Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Virtumonde and Smitfraud

  1. 2008-02-07, 02:29 #1
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default Virtumonde and Smitfraud

    Spybot shows me having Virtumonde and Smitfraud

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 6:23:04 AM, on 2/6/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Dell\Media Experience\PCMService.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray .exe
    C:\Program Files\Dell\Media Experience\PCMService .exe
    C:\Program Files\Common Files\Symantec Shared\ccApp .exe
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Microsoft IntelliPoint\ipoint .exe
    C:\Program Files\iTunes\iTunesHelper .exe
    C:\Program Files\Common Files\Real\Update_OB\realsched .exe
    C:\WINDOWS\system32\585957595B5759.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\DellSupport\DSAgnt.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mim.exe
    C:\PROGRA~1\ICQ\ICQ.exe
    C:\Program Files\QuickTime\qttask .exe
    C:\Program Files\AIM6\aim6.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    C:\Documents and Settings\Jill\Application Data\??mantec\n?tepad.exe
    C:\Program Files\Insider\Insider.exe
    C:\PROGRA~1\COMMON~1\rmuk\rmukm.exe
    C:\Program Files\DellSupport\DSAgnt .exe
    C:\Program Files\Dot1XCfg\Dot1XCfg .exe
    C:\Program Files\Dell Support Center\bin\sprtcmd .exe
    C:\Program Files\Windows Media Player\WMPNSCFG .exe
    C:\Program Files\AIM6\aim6 .exe
    C:\PROGRA~1\COMMON~1\rmuk\rmukm .exe
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\MMDiag.exe
    C:\Program Files\Insider\Insider .exe
    C:\Program Files\CheckIt\86\CheckIt86.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Common Files\AOL\Loader\aolload.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Program Files\AIM6\aolsoftware.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
    C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\System32\imapi.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
    F3 - REG:win.ini: load=C:\WINDOWS\system32\ssttu.exe
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {3A47C895-0D07-76FA-5317-5200B7BC8D9C} - C:\WINDOWS\system32\phjexs.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {79A24AEE-237F-4FE0-A9AB-A3E71C0C1CE7} - C:\WINDOWS\system32\ssttu.dll
    O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {960B571F-B30D-4380-9B71-2054BA1633CC} - C:\WINDOWS\system32\vtutu.dll (file missing)
    O2 - BHO: (no name) - {98663E21-9CCE-4CF6-863C-911A9523A66F} - C:\WINDOWS\system32\awtrrrs.dll
    O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\khbxfwte.dll
    O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
    O2 - BHO: {50ebacc0-f3c9-b11a-2c54-4e97ba965b5c} - {c5b569ab-79e4-45c2-a11b-9c3f0ccabe05} - C:\WINDOWS\system32\nsgflalf.dll
    O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu572.exe 61A847B5BBF728173599284503996897C881250221C8670836AC4FA7C8833201749139
    O4 - HKLM\..\Run: [AEAFADAFB1ADAFB0] 585957595B5759.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKLM\..\Run: [34b5d872] rundll32.exe "C:\WINDOWS\system32\fiayvdua.dll",b
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [kdx] C:\WINDOWS\kdx\KHost .exe
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - HKCU\..\Run: [Aida] "C:\DOCUME~1\Jill\MYDOCU~1\SSTEM~1\regsvr32.exe" -vt yazb
    O4 - HKCU\..\Run: [Zomqnps] "C:\Documents and Settings\Jill\Application Data\??mantec\n?tepad.exe"
    O4 - HKCU\..\Run: [Insider] C:\Program Files\Insider\Insider.exe
    O4 - HKCU\..\Run: [rmuk] C:\PROGRA~1\COMMON~1\rmuk\rmukm .exe
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
    O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
    O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Point Alert - {16BF42FD-CA0A-4f48-819D-B0343254DD67} - file://C:\Program Files\MyPointsPointAlert\System\Temp\mypoints_script0.htm (file missing) (HKCU)
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {084F552D-19EB-4668-9788-984CBC781A8F} - http://survey.otxresearch.com/Preloader.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
    O20 - Winlogon Notify: awtrrrs - C:\WINDOWS\SYSTEM32\awtrrrs.dll
    O20 - Winlogon Notify: khbxfwte - C:\WINDOWS\SYSTEM32\khbxfwte.dll
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 13536 bytes
  2. 2008-02-07, 02:33 #2
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default My Kaspersky

