Results 1 to 7 of 7

Thread: Trojan Downloader.Script.Generic

  1. #1
    Junior Member
    Join Date
    Jan 2008
    Posts
    26

    Default Trojan Downloader.Script.Generic

    Sorry about the earlier post. I hadn't realized the process had changed.


    DDS (Ver_10-03-17.01) - NTFSX64
    Run by Owner at 15:01:12.49 on Sun 08/22/2010
    Internet Explorer: 8.0.6001.18943
    Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.3838.2360 [GMT -5:00]

    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}

    ============== Running Processes ===============

    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe -k rpcss
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k GPSvcGroup
    C:\Windows\system32\SLsvc.exe
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\WLANExt.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    C:\Windows\system32\svchost.exe -k bthsvcs
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
    C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\System32\svchost.exe -k HPZ12
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
    C:\Windows\system32\rundll32.exe
    C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\Java\jre6\bin\jusched.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
    C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2010\avp.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
    C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Program Files (x86)\Webroot\Spy Sweeper\SpySweeper.exe
    C:\Windows\System32\svchost.exe -k WerSvcGroup
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\DRIVERS\xaudio64.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    C:\Program Files (x86)\Hewlett-Packard\Shared\HpqToaster.exe
    c:\Program Files (x86)\Symantec\LiveUpdate\AluSchedulerSvc.exe
    c:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe
    C:\Windows\system32\svchost.exe -k WindowsMobile
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\mobsync.exe
    C:\Users\Owner\Desktop\dds.scr
    C:\Windows\system32\wbem\wmiprvse.exe

