Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Nasty Virtumonde Variant?


  • This topic is locked This topic is locked
2 replies to this topic

#1 Vengence_Irl

Vengence_Irl

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:02:42 AM

Posted 13 May 2008 - 12:59 PM

I was wondering if someone could review my logs.

Today I discovered something that looked like a virtumonde.dll infection on my laptop and I attempted to remove using a combination of safemode, spybot s&d, adaware 2007 & a virtumonde removal tool.
Any help on the matter is appreciated.


Deckard's System Scanner v20071014.68
Run by TF on 2008-05-13 18:47:33
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as TF.exe) --------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:47:43, on 13/05/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\eBoostr\EBstrSvc.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\StacSV.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
C:\Program Files\UPHClean\uphclean.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
C:\Program Files\Raxco\PerfectDisk\PDSched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\DellTPad\HidFind.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellTPad\Apntex.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\eBoostr\eBoostrCP.exe
C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\PowerMenu\PowerMenu.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\internet explorer\iexplore.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\TF\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\THOMAS~1.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=6070713
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.ie/ig/dell?hl=en&client=dell-row-rel&channel=ie&ibd=6070713
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = staff-proxy.ul.ie:8080
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\quickset.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ITSecMng] %ProgramFiles%\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe /START
O4 - HKLM\..\Run: [SecureUpgrade] C:\Program Files\Wave Systems Corp\SecureUpgrade.exe
O4 - HKLM\..\Run: [EmbassySecurityCheck] "C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe"
O4 - HKLM\..\Run: [ChangeTPMAuth] C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe /T:NTRU12
O4 - HKLM\..\Run: [NSLauncher] C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: PowerMenu.lnk = C:\Program Files\PowerMenu\PowerMenu.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: eBoostr Control Panel.lnk = C:\Program Files\eBoostr\eBoostrCP.exe
O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Bonjour - {7F9DB11C-E358-4ca6-A83D-ACC663939424} - C:\Program Files\Bonjour\ExplorerPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://*.staffexchange1.ul.ie
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1184775971656
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} (DLC Class) - https://transfers.ds.microsoft.com/FTM/Tran...ransferCtrl.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: gemsafe - C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: eBoostr Service (EBOOSTRSVC) - Unknown owner - C:\Program Files\eBoostr\EBstrSvc.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.802.22438 (GoogleDesktopManager-022208-143751) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel® PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SecureStorageService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Secure Storage Manager\SecureStorageService.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\StacSV.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NTRU TSS v1.2.1.25 TCS (tcsd_win32.exe) - Unknown owner - C:\Program Files\NTRU Cryptosystems\NTRU TCG Software Stack\bin\tcsd_win32.exe
O23 - Service: TdmService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
O23 - Service: WaveEnrollmentService - Wave Systems Corp. - C:\Program Files\Wave Systems Corp\Authentication Manager\WaveEnrollmentService.exe
O23 - Service: Intel® PROSet/Wireless SSO Service (WLANKEEPER) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe

