Results 1 to 5 of 5

Thread: Virtumonde/Command Svc

  1. 2008-02-24, 04:13 #1
    sbutton2004
    sbutton2004 is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Virtumonde/Command Svc

    -----------------------------------------------------------------
    KASPERSKY ONLINE SCANNER REPORT
    Friday, February 22, 2008 10:51:42 AM
    Operating System: Microsoft Windows XP Professional, (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 21/02/2008
    Kaspersky Anti-Virus database records: 574609
    -----------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: extended
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer: A:\ C:\ D:\

    Scan Statistics:
    Total number of scanned objects: 33135
    Number of viruses found: 46
    Number of infected objects: 186
    Number of suspicious objects: 0
    Duration of the scan process: 00:34:41

    Infected Object Name / Virus Name / Last Action
    C:\command.exe Infected: Trojan-Downloader.Win32.Agent.axh skipped
    C:\Documents and Settings\Faith\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Faith\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Guest\ntuser.dat Object is locked skipped
    C:\Documents and Settings\Guest\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\user\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\user\Incomplete\T-4076186-Top of Charts - 2005.wma Infected: Trojan-Downloader.WMA.Wimad.k skipped
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\user\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\user\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\user\Local Settings\History\History.IE5\MSHist012008022220080223\index.dat Object is locked skipped
    C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\user\ntuser.dat Object is locked skipped
    C:\Documents and Settings\user\ntuser.dat.LOG Object is locked skipped
    C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
    C:\QooBox\Quarantine\C\20554297.exe.vir Infected: Trojan-Downloader.Win32.Tiny.fy skipped
    C:\QooBox\Quarantine\C\Program Files\Common Files\RACLE~1\wucrtupd.exe.vir Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\QooBox\Quarantine\C\Program Files\Windows NT\bapucom.dll.vir Infected: Trojan.Win32.BHO.ab skipped
    C:\QooBox\Quarantine\C\Program Files\Windows NT\bapucom21.dll.vir Infected: Trojan.Win32.BHO.ab skipped
    C:\QooBox\Quarantine\C\Program Files\Windows NT\bapucom75.dll.vir Infected: Trojan.Win32.BHO.ab skipped
    C:\QooBox\Quarantine\C\Program Files\Windows NT\fsoxyqig.html.vir Infected: Trojan-Clicker.HTML.IFrame.dn skipped
    C:\QooBox\Quarantine\C\Program Files\YMANTE~1\jаvaw.exe.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
    C:\QooBox\Quarantine\C\WINDOWS\aG9tZQ\asappsrv.dll.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\QooBox\Quarantine\C\WINDOWS\aG9tZQ\command.exe.vir Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\QooBox\Quarantine\C\WINDOWS\b104.exe.vir NSIS: infected - 3 skipped
    C:\QooBox\Quarantine\C\WINDOWS\b138.exe.vir Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UDC6_0001_D19M1908NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.ar skipped
    C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\QooBox\Quarantine\C\WINDOWS\Downloaded Program Files\xpreload.ocx.vir Infected: Trojan-Downloader.Win32.VB.ayr skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\awtspnn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\bsyywhvl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\cigsxmcb.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\cxixdrlp.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ohctusb.sys.vir Infected: Trojan.Win32.Kolweb.q skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\drivers\ohctusb.syt.vir Infected: Trojan.Win32.Kolweb.q skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\gebccca.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\gogucyag.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\hgggdab.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\iodohowa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\khxtjcuh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\kimbrprn.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\lguncfla.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\lrorjncr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\mlthyncr.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\mmyjtaac.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\msmapibx32.exe.vir Infected: Trojan.Win32.Agent.box skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\nGpxx01\nGpxx011065.exe.vir Infected: Trojan-Downloader.Win32.VB.cgu skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\nnnkkhh.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\p4\mozildll1.exe.vir Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\ppiqykem.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\qomljhg.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\reginib_unknown.exe.vir Infected: Trojan.Win32.Kolweb.l skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\reginid_unknown.exe.vir Infected: Trojan.Win32.Kolweb.z skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\reginie_unknown.exe.vir Infected: Trojan.Win32.Kolweb.z skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\reginif_unknown.exe.vir Infected: Trojan.Win32.Kolweb.w skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\reginig_unknown.exe.vir Infected: Trojan.Win32.Kolweb.w skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\vfypmwxw.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\vngsgnov.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\vtquxcpm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\wiylyxkl.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\xgkccewo.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\yevub.dll.vir Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\yoiscrpm.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\z6\kiffs83122.exe.vir/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\QooBox\Quarantine\C\WINDOWS\system32\z6\kiffs83122.exe.vir NSIS: infected - 1 skipped
    C:\QooBox\Quarantine\C\WINDOWS\tk58.exe.vir Infected: Trojan.Win32.BHO.ab skipped
    C:\QooBox\Quarantine\C\WINDOWS\WebAssist.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cz skipped
    C:\QooBox\Quarantine\C\WINDOWS\xhelper.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.db skipped
    C:\QooBox\Quarantine\catchme2008-02-20_112718.20.zip/nwlnkfltt.sys Infected: Rootkit.Win32.Agent.to skipped
    C:\QooBox\Quarantine\catchme2008-02-20_112718.20.zip/qomjijj.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\catchme2008-02-20_112718.20.zip/vtuts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\QooBox\Quarantine\catchme2008-02-20_112718.20.zip ZIP: infected - 3 skipped

    ... to be continued...
  2. 2008-02-24, 04:19 #2
    sbutton2004
    sbutton2004 is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default Kaspersky continued...