    ============== Pseudo HJT Report ===============

    uStart Page = hxxp://www.yahoo.com/
    uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=laptop
    mLocal Page = c:\windows\syswow64\blank.htm
    mWinlogon: Userinit=userinit.exe
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
    BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files (x86)\common files\adobe\acrobat\activex\AcroIEHelper.dll
    BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
    BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ievkbd.dll
    BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
    BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No File
    BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files (x86)\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files (x86)\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files (x86)\google\googletoolbarnotifier\5.4.4525.1752\swg.dll
    BHO: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files (x86)\java\jre6\bin\jp2ssv.dll
    BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    BHO: HP Print Clips: {ffffffff-ff12-44c5-91ec-068e3aa1b2d7} - c:\program files (x86)\hp\smart web printing\hpswp_framework.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    TB: Ask.com Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files (x86)\ask.com\GenericAskToolbar.dll
    TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files (x86)\windows live\toolbar\wltcore.dll
    TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files (x86)\google\google toolbar\GoogleToolbar_32.dll
    uRun: [swg] "c:\program files (x86)\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
    uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
    mRun: [UCam_Menu] "c:\program files (x86)\cyberlink\youcam\muitransfer\muistartmenu.exe" "c:\program files (x86)\cyberlink\youcam" update "software\cyberlink\youcam\1.0"
    mRun: [hpqSRMon] "c:\program files (x86)\hp\digital imaging\bin\hpqSRMon.exe"
    mRun: [hpWirelessAssistant] "c:\program files (x86)\hewlett-packard\hp wireless assistant\HPWAMain.exe"
    mRun: [WAWifiMessage] "c:\program files (x86)\hewlett-packard\hp wireless assistant\WiFiMsg.exe"
    mRun: [Google Desktop Search] "c:\program files (x86)\google\google desktop search\GoogleDesktop.exe" /startup
    mRun: [avp] "c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\avp.exe"
    mRun: [Adobe Reader Speed Launcher] "c:\program files (x86)\adobe\reader 8.0\reader\Reader_sl.exe"
    mRun: [AppleSyncNotifier] c:\program files (x86)\common files\apple\mobile device support\AppleSyncNotifier.exe
    mRun: [QuickTime Task] "c:\program files (x86)\quicktime\QTTask.exe" -atboottime
    mRun: [iTunesHelper] "c:\program files (x86)\itunes\iTunesHelper.exe"
    mRun: [Intuit SyncManager] c:\program files (x86)\common files\intuit\sync\IntuitSyncManager.exe startup
    mRun: [SunJavaUpdateSched] "c:\program files (x86)\common files\java\java update\jaureg.exe" -u auto-update
    uPolicies-explorer: NoDesktopCleanupWizard = 1 (0x1)
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-explorer: ForceActiveDesktopOn = 0 (0x0)
    mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: Add to Anti-Banner - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\ie_banner_deny.htm
    IE: E&xport to Microsoft Excel - c:\progra~2\micros~2\office12\EXCEL.EXE/3000
    IE: Google Sidewiki... - c:\program files (x86)\google\google toolbar\component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files (x86)\windows live\writer\WriterBrowserExtension.dll
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~2\micros~2\office12\ONBttnIE.dll
    IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
    IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {58ECB495-38F0-49cb-A538-10282ABF65E7} - {A93C41D8-01F8-4F8B-B14C-DE20B117E636} - c:\program files (x86)\hp\smart web printing\hpswp_extensions.dll
    IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files (x86)\skype\toolbars\internet explorer\SkypeIEPlugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~2\micros~2\office12\REFIEBAR.DLL
    IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\klwtbbho.dll
    IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files (x86)\spybot - search & destroy\SDHelper.dll
    Trusted Zone: cinemanow.com
    Trusted Zone: intuit.com
    Trusted Zone: intuit.com\ttlc
    DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} - hxxp://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
    DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab
    DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab
    DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
    DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} - hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
    DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files (x86)\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
    Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~2\common~1\skype\SKYPE4~1.DLL
    AppInit_DLLs: c:\progra~2\google\google~3\goec62~1.dll,c:\progra~2\kasper~1\kasper~2\mzvkbd3.dll,c:\progra~2\kasper~1\kasper~2\sbhook.dll
    mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "c:\program files (x86)\common files\lightscribe\LSRunOnce.exe"
    BHO-X64: Windows Live Family Safety Browser Helper Class: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - c:\program files\windows live\family safety\fssbho.dll
    BHO-X64: Windows Live Family Safety Browser Helper - No File
    BHO-X64: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\ievkbd.dll
    BHO-X64: IEVkbdBHO - No File
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO-X64: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    BHO-X64: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.4.4525.1752\swg64.dll
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
    BHO-X64: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - c:\program files (x86)\kaspersky lab\kaspersky internet security 2010\x64\klwtbbho.dll
    BHO-X64: link filter bho - No File
    TB-X64: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files (x86)\google\google toolbar\GoogleToolbar_64.dll
    TB-X64: {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
    TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    mRun-x64: [SynTPEnh] "c:\program files\synaptics\syntp\SynTPEnh.exe"
    mRun-x64: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
    mRun-x64: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
    mRun-x64: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
    AppInit_DLLs-X64: c:\progra~2\kasper~1\kasper~2\x64\sbhook64.dll,c:\progra~2\kasper~1\kasper~2\x64\kloehk.dll
    Hosts: 127.0.0.1 www.spywareinfo.com

    ============= SERVICES / DRIVERS ===============


    ============== File Associations ===============

    JSEFile=c:\windows\syswow64\WScript.exe "%1" %*

    =============== Created Last 30 ================

    2010-08-22 15:37:50 153376 ----a-w- c:\windows\syswow64\javaws.exe
    2010-08-22 15:37:49 145184 ----a-w- c:\windows\syswow64\javaw.exe
    2010-08-22 15:37:48 145184 ----a-w- c:\windows\syswow64\java.exe
    2010-08-21 20:48:16 0 d-----w- c:\programdata\Spybot - Search & Destroy
    2010-08-21 20:48:16 0 d-----w- c:\program files (x86)\Spybot - Search & Destroy
    2010-08-12 07:26:40 81920 ----a-w- c:\windows\syswow64\iccvid.dll
    2010-08-12 07:26:17 50688 ----a-w- c:\windows\system32\rtutils.dll
    2010-08-12 07:26:15 36864 ----a-w- c:\windows\syswow64\rtutils.dll
    2010-08-12 07:25:46 2752000 ----a-w- c:\windows\system32\win32k.sys
    2010-08-12 07:04:04 1426816 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2010-08-12 07:03:37 453120 ----a-w- c:\windows\system32\drivers\srv.sys
    2010-08-12 07:03:36 175104 ----a-w- c:\windows\system32\drivers\srv2.sys
    2010-08-12 07:03:05 274944 ----a-w- c:\windows\syswow64\schannel.dll
    2010-08-12 07:03:04 343040 ----a-w- c:\windows\system32\schannel.dll
    2010-08-12 06:53:53 4697992 ----a-w- c:\windows\system32\ntoskrnl.exe
    2010-08-12 06:51:58 1638912 ----a-w- c:\windows\syswow64\mshtml.tlb
    2010-08-12 06:51:58 1638912 ----a-w- c:\windows\system32\mshtml.tlb
    2010-08-12 06:51:32 1869824 ----a-w- c:\windows\system32\msxml3.dll
    2010-08-12 06:51:30 1248768 ----a-w- c:\windows\syswow64\msxml3.dll
    2010-08-04 03:55:45 11584512 ----a-w- c:\windows\syswow64\shell32.dll
    2010-08-02 02:54:04 65536 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
    2010-08-02 02:54:04 196608 ----a-w- c:\windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
    2010-08-02 02:53:59 3670016 ----a-w- c:\windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
    2010-08-02 02:53:46 0 d-----w- c:\program files\Microsoft ATS
    2010-07-26 23:15:11 0 d-----w- c:\program files\iPod
    2010-07-26 23:15:01 0 d-----w- c:\program files\iTunes
    2010-07-26 22:16:29 629 ----a-w- c:\windows\system32\mapisvc.inf

    ==================== Find3M ====================

    2010-08-22 18:48:12 31871 ----a-w- c:\programdata\nvModes.dat
    2010-08-22 15:36:05 423656 ----a-w- c:\windows\syswow64\deployJava1.dll
    2010-07-30 00:25:34 149773 ----a-w- c:\windows\system32\drivers\klin.dat
    2010-07-30 00:25:33 106765 ----a-w- c:\windows\system32\drivers\klick.dat
    2010-06-26 06:30:12 1147904 ----a-w- c:\windows\system32\wininet.dll
    2010-06-26 06:25:54 77312 ----a-w- c:\windows\system32\iesetup.dll
    2010-06-26 06:25:54 132096 ----a-w- c:\windows\system32\iesysprep.dll
    2010-06-26 06:05:49 916480 ----a-w- c:\windows\syswow64\wininet.dll
    2010-06-26 06:05:41 1210368 ----a-w- c:\windows\syswow64\urlmon.dll
    2010-06-26 06:04:40 206848 ----a-w- c:\windows\syswow64\occache.dll
    2010-06-26 06:03:22 611840 ----a-w- c:\windows\syswow64\mstime.dll
    2010-06-26 06:03:04 5951488 ----a-w- c:\windows\syswow64\mshtml.dll
    2010-06-26 06:03:02 599040 ----a-w- c:\windows\syswow64\msfeeds.dll
    2010-06-26 06:03:02 55296 ----a-w- c:\windows\syswow64\msfeedsbs.dll
    2010-06-26 06:02:31 25600 ----a-w- c:\windows\syswow64\jsproxy.dll
    2010-06-26 06:02:15 71680 ----a-w- c:\windows\syswow64\iesetup.dll
    2010-06-26 06:02:15 1986560 ----a-w- c:\windows\syswow64\iertutil.dll
    2010-06-26 06:02:15 164352 ----a-w- c:\windows\syswow64\ieui.dll
    2010-06-26 06:02:15 109056 ----a-w- c:\windows\syswow64\iesysprep.dll
    2010-06-26 06:02:14 55808 ----a-w- c:\windows\syswow64\iernonce.dll
    2010-06-26 06:02:14 184320 ----a-w- c:\windows\syswow64\iepeers.dll
    2010-06-26 06:02:14 11077120 ----a-w- c:\windows\syswow64\ieframe.dll
    2010-06-26 06:02:09 387584 ----a-w- c:\windows\syswow64\iedkcs32.dll
    2010-06-26 04:47:47 162816 ----a-w- c:\windows\system32\ieUnatt.exe
    2010-06-26 04:25:02 133632 ----a-w- c:\windows\syswow64\ieUnatt.exe
    2010-06-26 04:24:51 173056 ----a-w- c:\windows\syswow64\ie4uinit.exe
    2010-06-26 04:24:17 13312 ----a-w- c:\windows\syswow64\msfeedssync.exe
    2010-06-19 23:25:58 86016 ----a-w- c:\windows\inf\infstor.dat
    2010-06-19 23:25:58 51200 ----a-w- c:\windows\inf\infpub.dat
    2010-06-19 23:25:58 143360 ----a-w- c:\windows\inf\infstrng.dat
    2010-05-26 17:23:46 48128 ----a-w- c:\windows\system32\atmlib.dll
    2010-05-26 17:06:41 34304 ----a-w- c:\windows\syswow64\atmlib.dll
    2010-05-26 15:10:41 366080 ----a-w- c:\windows\system32\atmfd.dll
    2010-05-26 14:47:41 289792 ----a-w- c:\windows\syswow64\atmfd.dll
    2009-11-05 04:40:28 665600 ----a-w- c:\windows\inf\drvindex.dat
    2008-01-21 03:21:59 174 --sha-w- c:\program files\desktop.ini
    2008-01-21 03:21:59 174 --sha-w- c:\program files (x86)\desktop.ini
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
    2006-11-02 15:14:56 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
    2006-11-02 15:14:56 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
    2006-11-02 10:52:12 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
    2006-11-02 10:52:10 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
    2010-03-13 02:27:01 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\cookies\index.dat
    2010-03-13 02:27:01 16384 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\history\history.ie5\index.dat
    2010-03-13 02:27:01 32768 --sha-w- c:\windows\serviceprofiles\localservice\appdata\local\temp\temporary internet files\content.ie5\index.dat
    2009-11-18 23:55:41 245760 --sha-w- c:\windows\serviceprofiles\localservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2009-10-19 03:04:39 245760 --sha-w- c:\windows\serviceprofiles\networkservice\appdata\roaming\microsoft\windows\ietldcache\index.dat
    2008-10-11 21:45:24 22 --sha-w- c:\windows\sminst\HPCD.sys
    2009-11-11 03:59:39 8798780 --sha-w- c:\windows\system32\drivers\fidbox.dat
    2009-11-11 03:59:39 1359932 --sha-w- c:\windows\system32\drivers\fidbox2.dat