--
End of file - 13315 bytes

-- Files created between 2008-04-13 and 2008-05-13 -----------------------------

2008-05-13 18:19:30 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-05-13 18:19:29 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-05-13 18:19:05 0 d-------- C:\Program Files\Trend Micro
2008-05-13 15:42:27 68096 --a------ C:\WINDOWS\zip.exe
2008-05-13 15:42:27 49152 --a------ C:\WINDOWS\VFind.exe
2008-05-13 15:42:27 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-05-13 15:42:27 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-05-13 15:42:27 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-05-13 15:42:27 98816 --a------ C:\WINDOWS\sed.exe
2008-05-13 15:42:27 80412 --a------ C:\WINDOWS\grep.exe
2008-05-13 15:42:27 73728 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-05-13 15:02:44 2112 --a------ C:\WINDOWS\system32\cskgmfvw.exe
2008-05-13 14:43:05 0 dr-h----- C:\Documents and Settings\TF\Recent
2008-05-13 12:08:39 0 d-------- C:\VundoFix Backups
2008-05-13 11:35:09 0 d-------- C:\temp
2008-05-13 11:33:34 0 d-------- C:\WINDOWS\LastGood
2008-05-13 11:33:01 0 d-------- C:\Program Files\Microsoft Research
2008-05-13 11:21:47 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-05-13 09:25:45 2112 --a------ C:\WINDOWS\system32\oxxkyaia.exe
2008-05-12 11:55:42 0 d-------- C:\Program Files\eBoostr
2008-05-09 15:42:59 0 d-------- C:\Program Files\Cabbage
2008-05-07 14:38:27 0 d-------- C:\WINDOWS\LastGood.Tmp
2008-04-30 10:36:55 0 d-------- C:\WINDOWS\Prefetch
2008-04-30 10:24:51 0 d-------- C:\WINDOWS\system32\scripting
2008-04-30 10:24:50 0 d-------- C:\WINDOWS\system32\bits
2008-04-27 21:11:43 0 d-------- C:\Program Files\Common Files\Nokia
2008-04-27 21:04:58 0 d-------- C:\Program Files\Common Files\PCSuite
2008-04-27 20:32:28 0 d-------- C:\Documents and Settings\TF\Application Data\NSeries
2008-04-27 20:19:40 0 d-------- C:\Program Files\PC Connectivity Solution
2008-04-27 18:57:13 32377 --a------ C:\WINDOWS\system32\drivers\prodigy.sys <Not Verified; B-phreaks; >
2008-04-27 18:57:07 0 d-------- C:\Program Files\NSS
2008-04-22 17:40:23 0 d-------- C:\Documents and Settings\Default User\Application Data\Nokia
2008-04-14 19:33:17 106496 --a------ C:\WINDOWS\system32\bioapi100.dll
2008-04-14 19:33:16 143360 --a------ C:\WINDOWS\system32\bioapi_mds300.dll
2008-04-14 19:10:10 0 d-------- C:\Documents and Settings\TF\Application Data\Wave Systems Corp
2008-04-14 17:00:11 0 d-------- C:\Program Files\Fingerprint Sensor
2008-04-14 16:59:44 0 d-------- C:\WINDOWS\system32\GPinPad
2008-04-14 16:59:44 0 d-------- C:\WINDOWS\system32\GemPCCard
2008-04-14 16:59:43 0 d-------- C:\WINDOWS\system32\GTwinUSB
2008-04-14 16:59:43 0 d-------- C:\WINDOWS\system32\GemPCKey
2008-04-14 16:59:42 0 d-------- C:\WINDOWS\system32\GemPCExp
2008-04-14 16:59:42 0 d-------- C:\Program Files\Gemplus
2008-04-14 16:57:56 0 d-------- C:\Program Files\Wave Systems Corp
2008-04-14 16:54:41 0 d-------- C:\Program Files\NTRU Cryptosystems
2008-04-14 16:54:41 0 d-------- C:\Documents and Settings\All Users\Application Data\NTRU Cryptosystems
2008-04-14 13:28:03 1258496 --a------ C:\WINDOWS\tfmessbsp.dll <Not Verified; UPEK, Inc.; TouchChip TFM/ESS Fingerprint BSP>