    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP106\A0019592.sys Infected: Trojan.Win32.Kolweb.q skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP124\A0037706.exe Infected: Trojan-Downloader.Win32.Osel.bx skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP124\A0037707.exe Infected: Trojan-Downloader.Win32.Osel.bx skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP124\A0037708.exe Infected: Trojan-Downloader.Win32.Osel.bx skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP150\A0042566.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP150\A0042567.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP151\A0042570.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP152\A0042586.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP152\A0042587.exe Infected: not-a-virus:AdWare.Win32.Agent.co skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042605.exe Infected: Trojan-Downloader.Win32.Delf.dlk skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042617.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042617.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042618.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042621.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042621.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042622.exe Infected: Trojan.Win32.Scapur.k skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042623.exe Infected: Trojan-Downloader.Win32.Agent.hcm skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042624.exe Infected: Trojan-Downloader.Win32.Agent.hcn skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042631.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042632.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042635.exe Infected: Trojan-Downloader.Win32.Agent.fjn skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042636.exe Infected: Trojan-Downloader.Win32.Agent.ezc skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042637.exe Infected: Trojan-Downloader.Win32.Agent.jig skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042638.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042638.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042639.exe Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042640.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042641.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042643.exe Infected: Trojan-Downloader.Win32.Agent.idv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042647.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042648.exe Infected: Trojan-Downloader.Win32.Agent.ipm skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042650.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042651.exe Infected: Trojan-Downloader.Win32.Adload.qy skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042655.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042906.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042907.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042924.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042942.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042945.exe/data0001 Infected: not-a-virus:AdWare.Win32.PurityScan.gp skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042945.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042946.exe Infected: Trojan.Win32.Scapur.k skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042949.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0042950.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0045970.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0045970.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0045971.exe Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0046958.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0046977.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0049977.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050009.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050030.exe Infected: not-a-virus:Monitor.Win32.NetMon.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050034.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050035.dll Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050037.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050047.dll Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050048.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050048.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050050.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP154\A0050054.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP156\A0051241.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP157\A0051295.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP157\A0051298.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052435.exe Infected: Trojan-Downloader.Win32.VB.cgu skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052436.exe Infected: Trojan-Downloader.Win32.PurityScan.fj skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052437.exe Infected: not-a-virus:AdWare.Win32.PurityScan.gw skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052440.exe Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052441.dll Infected: not-a-virus:AdWare.Win32.BHO.cz skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052442.dll Infected: not-a-virus:AdWare.Win32.Agent.db skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052443.sys Infected: Trojan.Win32.Kolweb.q skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052444.exe Infected: Trojan.Win32.Agent.box skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052446.exe Infected: Trojan.Win32.Kolweb.l skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052447.exe Infected: Trojan.Win32.Kolweb.z skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052448.exe Infected: Trojan.Win32.Kolweb.z skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052449.exe Infected: Trojan.Win32.Kolweb.w skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052450.exe Infected: Trojan.Win32.Kolweb.w skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052451.exe/stream/data0002 Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052451.exe/stream/data0004 Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052451.exe/stream Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052451.exe NSIS: infected - 3 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052452.exe Infected: Trojan-Downloader.Win32.Agent.cbx skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052453.exe Infected: Trojan-Downloader.Win32.Tiny.fy skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052454.dll Infected: not-a-virus:AdWare.Win32.PurityScan.gv skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052455.dll Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052456.dll Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052457.dll Infected: Trojan.Win32.BHO.ab skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052458.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052459.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052460.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052461.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052462.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052463.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052464.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052465.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052466.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052467.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052468.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052469.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052470.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052471.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052472.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052473.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052474.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052475.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052476.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052477.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052478.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052479.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052480.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052491.exe Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052492.exe Infected: Trojan-Downloader.Win32.Small.buy skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052494.exe/data0002 Infected: not-a-virus:AdWare.Win32.TTC.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052494.exe NSIS: infected - 1 skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052495.dll Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052501.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP163\A0052502.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.gen skipped
    C:\System Volume Information\_restore{DD3D8D2F-19AA-423D-BD96-05BDCD205876}\RP165\change.log Object is locked skipped
    C:\WINDOWS\Debug\oakley.log Object is locked skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\0sgonq23.exe Infected: Trojan-Downloader.Win32.Firu.b skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\drivers\Beep.sys Infected: Trojan.Win32.Kolweb.q skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\werwea_unknown.exe Infected: Trojan.Win32.Kolweb.m skipped
    C:\WINDOWS\system32\werwec_unknown.exe Infected: Trojan.Win32.Kolweb.n skipped
    C:\WINDOWS\system32\werwee_unknown.exe Infected: Trojan.Win32.Kolweb.aa skipped
    C:\WINDOWS\system32\werwef_unknown.exe Infected: Trojan.Win32.Kolweb.aa skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
  3. 2008-02-24, 04:22 #3
    sbutton2004
    sbutton2004 is offline
    Junior Member
    Join Date
    Feb 2008
    Posts
    3