    ============= FINISH: 15:22:45.67 ===============

  2. #2
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    What item Kaspersky flags infected?
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  3. #3
    Junior Member
    Join Date
    Jan 2008
    Posts
    26

    Default

    Is this what you are asking for?

    Status: unk: (events: 3)
    8/15/2010 5:41:14 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Common Files\supportsoft\bin\ssrc.exe// data0000.res Low
    8/15/2010 7:15:27 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\PConfig\Data1.cab/ RemoteAssist.exe Low
    8/20/2010 6:26:33 AM unk: 4294967295 legal software that can be used by criminals for damaging your computer or personal data not-a-virus:RemoteAdmin.Win32.WinVNC-based.f File C:\Program Files (x86)\Intuit\QuickBooks 2009\Components\Support\RemoteAssist.exe//SupportSoft Agent Controls.msi//Data1.cab/ssrc.dll//data0000.res/ VncViewer.class Low

  4. #4
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    You may ignore those WinVNC related findings
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  5. #5
    Junior Member
    Join Date
    Jan 2008
    Posts
    26

    Default

    Well I started poking around and found out that I could upgrade to the 2011 Kaspersky which I did. Ran a scan (which took over 12 hours) and woke up this morning to find that the Quickbooks ones are still showing but Kaspersky deleted the Common Files one all by itself. I am no longer getting the prompts from Kaspersky that I have something bad either. Another glorious thing is that my computer is running normal again. I think that Kaspersky 2010 was the culprit the whole time

    I am thinking of uninstalling the Quickbooks just to be safe.

    I think I am clean (well sort of) but want to hear the okay from you.

  6. #6
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Hi,

    Those logs looked ok To help keeping system updated I recommend Secunia Personal Software Inspector (PSI).
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

  7. #7
    Security Expert Blade81's Avatar
    Join Date
    Oct 2006
    Location
    Finland
    Posts
    25,300

    Default

    Since this issue appears to be resolved ... this Topic has been closed. Glad I could help.

    Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

    If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.
    Microsoft Windows Insider MVP 2016
    Microsoft MVP Consumer Security 2008-2015
    UNITE member since 2006

    If you have problems create a thread in the forum, please.

    Malware removal instructions are for the correspondent user's case only.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •