfraud on my computer, at least.
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:33 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Stephen Gibson\Desktop\Download\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jgsyilkbluw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gceeglbgfhzmgrtu.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen Gibson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Stephen Gibson\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171751041076
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: bnuthx.dll,C:\WINDOWS\system32\tobirugo.dll gnmnsi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: My Current Home Page - About:Home
--
End of file - 5764 bytes
Here's the Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 24, 2008 19:40:58
Records in database: 1409941
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\
Scan statistics:
Files scanned: 102257
Threat name: 14
Infected objects: 26
Suspicious objects: 1
Duration of the scan: 02:46:06
File name / Threat name / Threats count
winlogon.exe\mlJYrqoL.dll/winlogon.exe\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.gjo 1
C:\WINDOWS\system32\mlJYrqoL.dll/C:\WINDOWS\system32\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.xer 2
C:\Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDsRjk.dll.vir Infected: Trojan.Win32.Agent.anyk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcyWOGA.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rswnw64n.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPiffE.dll.vir Infected: Trojan.Win32.Agent.anyk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOHWqq.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqRHyab.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayaaWoP.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
C:\WINDOWS\system32\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\ssqqnNfe.dll Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\~.exe Infected: Trojan.Win32.Agent.aoyc 1
D:\Backup\mail\Inbox.dbx Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\Backup\mail\Inbox.dbx Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\bigtransfer\Outlook.pst Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\bigtransfer\Outlook.pst Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\bigtransfer\outlookpost\Outlook.pst Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\bigtransfer\outlookpost\Outlook.pst Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\Files and Patches\Programs and Shareware\overnet0.49.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
D:\Files and Patches\Programs and Shareware\overnet0.49.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1
D:\Files and Patches\Programs and Shareware\samuziq1.5.zip Suspicious: Trojan-Downloader.JS.gen 1
D:\Files and Patches\Programs and Shareware\vnc-4.0-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
D:\New Folder\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
The selected area was scanned.
Here's the HJT log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:53:33 PM, on 11/24/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Documents and Settings\Stephen Gibson\Desktop\Download\HiJackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NVMixerTray] "C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe"
O4 - HKLM\..\Run: [nTrayFw] C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nTrayFw.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [lxcdmon.exe] "C:\Program Files\Lexmark 6300 Series\lxcdmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 6300 Series\ezprint.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [jgsyilkbluw] C:\WINDOWS\System32\regsvr32.exe /s "C:\WINDOWS\system32\gceeglbgfhzmgrtu.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Steam] "c:\files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\Stephen Gibson\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\Stephen Gibson\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1171751041076
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: bnuthx.dll,C:\WINDOWS\system32\tobirugo.dll gnmnsi.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: lxcd_device - Unknown owner - C:\WINDOWS\system32\lxcdcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O24 - Desktop Component 0: My Current Home Page - About:Home
--
End of file - 5764 bytes
Here's the Kaspersky log:
--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Monday, November 24, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, November 24, 2008 19:40:58
Records in database: 1409941
--------------------------------------------------------------------------------
Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
F:\
I:\
Scan statistics:
Files scanned: 102257
Threat name: 14
Infected objects: 26
Suspicious objects: 1
Duration of the scan: 02:46:06
File name / Threat name / Threats count
winlogon.exe\mlJYrqoL.dll/winlogon.exe\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.gjo 1
C:\WINDOWS\system32\mlJYrqoL.dll/C:\WINDOWS\system32\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.xer 2
C:\Files\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ddcDsRjk.dll.vir Infected: Trojan.Win32.Agent.anyk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\efcyWOGA.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\rswnw64n.exe.vir Infected: Trojan-Downloader.Win32.Agent.afzg 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\ssqPiffE.dll.vir Infected: Trojan.Win32.Agent.anyk 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqOHWqq.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\urqRHyab.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yayaaWoP.dll.vir Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.f 1
C:\WINDOWS\system32\ID2\CRAFE913.exe Infected: not-a-virus:AdWare.Win32.WebHancer.390 1
C:\WINDOWS\system32\mlJYrqoL.dll Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\ssqqnNfe.dll Infected: Trojan.Win32.Monderb.xer 1
C:\WINDOWS\system32\~.exe Infected: Trojan.Win32.Agent.aoyc 1
D:\Backup\mail\Inbox.dbx Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\Backup\mail\Inbox.dbx Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\bigtransfer\Outlook.pst Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\bigtransfer\Outlook.pst Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\bigtransfer\outlookpost\Outlook.pst Infected: Email-Worm.Win32.Tanatos.b.dam 1
D:\bigtransfer\outlookpost\Outlook.pst Infected: not-a-virus:NetTool.Win32.Calc-FoldingAtHome 1
D:\Files and Patches\Programs and Shareware\overnet0.49.exe Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
D:\Files and Patches\Programs and Shareware\overnet0.49.exe Infected: not-a-virus:AdWare.Win32.Ucmore 1
D:\Files and Patches\Programs and Shareware\samuziq1.5.zip Suspicious: Trojan-Downloader.JS.gen 1
D:\Files and Patches\Programs and Shareware\vnc-4.0-x86_win32_viewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 1
D:\New Folder\mIRC\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 1
The selected area was scanned.