    Default HJT file

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 7:43:08 PM, on 2/24/2008
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\PSIService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
    C:\WINDOWS\System32\HPZipm12.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://login.yahoo.com/config/login_verify2?&.src=ym
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: (no name) - {42E93DEC-F579-4940-A578-93538FA9B3D3} - (no file)
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: (no name) - {6434C5B0-227F-78D8-5765-2B00CCBDDDC5} - (no file)
    O2 - BHO: (no name) - {721381B0-B921-4746-BAF1-0BEDD94B1B6C} - (no file)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: (no name) - {85589B5D-D53D-4237-A677-46B82EA275F3} - (no file)
    O2 - BHO: (no name) - {8C5D82E9-9D36-4158-B074-20A87B4928E4} - C:\WINDOWS\system32\reginix86d.dll (file missing)
    O2 - BHO: (no name) - {9A2D1CA8-8C40-4B55-A04E-B55E19BF22D4} - (no file)
    O2 - BHO: (no name) - {ADF08889-BF54-40A8-A4AE-FCABE6229D43} - C:\WINDOWS\system32\werwee.dll (file missing)
    O2 - BHO: (no name) - {B5722497-9542-45D5-AB5B-F4A529FF58CD} - (no file)
    O2 - BHO: (no name) - {B71258BD-425A-4AD1-866E-1C15BEC0C05E} - (no file)
    O2 - BHO: (no name) - {C0EC2A89-C6AA-4E0C-A97B-80F35FBC181B} - (no file)
    O2 - BHO: (no name) - {C870DECE-6863-433C-92B9-2867D99406E5} - (no file)
    O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - (no file)
    O2 - BHO: (no name) - {f6da889d-005c-42d9-a3e7-cb253985b5fd} - (no file)
    O2 - BHO: (no name) - {FCAEB4F8-3C7A-49CC-5D9E-9A0A49A75D64} - (no file)
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunOnce: [SpybotDeletingB7494] command /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\RunOnce: [SpybotDeletingD9037] cmd /c del "C:\WINDOWS\system32\drivers\core.cache.dsk"
    O4 - HKCU\..\Policies\Explorer\Run: [{38379ABA-069E-1033-0225-021212010001}] "C:\Program Files\Common Files\{38379ABA-069E-1033-0225-021212010001}\Update.exe" te-110-12-0000213
    O4 - S-1-5-18 Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe (User 'SYSTEM')
    O4 - .DEFAULT Startup: .lnk = C:\WINDOWS\system32\msmapibx32.exe (User 'Default user')
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\npjpi150_10.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgreens.com/WalgreensActivia.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/wind...?1203439978317
    O20 - Winlogon Notify: ofysmhkd - C:\WINDOWS\
    O20 - Winlogon Notify: qomjijj - C:\WINDOWS\
    O23 - Service: iPod Service - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
    O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\System32\PSIService.exe

    --
    End of file - 6350 bytes




    Sorry this came in 3 separate posts. I tried to keep it in the first 2, but wasn't sure what info could have been left out, so I kept everything.

    Thanks!
  4. 2008-02-24, 15:32 #4
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    You have a pretty good mess here, please review the "Before you Post" instructions, you missed this:
    http://forums.spybot.info/showthread.php?t=425

    Update Your Windows XP.
    You are currently using an unpatched version of Windows XP.
    Before attempting to remove malware, it is CRITICAL that you update to Service Pack 1a.
    Get SP1a here : http://www.microsoft.com/windowsxp/d...1/default.mspx
    You should also get SP2, but NOT NOW, rather only after your machine is clean.
    After updating your Windows to SP1a, post a new HijackThis log please, using the Post Reply button.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  5. 2008-03-02, 14:50 #5
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Due to the lack of feedback this Topic is closed.

    If you need this topic reopened, please request this by sending the moderating team
    a PM with the address of the thread. This applies only to the original topic starter.

    If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

    If it has been less than five days since your last response and you need the thread re-opened, please send me or your helper a private message (pm). A valid, working link to the closed topic is required.

    Everyone else please begin a New Topic.
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules