Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Attack Plzz Help!


  • This topic is locked This topic is locked
3 replies to this topic

#1 hassaan

hassaan

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 26 June 2008 - 07:25 AM

KASPERSKY ONLINE SCANNER REPORT
Thursday, June 26, 2008 1:22:06 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 26/06/2008
Kaspersky Anti-Virus database records: 884717
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 24468
Number of viruses found: 14
Number of infected objects: 197
Number of suspicious objects: 1
Duration of the scan process: 00:59:11

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\backup\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~vbswg.tmp Infected: Email-Worm.VBS.Lee-based skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\cert8.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\history.dat Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\key3.db Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\parent.lock Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Administrator\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla\Firefox\Profiles\5v0sxb34.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Administrator\My Documents\Aero_Ultimate_BETA_5_by_fediaFedia.zip/LSpatch/LSPatch 1.1.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Administrator\My Documents\Aero_Ultimate_BETA_5_by_fediaFedia.zip/LSpatch/LSPatch 1.1.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Administrator\My Documents\Aero_Ultimate_BETA_5_by_fediaFedia.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrator\My Documents\jpsvm3.zip/jps.exe Infected: Backdoor.Win32.Delf.avq skipped
C:\Documents and Settings\Administrator\My Documents\jpsvm3.zip/EXPLORER.EXE Infected: Backdoor.Win32.Delf.avq skipped
C:\Documents and Settings\Administrator\My Documents\jpsvm3.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrator\My Documents\Royale_Vista_Neo_by_CptCrckpot.zip/Royale Vista Neo WB/Patch/LSPatch.exe/WISE0004.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Administrator\My Documents\Royale_Vista_Neo_by_CptCrckpot.zip/Royale Vista Neo WB/Patch/LSPatch.exe Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped
C:\Documents and Settings\Administrator\My Documents\Royale_Vista_Neo_by_CptCrckpot.zip ZIP: infected - 2 skipped
C:\Documents and Settings\Administrator\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Administrator\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\credits.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\customer_support.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\legal.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\license.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\msr.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\readme.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\Help\_top.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\help.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\audio_problems.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\autoplay.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\cd_dvd_problems.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\compressed_drive.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\crashes.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\directx.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\patches.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\sound_conflicts.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\tech_help.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\_main.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\_main2.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\Docs\html\_toc.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Angry IP Scanner\Angry IP Scanner 2.21.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped
C:\Program Files\Microsoft Office\Office12\1033\PVREADME.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\AccessWeb\CLNTWRAP.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\AccessWeb\SERVWRAP.ASP Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBlankPage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsBrowserUpgrade.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsDoNotTrust.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsHomePage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPreviewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsPrintTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsVersion1Warning.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms\FormsViewFrame.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBlankPage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsBrowserUpgrade.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsColorChart.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsFormTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsHomePage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsImageTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsMacroTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPreviewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsPrintTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsVersion1Warning.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsViewFrame.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms3\FormsViewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBlankPage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsBrowserUpgrade.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsColorChart.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsFormTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsHomePage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsImageTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsMacroTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPreviewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsPrintTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsVersion1Warning.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsViewFrame.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms4\FormsViewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBlankPage.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsBrowserUpgrade.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsColorChart.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsFormTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsImageTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsMacroTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPreviewTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\Groove\ToolData\groove.net\GrooveForms5\FormsPrintTemplate.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Office12\INTLBAND.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\CURRENCY.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\DADSHIRT.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\JUDGESCH.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\JUNGLE.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\NOTEBOOK.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\OFFISUPP.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\PAWPRINT.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\PINELUMB.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\SEAMARBL.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Stationery\1033\TECHTOOL.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Microsoft Office\Templates\12\MseNewFileItems\HTMLPAGE.HTM Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Mozilla Firefox\defaults\profile\bookmarks.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Mozilla Firefox\res\hiddenWindow.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\admodules\blank.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\admodules\bottomchrome_blank.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\Devices\deviceshome.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\Devices\nodevice.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\404.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\CTW.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\custsupport.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\home.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\lfr.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\main.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\myacct.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\GetMedia\upsell.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\Login\cancel.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\Login\index.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\Login\welcome.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\DataCache\webresources\dnserror.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\playrlic.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Real\RealPlayer\RealNetworks License.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComClearFields.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditIdent.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditNote.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComEditPass.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComLogoff.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComOptions.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComPasswordGenerator.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComResetFields.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSetFields.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Stardock\Object Desktop\IconPackager\benefits.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Stardock\Object Desktop\IconPackager\previews.htm Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Blackjack.Gadget\en-US\blackjack.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Blockade.Gadget\blockade.HTML Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Bricks.Gadget\en-US\bricks.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Calendar.Gadget\en-US\calendar.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\clock.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Command Launcher.Gadget\en-US\CommandLauncher.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Contacts.Gadget\en-US\contacts.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\en-US\cpu.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Currency.Gadget\en-US\currency.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\DigitalClock.Gadget\digitalclock.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\DriveInfo.Gadget\en-US\DriveInfo.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\DriveInfo.Gadget\en-US\Settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Internet Search.Gadget\en-US\Search.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Internet Search.Gadget\en-US\Settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\notes.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Notes.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\picturePuzzle.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RecycleBin.Gadget\en-US\flyout.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RecycleBin.Gadget\en-US\RecycleBin.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\flyout.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\RSSFeeds.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\RunProgram.Gadget\runprogram.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\SidebarPong.Gadget\sidebar_pong.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\en-US\slideShow.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Stocks.Gadget\en-US\stocks.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Sysinfo.Gadget\sysInfo.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\VistaCalculator201.Gadget\calculator.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\VistaCalculator201.Gadget\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\settings.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\en-US\weather.html Infected: Worm.Win32.Fujack.n skipped
C:\Program Files\WinRAR\Order.htm Infected: Worm.Win32.Fujack.n skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{56E6105A-FBF0-4AD9-A9FA-12218891ED46}\RP23\A0003689.exe Infected: Worm.Win32.Fujack.n skipped
C:\System Volume Information\_restore{56E6105A-FBF0-4AD9-A9FA-12218891ED46}\RP25\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Desktop\SMS-Bomber.exe Infected: SMS-Flooder.Win32.Bomber.c skipped
C:\WINDOWS\Desktop\Virus Protection.exe Infected: Trojan.Win32.VirusWizard.d skipped
C:\WINDOWS\Desktop\Virus Status.exe Infected: Trojan.Win32.VirusWizard.e skipped
C:\WINDOWS\Desktop\Virus Wizard.exe Infected: Trojan.Win32.VirusWizard.c skipped
C:\WINDOWS\Desktop\Virus.org Infected: Trojan.Win32.VirusWizard.a skipped
C:\WINDOWS\Desktop\VirusPro.org Infected: Trojan.Win32.VirusWizard.b skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{E6EBFBE4-A68A-47CD-810E-553F614EFA09}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\ODiag.evt Object is locked skipped
C:\WINDOWS\system32\config\OSession.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\spoclsv.exe Infected: Worm.Win32.Fujack.n skipped
C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\ZWMVC_Temp\keygen2.cls Suspicious: IRC-Worm.IRC.generic skipped
C:\ZWMVC_Temp\keygen3.cls Infected: Email-Worm.MSWord.ZWMVC skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0037765.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0037766.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0037767.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0037768.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0037789.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039766.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039767.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039768.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039769.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039779.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039780.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039781.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039782.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039783.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039784.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039785.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039786.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{44B4A8F1-D2D0-4605-A8E5-A67A89E83B02}\RP44\A0039787.scr Infected: Backdoor.Win32.VB.cfw skipped
D:\System Volume Information\_restore{56E6105A-FBF0-4AD9-A9FA-12218891ED46}\RP23\A0003691.exe Infected: Worm.Win32.Fujack.n skipped
D:\System Volume Information\_restore{56E6105A-FBF0-4AD9-A9FA-12218891ED46}\RP25\change.log Object is locked skipped
E:\doc\bh\Balance of payments.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Economic Systems.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Features of Economic Growth.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\INflation.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Location of Industry.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Market Failure.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Multinational.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Taxes.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\The Benefits of Trade.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Trends in Unemployment.doc.scr Infected: Backdoor.Win32.VB.cfw skipped
E:\doc\bh\Unemployment.doc.scr Infected: Backdoor.Win32.VB.cfw skipped