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 03, 2008 7:08:10 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 3/02/2008
    Kaspersky Anti-Virus database records: 546374
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 190837
    Number of viruses found: 43
    Number of infected objects: 269
    Number of suspicious objects: 2
    Duration of the scan process: 08:03:40

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\cfgdata.log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt .log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt .log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
    C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\ApplicationHistory\sprtcmd .exe.1ecb8e9b.ini.inuse Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip/My-Pr...H0t-Movies.exe Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\SupportSoft\DellSupportCenter\Jill\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\JETCAA.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C3C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C42.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C45.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C60.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C63.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C66.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX80E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX814.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX817.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX81D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX820.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX824.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX82D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX833.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX836.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX839.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX83C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9DE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E7.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9ED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9FE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA0D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA10.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA13.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA2A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA30.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA39.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA4A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA59.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA6F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA7E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA8E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA91.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA98.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA9E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA1.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA8.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXACA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD0.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXADA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAEB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF2.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF5.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFF.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB02.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB03.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB09.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB12.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB18.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB1B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB21.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB4B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB54.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB62.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB69.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB72.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB7B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC68.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC6E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC76.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC7C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C4C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C6A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP4BC.tmp Infected: Trojan-Downloader.Win32.Agent.hcn skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9EF.tmp Infected: Trojan-Downloader.Win32.Adload.pr skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F2.tmp Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F5.tmp Infected: not-a-virus:AdWare.Win32.Insider.a skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPA1A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPA89.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPAAC.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPAE8.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPB04.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPC77.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPC8A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E72.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E80.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF661D.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF98F6.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF993B.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip ZIP: infected - 4 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
  3. 2008-02-07, 02:34 #3
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default My Kaspersky part 1

    -------------------------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Sunday, February 03, 2008 7:08:10 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 3/02/2008
    Kaspersky Anti-Virus database records: 546374
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    C:\
    D:\
    E:\
    F:\
    G:\
    H:\
    I:\
    J:\

    Scan Statistics:
    Total number of scanned objects: 190837
    Number of viruses found: 43
    Number of infected objects: 269
    Number of suspicious objects: 2
    Duration of the scan process: 08:03:40

    Infected Object Name / Virus Name / Last Action
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip/v1.8.6/wbuninst.exe Suspicious: Password-protected-EXE skipped
    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WebBuyingAssistant.zip ZIP: suspicious - 1 skipped
    C:\Documents and Settings\All Users\Application Data\SupportSoft\DellSupportCenter\SYSTEM\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\cfgdata.log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\DSAgnt .log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\gdql_d_DSAgnt .log Object is locked skipped
    C:\Documents and Settings\Jill\Application Data\GTek\GTUpdate\AUpdate\DellSupport\glog.log Object is locked skipped
    C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\AOL OCP\AIM\Storage\All Users\localStorage\common.cls Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\ApplicationHistory\sprtcmd .exe.1ecb8e9b.ini.inuse Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip/My-Pr...H0t-Movies.exe Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst/Personal Folders/Deleted Items/06 Nov 2003 05:41 from kutties@aol.com:Hi/MyMovie.zip Infected: not-a-virus:Porn-Tool.Win32.Livsex skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Mail MS Mail: infected - 2 skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjbaltlog.txt Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\mmjblog.txt Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\Jukebox\Portables.log Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.ldb Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\Musicmatch\MIM\Database\Default.mdb Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Application Data\SupportSoft\DellSupportCenter\Jill\state\logs\sprtcmd.log Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\History\History.IE5\MSHist012008020320080204\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\!update.exe Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\JETCAA.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C3C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C42.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C45.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C60.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C63.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX1C66.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX80E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX814.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX817.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX81D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX820.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX824.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX82D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX833.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX836.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX839.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX83C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9DE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9E7.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9ED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCX9FE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA0D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA10.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA13.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA2A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA30.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA33.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA39.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA4A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA59.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA6F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA75.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA7E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA8E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA91.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA98.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXA9E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA1.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAA8.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXACA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD0.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAD4.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXADA.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAEB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAED.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF2.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAF5.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFB.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFC.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFE.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXAFF.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB02.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB03.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB09.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB12.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB18.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB1B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB21.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB4B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB51.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB54.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB5D.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB62.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB69.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB72.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB78.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB7B.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXB81.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC5F.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC68.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC6E.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC76.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC7C.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\RCXC86.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C4C.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP1C6A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP4BC.tmp Infected: Trojan-Downloader.Win32.Agent.hcn skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9EF.tmp Infected: Trojan-Downloader.Win32.Adload.pr skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F2.tmp Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMP9F5.tmp Infected: not-a-virus:AdWare.Win32.Insider.a skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPA1A.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPA89.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPAAC.tmp Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPAE8.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPB04.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPC77.tmp Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\TMPC8A.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe/data0003 Infected: Trojan.Win32.Scapur.k skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\yazzsnet.exe NSIS: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E72.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF5E80.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF661D.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF98F6.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temp\~DF993B.tmp Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\!update-4495[1].0000 Infected: Trojan-Downloader.Win32.PurityScan.fk skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip/b104.exe Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\718f466754402ac597de014577627f96[1].zip ZIP: infected - 4 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AJ0UO4QI\hctp[2] Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
  4. 2008-02-07, 02:35 #4
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default Kaspersky Part 2