-- Find3M Report ---------------------------------------------------------------

2008-05-13 18:13:20 0 d-------- C:\Program Files\Symantec AntiVirus
2008-05-13 16:52:47 0 d-------- C:\Documents and Settings\TF\Application Data\.purple
2008-05-12 09:22:50 1413078 --a------ C:\Documents and Settings\TF\Application Data\NMM-MetaData.db
2008-05-12 09:13:56 0 d-------- C:\Program Files\Nokia
2008-05-02 11:22:26 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2008-05-01 12:40:11 0 d-------- C:\Program Files\FileZilla FTP Client
2008-05-01 12:39:48 0 d-------- C:\Documents and Settings\TF\Application Data\FileZilla
2008-04-30 10:25:15 0 d-------- C:\Program Files\Messenger
2008-04-30 10:24:50 0 d-------- C:\Program Files\Movie Maker
2008-04-30 10:20:59 0 d-------- C:\Program Files\Windows NT
2008-04-27 21:11:43 0 d-------- C:\Program Files\Common Files
2008-04-27 20:27:04 0 d-------- C:\Documents and Settings\TF\Application Data\Nokia
2008-04-27 20:19:53 0 d-------- C:\Program Files\DIFX
2008-04-27 18:47:22 0 d-------- C:\Documents and Settings\TF\Application Data\PC Suite
2008-04-24 17:43:38 0 d-------- C:\Program Files\xB
2008-04-24 09:06:14 0 d-------- C:\Program Files\Google
2008-04-14 19:29:05 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-04-14 16:53:01 0 d-------- C:\Program Files\Dell
2008-04-10 12:03:44 0 d-------- C:\Program Files\JkDefrag
2008-04-07 15:57:17 0 d-------- C:\Program Files\Toshiba
2008-04-07 15:23:55 0 d-------- C:\Program Files\Common Files\Zeepe Framework 7
2008-04-04 17:33:58 1783 --a------ C:\WINDOWS\mozver.dat
2008-04-03 18:47:32 0 d-------- C:\Program Files\Intel
2008-04-02 14:36:40 0 d-------- C:\Documents and Settings\TF\Application Data\Skype
2008-04-02 14:30:53 0 d-------- C:\Documents and Settings\TF\Application Data\skypePM
2008-04-02 08:59:03 0 d-------- C:\Program Files\Pidgin
2008-03-19 19:12:44 0 d-------- C:\Program Files\AviSynth 2.5
2008-03-19 19:12:02 0 d-------- C:\Program Files\eRightSoft
2008-03-12 13:10:18 633344 --a------ C:\WINDOWS\system32\gpprefcl.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe" [02/07/2007 14:29]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\quickset.exe" [20/07/2007 17:55]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [22/11/2006 02:38]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [20/12/2006 19:29]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [24/08/2007 12:01]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [24/08/2007 12:01]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [24/08/2007 12:00]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [02/11/2007 19:36]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [08/10/2007 15:18]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [08/10/2007 15:13]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [10/05/2007 11:22]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [04/04/2008 09:49]
"ITSecMng"="C:\Program Files\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe" [31/07/2007 22:10]
"SecureUpgrade"="C:\Program Files\Wave Systems Corp\SecureUpgrade.exe" [14/09/2007 10:53]
"EmbassySecurityCheck"="C:\Program Files\Wave Systems Corp\EMBASSY Security Setup\EMBASSYSecurityCheck.exe" [14/09/2007 10:53]
"ChangeTPMAuth"="C:\Program Files\Wave Systems Corp\Common\ChangeTPMAuth.exe" [12/09/2007 15:10]
"NSLauncher"="C:\Program Files\Nokia\Nokia Software Launcher\NSLauncher.exe" [07/09/2007 14:44]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 12:43]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe
"PC Suite Tray"="C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe" -onlytray

C:\Documents and Settings\TF\Start Menu\Programs\Startup\
PowerMenu.lnk - C:\Program Files\PowerMenu\PowerMenu.exe [12/20/2002 12:17:56 AM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [7/30/2007 10:54:38 PM]
eBoostr Control Panel.lnk - C:\Program Files\eBoostr\eBoostrCP.exe [4/30/2008 5:48:04 PM]
Firewall Client Connectivity Monitor.LNK - C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE [9/24/2007 12:29:07 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=1 (0x1)
"ForceClassicControlPanel"=1 (0x1)
"NoChangeKeyboardNavigationIndicators"=0 (0x0)
"NoSMHelp"=01000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\gemsafe]
C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll 16/11/2006 15:20 73728 C:\Program Files\Gemplus\GemSafe Libraries\BIN\WLEventNotify.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"BMaf673893"=Rundll32.exe "C:\WINDOWS\system32\bfhnapth.dll",s