Scan was interrupted by user!













Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:24:29 PM, on 6/26/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O23 - Service: Diskeeper - Diskeeper Corporation - C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 6940 bytes

BC AdBot (Login to Remove)

 


#2 hassaan

hassaan
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 27 June 2008 - 01:20 AM

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:00:31 PM, on 6/27/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\winsys2.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Stardock\CursorFX\CursorFX.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ievkbd.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SW20] C:\WINDOWS\system32\sw20.exe
O4 - HKLM\..\Run: [SW24] C:\WINDOWS\system32\sw24.exe
O4 - HKLM\..\Run: [WinSys2] C:\WINDOWS\system32\winsys2.exe
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [CursorFX] "C:\Program Files\Stardock\CursorFX\CursorFX.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O8 - Extra context menu item: Add to Banner Ad Blocker - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\ie_banner_deny.htm
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Web traffic protection statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\SCIEPlgn.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~1\Office12\GR99D3~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1\mzvkbd.dll,C:\PROGRA~1\KASPER~1\KASPER~1\adialhk.dll,C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll
O23 - Service: Kaspersky Internet Security (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 2009\avp.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 7395 bytes

Edited by Orange Blossom, 28 June 2008 - 09:42 PM.
Merged topics. ~ OB


#3 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:57 PM

Posted 18 July 2008 - 06:00 AM

Hello,

You might want to save this page on your favorites, so you can find it again when you return.

Welcome to the Bleeping Computer Malware Removal Forum, sorry for the delay in responding, but the amount of people posting with infected computers is through the roof and we sometimes can't get to logs as fast as we would like to.

If you have not resolved this issue and still need assistance, post a HJT log as your system may have changed since your original post.

Thanks for your patience. :thumbsup:
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!

#4 lusitano

lusitano

    Portuguese Malware Fighter


  • Members
  • 1,443 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Portugal
  • Local time:04:57 PM

Posted 22 July 2008 - 05:42 AM

Due to inactivity this thread has been closed to prevent others with similar problems posting to it.
If you need it re-opened please PM a member of the moderating team with a link to your thread.

Thanks
Posted Image
Please do not PM me asking for support.
Please be courteous, polite, and say thank you.
Please post the final results, good or bad. We like to know!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users