    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\26453da423d82a5fc6fae941d05f1151[1].zip/b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\26453da423d82a5fc6fae941d05f1151[1].zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\8154ff2675af1b6e0677560871425153[1].zip/b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\8154ff2675af1b6e0677560871425153[1].zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file1 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file2 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe/file4 Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\installer[1].exe Inno: infected - 3 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\AKCHRJ7L\ptch[1] Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\B14FSCAV\flash3[1].swf Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\I7GOA4D0\c1f5cc94a30f082054f3a00e6655462d[1].zip/b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\I7GOA4D0\c1f5cc94a30f082054f3a00e6655462d[1].zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\a8f5a020e4b833865a1034489887c8b9[1].zip/b122.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\a8f5a020e4b833865a1034489887c8b9[1].zip ZIP: infected - 1 skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\installax_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\wintouch.prod.v10015.11dec2007.exe[1].4ccc08fb3ce7ead370a0f9da32f020e7 Infected: Trojan-Downloader.Win32.Agent.hcn skipped
    C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\L29KAE12\wtrec.prod.v10006.11dec2007.exe[1].c516a643c558a4d4daa4efafd47eff15 Infected: Trojan-Downloader.Win32.Agent.hcm skipped
    C:\Documents and Settings\Jill\My Documents\sуstem\regsvr32 .exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\Documents and Settings\Jill\My Documents\sуstem\regsvr32.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Documents and Settings\Jill\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Jill\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
    C:\Exe files\mirc612.exe mIRC: infected - 1 skipped
    C:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
    C:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
    C:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
    C:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
    C:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
    C:\Exe files\recipes.exe NSIS: infected - 2 skipped
    C:\Program Files\AIM6\aim6.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Common Files\rmuk\rmuka.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
    C:\Program Files\Common Files\rmuk\rmuka.lck Object is locked skipped
    C:\Program Files\Common Files\rmuk\rmukl.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
    C:\Program Files\Common Files\rmuk\rmukm .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Common Files\rmuk\rmukm.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Common Files\rmuk\rmukm.lck Object is locked skipped
    C:\Program Files\Common Files\rmuk\rmukp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
    C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\ComPlus Applications\vihy455101.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\Program Files\Dell\Media Experience\PCMService.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Dell Support Center\bin\sprtcmd.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\DellSupport\DSAgnt.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Dot1XCfg\Dot1XCfg .exe Infected: Trojan-Downloader.Win32.Adload.pr skipped
    C:\Program Files\Dot1XCfg\Dot1XCfg.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\ICQ\ICQNet.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Insider\Insider .exe Infected: not-a-virus:AdWare.Win32.Insider.a skipped
    C:\Program Files\Insider\Insider.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\iTunes\iTunesHelper.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Messenger\msmsgs.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Microsoft IntelliPoint\ipoint.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
    C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Norton AntiVirus\Quarantine\01C00457 Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\0A6365B0 Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1B441840/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1B441840 ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1B441840 CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A/readme.scr Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\1ED8532A CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\357142E0 Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\3766543C/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\3766543C ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\3766543C CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\39994205/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\39994205 ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\39994205 CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\53B82545/document.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\53B82545 ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\53B82545 CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\661A6355/doc.scr Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\661A6355 ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\661A6355 CryptFF: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7D813716/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7D813716 ZIP: infected - 1 skipped
    C:\Program Files\Norton AntiVirus\Quarantine\7D813716 CryptFF: infected - 1 skipped
    C:\Program Files\QuickTime\qttask .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\QuickTime\qttask .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\QuickTime\qttask.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\Program Files\Windows Media Player\WMPNSCFG.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\spoolsv .exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\QooBox\Quarantine\C\Program Files\Common Files\WNSXS~1\spoolsv.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\QooBox\Quarantine\C\Program Files\MSN\dicovu.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
    C:\QooBox\Quarantine\C\Program Files\Temporary\kernInst.exe.vir Infected: Trojan.Win32.Agent.edq skipped