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c86f937-67c6-11dc-9aac-001c23045911}]
AutoRun\command- E:\setupSNK.exe




-- End of Deckard's System Scanner: finished at 2008-05-13 18:50:26 ------------

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, May 13, 2008 8:55:48 PM
Operating System: Microsoft Windows XP Professional, Service Pack 3 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 13/05/2008
Kaspersky Anti-Virus database records: 770305
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 75460
Number of viruses found: 1
Number of infected objects: 5
Number of suspicious objects: 0
Duration of the scan process: 01:49:15

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Dell\QuickSet\QSLLPSVCShare Object is locked skipped
C:\Documents and Settings\All Users\Application Data\eboostr\filestat.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthControl.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\AuthPkg.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\biolsp.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\UCS.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Wave Systems Corp\AuthManager\WaveGina.txt Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\NTRU Cryptosystems\TSS\tcsd_log.txt Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\browserstate-logs\log-20080513-184136-187.txt Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\cert8.db Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\history.dat Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\key3.db Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\parent.lock Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\search.sqlite Object is locked skipped
C:\Documents and Settings\TF\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\TF\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Application Data\Mozilla\Firefox\Profiles\d7iuqcrh.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\TF\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TF\Local Settings\History\History.IE5\MSHist012008051320080514\index.dat Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Temp\Perflib_Perfdata_924.dat Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Temp\~DF7B9E.tmp Object is locked skipped
C:\Documents and Settings\TF\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\TF\My Documents\My Downloads\eboostr\eBoostr.exe/data0000.cab/UNINST~1.EXE Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\TF\My Documents\My Downloads\eboostr\eBoostr.exe/data0000.cab Infected: Trojan.Win32.Monder.gen skipped
C:\Documents and Settings\TF\My Documents\My Downloads\eboostr\eBoostr.exe Rsrc-Package: infected - 2 skipped
C:\Documents and Settings\TF\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\TF\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBConfig.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDebug.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBDetect.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBNotify.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBRefr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetCfg2.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetDev.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetLoc.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSetUsr.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMNot.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMReg.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBSMRSt.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStHash.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBStMSI.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\BBValid.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPPolicy.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStart.log Object is locked skipped
C:\Program Files\Common Files\Symantec Shared\SPBBC\LOGS\SPStop.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0096NAV~.TMP Object is locked skipped
C:\Program Files\Symantec AntiVirus\SAVRT\0876NAV~.TMP Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\khfDtUOI.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000010.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP4\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{A2C99D3F-19A3-4322-95A4-3DB9E38E3532}.crmlog Object is locked skipped
C:\WINDOWS\S26A55066.tmp Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\WindowsPowerShell.evt Object is locked skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\LogFiles\HTTPERR\httperr1.log Object is locked skipped
C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\WINDOWS\system32\MsDtc\MSDTC.LOG Object is locked skipped
C:\WINDOWS\system32\MsDtc\Trace\dtctrace.log Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_164.dat Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_ac0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbc2e.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbdam Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbdao Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbeam Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbeao Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbm Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbu2d.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbvm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\dbvmh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\fii.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\fiih.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\hp Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\hpt2i.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\rpm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\rpm1m.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\rpm1mh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\rpmh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-black-urlm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-white-domainm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-white-domainmh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-black-enchashm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-malware-domainm.cf1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
D:\Google\Google Desktop\da35cda41faa\safeweb\goog-black-urlmh.ht1 Object is locked skipped
D:\eboostr.dat Object is locked skipped

Scan process completed.

Edited by Vengence_Irl, 13 May 2008 - 03:00 PM.


BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:42 PM

Posted 01 June 2008 - 12:13 PM

Hello Vengence_Irl,

Welcome to Bleeping Computer :)

Sorry about the delay.:thumbsup: If you still need help, please post a new HijackThis log to make sure nothing has changed, and I'll be happy to look at it for you.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:08:42 PM

Posted 15 June 2008 - 02:59 PM

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users