PDA

View Full Version : Trojan Downloader.Script.Generic



gomper01
2010-08-23, 01:58
Sorry about the earlier post. I hadn't realized the process had changed.


DDS (Ver_10-03-17.01) - NTFSX64
Run by Owner at 15:01:12.49 on Sun 08/22/2010
Internet Explorer: 8.0.6001.18943
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2360 [GMT -5:00]

SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio64.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\mobsync.exe
C:\Users\Owner\Desktop\dds.scr
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
mLocal Page = c:\windows\syswow64\blank.htm
mWinlogon: Userinit=userinit.exe
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files (x86)\hp\smart web printing\hpswp_framework.dll
TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
mRun: [hpqSRMon] "c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe"
mRun: [hpWirelessAssistant] "c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe"
mRun: [WAWifiMessage] "c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [avp] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
mRun: [Intuit SyncManager] c:\program files (x86)\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jaureg.exe" -u auto-update
uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files (x86)\hp\smart web printing\hpswp_extensions.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
Trusted Zone: cinemanow.com
Trusted Zone: intuit.com
Trusted Zone: intuit.com\ttlc
DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
AppInit_DLLs: c:\progra~2\google\google~3\goec62~1.dll,c:\progra~2\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~2\sbhook.dll
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
BHO-X64: Windows Live Family Safety Browser Helper - No File
BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
BHO-X64: IEVkbdBHO - No File
BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
BHO-X64: link filter bho - No File
TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~2\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~2\x64\kloehk.dll
Hosts: 127.0.0.1 www.spywareinfo.com

============= SERVICES / DRIVERS ===============


============== File Associations ===============

JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

=============== Created Last 30 ================

2010-08-22 15:37:50 153376 ----a-w- c:\windows\syswow64\javaws.exe
2010-08-22 15:37:49 145184 ----a-w- c:\windows\syswow64\javaw.exe
2010-08-22 15:37:48 145184 ----a-w- c:\windows\syswow64\java.exe
2010-08-21 20:48:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
2010-08-21 20:48:16 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
2010-08-12 07:26:40 81920 ----a-w- c:\windows\syswow64\iccvid.dll
2010-08-12 07:26:17 50688 ----a-w- c:\windows\system32\rtutils.dll
2010-08-12 07:26:15 36864 ----a-w- c:\windows\syswow64\rtutils.dll
2010-08-12 07:25:46 2752000 ----a-w- c:\windows\system32\win32k.sys
2010-08-12 07:04:04 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-08-12 07:03:37 453120 ----a-w- c:\windows\system32\drivers\srv.sys
2010-08-12 07:03:36 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-08-12 07:03:05 274944 ----a-w- c:\windows\syswow64\schannel.dll
2010-08-12 07:03:04 343040 ----a-w- c:\windows\system32\schannel.dll
2010-08-12 06:53:53 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-08-12 06:51:58 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
2010-08-12 06:51:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-08-12 06:51:32 1869824 ----a-w- c:\windows\system32\msxml3.dll
2010-08-12 06:51:30 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
2010-08-04 03:55:45 11584512 ----a-w- c:\windows\syswow64\shell32.dll
2010-08-02 02:54:04 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2010-08-02 02:54:04 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2010-08-02 02:53:59 3670016 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2010-08-02 02:53:46 0 d-----w- c:\program files\Microsoft ATS
2010-07-26 23:15:11 0 d-----w- c:\program files\iPod
2010-07-26 23:15:01 0 d-----w- c:\program files\iTunes
2010-07-26 22:16:29 629 ----a-w- c:\windows\system32\mapisvc.inf

==================== Find3M ====================

2010-08-22 18:48:12 31871 ----a-w- c:\programdata\nvModes.dat
2010-08-22 15:36:05 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
2010-07-30 00:25:34 149773 ----a-w- c:\windows\system32\drivers\klin.dat
2010-07-30 00:25:33 106765 ----a-w- c:\windows\system32\drivers\klick.dat
2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
2010-06-19 23:25:58 86016 ----a-w- c:\windows\inf\infstor.dat
2010-06-19 23:25:58 51200 ----a-w- c:\windows\inf\infpub.dat
2010-06-19 23:25:58 143360 ----a-w- c:\windows\inf\infstrng.dat
2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
2009-11-05 04:40:28 665600 ----a-w- c:\windows\inf\drvindex.dat
2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2010-03-13 02:27:01 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
2010-03-13 02:27:01 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
2010-03-13 02:27:01 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
2009-11-18 23:55:41 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2009-10-19 03:04:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
2008-10-11 21:45:24 22 --sha-w- c:\windows\sminst\HPCD.sys
2009-11-11 03:59:39 8798780 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-11-11 03:59:39 1359932 --sha-w- c:\windows\system32\drivers\fidbox2.dat

============= FINISH: 15:22:45.67 ===============

Blade81
2010-08-27, 21:59
Hi,

What item Kaspersky flags infected?

gomper01
2010-08-28, 03:59
Is this what you are asking for?

Status: unk: (events: 3)
8/15/2010 5:41:14 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe// data0000.res Low
8/15/2010 7:15:27 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab/ RemoteAssist.exe Low
8/20/2010 6:26:33 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\Support\RemoteAssist.exe//SupportSoft Agent Controls.msi//Data1.cab/ssrc.dll//data0000.res/ VncViewer.class Low

Blade81
2010-08-28, 11:07
Hi,

You may ignore those WinVNC related findings :)

gomper01
2010-08-29, 16:47
Well I started poking around and found out that I could upgrade to the 2011 Kaspersky which I did. Ran a scan (which took over 12 hours) and woke up this morning to find that the Quickbooks ones are still showing but Kaspersky deleted the Common Files one all by itself. I am no longer getting the prompts from Kaspersky that I have something bad either. Another glorious thing is that my computer is running normal again. I think that Kaspersky 2010 was the culprit the whole time

I am thinking of uninstalling the Quickbooks just to be safe.

I think I am clean (well sort of) but want to hear the okay from you.

Blade81
2010-08-29, 16:59
Hi,

Those logs looked ok :) To help keeping system updated I recommend Secunia Personal Software Inspector (PSI) (http://secunia.com/vulnerability_scanning/personal/).

Blade81
2010-09-04, 12:38
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.