    C:\QooBox\Quarantine\C\WINDOWS\b122.exe.vir Infected: Trojan-Downloader.Win32.Agent.hvj skipped
    C:\QooBox\Quarantine\C\WINDOWS\PPATCH~1\rеgedit.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gs skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ctfmon.exe.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\fvjncq.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gt skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ljjgggd.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\RCX49.tmp.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssttu.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
    C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\ssttu.exe.vir Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\byxuurs.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
    C:\VundoFix Backups\DSentry.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\ljjgggd.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dxb skipped
    C:\VundoFix Backups\mrofinu1000106.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\mrofinu572.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\NeroCheck.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\ssttu.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
    C:\VundoFix Backups\ssttu.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\VundoFix Backups\tfswctrl.exe.bad Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\b103.exe Infected: not-a-virus:AdWare.Win32.Rond.d skipped
    C:\WINDOWS\b104.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\WINDOWS\b104.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\WINDOWS\b104.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\WINDOWS\b104.exe NSIS: infected - 3 skipped
    C:\WINDOWS\b116.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
    C:\WINDOWS\b122.exe Infected: Trojan-Downloader.Win32.Agent.hvj skipped
    C:\WINDOWS\b138.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\WINDOWS\b147.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\kdx\KHost .exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\kdx\KHost.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\mrofinu572.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\mrofinu572.exe.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SmlsbA\asappsrv.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\WINDOWS\SmlsbA\command.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\585957595B5759.exe Infected: Trojan-Downloader.Win32.VB.chy skipped
    C:\WINDOWS\SYSTEM32\awtrrrs.dll Infected: Trojan.Win32.BHO.auf skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
    C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
    C:\WINDOWS\SYSTEM32\cpcgjlzw.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\core.cache.dsk Object is locked skipped
    C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKSPXX.sys Object is locked skipped
    C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
    C:\WINDOWS\SYSTEM32\hdkexuyi.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gip skipped
    C:\WINDOWS\SYSTEM32\hmirxlvo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dnn skipped
    C:\WINDOWS\SYSTEM32\jubirkyd.dll Infected: not-a-virus:AdWare.Win32.SuperJuan.auj skipped
    C:\WINDOWS\SYSTEM32\nGpxx01\nGpxx011065.exe Infected: Trojan-Downloader.Win32.VB.cge skipped
    C:\WINDOWS\SYSTEM32\phjexs.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\WINDOWS\SYSTEM32\RCX35.tmp Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\SYSTEM32\ssttu.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.dyx skipped
    C:\WINDOWS\SYSTEM32\ssttu.exe Infected: Trojan-Dropper.Win32.Agent.dgo skipped
    C:\WINDOWS\SYSTEM32\vtussqr.dll Infected: Trojan.Win32.BHO.auf skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
    C:\WINDOWS\WIASERVC.LOG Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    H:\Exe files\mirc612.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
    H:\Exe files\mirc612.exe mIRC: infected - 1 skipped
    H:\Exe files\recipefinder.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.az skipped
    H:\Exe files\recipefinder.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.az skipped
    H:\Exe files\recipefinder.exe NSIS: infected - 2 skipped
    H:\Exe files\recipes.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
    H:\Exe files\recipes.exe/stream Infected: not-a-virus:AdWare.Win32.Comet.ay skipped
    H:\Exe files\recipes.exe NSIS: infected - 2 skipped
    H:\Program Files\mIRC\backup\mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.612 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\01C00457 Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\0A6365B0 Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1B441840/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1B441840 ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1B441840 CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A/readme.scr Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\1ED8532A CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\357142E0 Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\3766543C/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\3766543C ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\3766543C CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\39994205/readme.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\39994205 ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\39994205 CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\53B82545/document.htm .exe Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\53B82545 ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\53B82545 CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\661A6355/doc.scr Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\661A6355 ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\661A6355 CryptFF: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\7D813716/document.pif Infected: Email-Worm.Win32.Mydoom.a skipped
    H:\Program Files\Norton AntiVirus\Quarantine\7D813716 ZIP: infected - 1 skipped
    H:\Program Files\Norton AntiVirus\Quarantine\7D813716 CryptFF: infected - 1 skipped
    H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
  5. 2008-02-08, 02:16 #5
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default

    Anyone?
  6. 2008-02-12, 11:05 #6
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi dearpie

    Click here to download HJTInstall.exe
    • Save HJTInstall.exe to your desktop.
    • Doubleclick on the HJTInstall.exe icon on your desktop.
    • By default it will install to C:\Program Files\Trend Micro\HijackThis .
    • Click on Install.
    • It will create a HijackThis icon on the desktop.
    • Once installed, it will launch Hijackthis. Close it.
    • Rename HijackThis.exe to dearpie.exe.
    • Open HijackThis.
    • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT use the AnalyseThis button, its findings are dangerous if misinterpreted.
    • DO NOT have Hijackthis fix anything yet. Most of what it finds will be harmless or even required.
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  7. 2008-02-12, 15:20 #7
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default Virtumonde Problems

    Here is my HJT
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:14:59 AM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CheckIt\86\CheckIt86.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
    O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
    O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8269 bytes
  8. 2008-02-12, 16:47 #8
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    Merged two topics. I think you missed the instructions here: "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    The Waiting Room: Post here if waiting for help longer than four days

    Shaba responded to you above.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
  9. 2008-02-12, 17:04 #9
    Shaba
    Shaba is offline
    Security Expert: Emeritus
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    29,374

    Default

    Hi dearpie

    Just follow my previous instructions and if you don't understand something, just ask
    Microsoft MVP Consumer Security 2008-2011

    Member of ASAP and UNITE since 2006
  10. 2008-02-13, 00:47 #10
    dearpie
    dearpie is offline
    Junior Member
    Join Date
    Jan 2008
    Posts
    9

    Default Latest HJT and Kaspersky

    What is a PM?

    Here is my latest
    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 7:14:59 AM, on 2/12/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\Program Files\CheckIt\86\CheckIt86.exe
    C:\Program Files\Digital Line Detect\DLG.exe
    C:\Program Files\Southwest Airlines\Ding\Ding.exe
    C:\Documents and Settings\Jill\Desktop\HiJackThis_v2.exe

    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: CheckIt 86 - {82DF1118-9B92-45d8-B78F-1737A69A06E1} - C:\Program Files\CheckIt\86\CheckIt86.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Snap Shots - {BB81C3DB-2DEA-4AE9-96B3-13E6661FF03B} - C:\Program Files\Snap Shots\snapbar.dll
    O3 - Toolbar: Snap Shots - {8CD8EA48-D284-477E-B6DF-85D1E39D855F} - C:\Program Files\Snap Shots\snapbar.dll
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
    O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
    O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
    O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [dscactivate] "C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
    O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
    O4 - HKCU\..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-US ee://aol/imApp
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [DellSupportCenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P DellSupportCenter
    O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
    O4 - Startup: DING!.lnk = C:\Program Files\Southwest Airlines\Ding\Ding.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CheckIt 86.lnk = C:\Program Files\CheckIt\86\CheckIt86.exe
    O4 - Global Startup: Digital Line Detect.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
    O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZSzeb001
    O8 - Extra context menu item: Add To CheckIt &86 Trust List - C:\PROGRA~1\CheckIt\86\AddToTrustList.js
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra 'Tools' menuitem: CheckIt &86 - {2887F316-8C6C-47ae-A462-D2C9739D2C3D} - C:\PROGRA~1\CheckIt\86\CheckIt86.exe
    O9 - Extra button: Travelaxe - {32A32D38-B8ED-4b3f-AFD0-EF23B697B5C1} - C:\Program Files\Travelaxe\Travelaxe.exe
    O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {A7ECD556-D6F6-4F41-8C6B-14AB246801A0} (Secure Delivery) - http://kdx.kontiki.com/kdx/Client403/kdx.cab
    O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
    O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
    O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: SupportSoft Sprocket Service (dellsupportcenter) (sprtsvc_dellsupportcenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

    --
    End of file - 8269 bytes
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules