Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Infected W Surf Sidwkick Mrfindalot.com


  • This topic is locked This topic is locked
15 replies to this topic

#1 takemot

takemot

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 30 July 2006 - 08:17 AM

Tried all your suggestions so far, no luck. Can't find Ssk.exe, but two Ssk*.dll files are found. Can't delete these because "in use by a program." If you can help I'll definitely donate.

TIA
takemoto

Logfile:

Logfile of HijackThis v1.99.1
Scan saved at 7:47:47 AM, on 7/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\cvn0.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\sys03805807811.exe
C:\WINDOWS\system32\ghynf.exe
C:\WINDOWS\system32\zqskw.exe
C:\WINDOWS\bucsewuA.exe
C:\windows\system32\dwdsregt.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfma.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\system32\wuauclt.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {80464084-6442-8602-0840-280448680888} - C:\WINDOWS\eeeaqam.dll (file missing)
O2 - BHO: (no name) - {90D86076-BE6C-4B51-B68D-51D5BEA29A7A} - C:\Program Files\Windows NT\vigyqeko.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [defender] C:\\dfndref_7.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdef_7.exe
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03805807811] C:\WINDOWS\sys03805807811.exe
O4 - HKLM\..\Run: [bucsewuA] C:\WINDOWS\bucsewuA.exe
O4 - HKLM\..\Run: [{32-2C-C6-6F-ZN}] C:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [w98851bd.dll] RUNDLL32.EXE w98851bd.dll,I2 00216313098851bd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kzfm] C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - AppInit_DLLs: repairs303169590.dll
O20 - Winlogon Notify: App Management - C:\WINDOWS\system32\ncapi32.dll (file missing)
O20 - Winlogon Notify: Themes - C:\WINDOWS\system32\oouninst.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BC AdBot (Login to Remove)

 


m

#2 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 30 July 2006 - 12:42 PM

Hi takemot

1. Download this file - combofix.exe
2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Send:

- a fresh HijackThis log
- combofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#3 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 30 July 2006 - 06:42 PM

Shaba,

Thank you very much for your response. I ran ComboFix and then ran HihackThis again. The resulting logs are included below. I am very encouraged by ComboFix finging Ssk.exe.

Thanks,
takemoto

Start Time= Sun 07/30/2006 16:18:00.62
Running from: C:\Documents and Settings\Gary.DELL-OFFICE\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\WgaLogon\Settings
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{0AECE262-0830-4F6D-9EB7-A70B85DBD486}]
@=""
"IDEx"="ADDR"

[HKEY_CLASSES_ROOT\clsid\{0AECE262-0830-4F6D-9EB7-A70B85DBD486}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{0AECE262-0830-4F6D-9EB7-A70B85DBD486}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{0AECE262-0830-4F6D-9EB7-A70B85DBD486}\InprocServer32]
@="C:\\WINDOWS\\system32\\oouninst.dll"
"ThreadingModel"="Apartment"

Granting sedebugprivilege to Administrators ... successful


(((((((((((((((((((((((((((((((((((((((((((((((( Ssk's Log )))))))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\repairs303169590.dll
C:\Documents and Settings\Brenda\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Gary.DELL-OFFICE\Application Data\Sskdmns.dll
C:\Documents and Settings\Gary.DELL-OFFICE\Application Data\Sskknwrd.dll
C:\Documents and Settings\Gary.DELL-OFFICE\Application Data\Sskuknwrd.dll
C:\Documents and Settings\Gary.DELL-OFFICE\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Ssk.log
C:\Program Files\SurfSideKick 3\Ssk.exe
C:\Program Files\SurfSideKick 3\SskBho.dll
C:\Program Files\SurfSideKick 3\SskCore.dll
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\SskBho.dll
C:\WINDOWS\Prefetch\SSK.EXE-35B0063B.pf
C:\WINDOWS\system32\bk.exe


* * * POST RUN FILES/FOLDERS * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\SskBho.dll

16:22:35.12
(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\keyboard1.dat


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-28 22:13:46 45076 ( A.... ) "C:\WINDOWS\system32\dwdsregt.exe"
2006-07-28 21:56:20 1144839 ( A.... ) "C:\stng260.exe"
2006-07-28 19:31:02 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-28 19:25:42 290169 ( A.... ) "C:\spybotsd14.exe"
2006-07-27 14:26:14 1064 ( A.... ) "C:\WINDOWS\system32\vwe16315.sys"
2006-07-27 14:26:14 1064 ( A.... ) "C:\WINDOWS\system32\vwe16315.sys"
2006-07-27 13:51:36 ( .D... ) "C:\Program Files\Trend Micro"
2006-07-26 13:58:50 32443 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-07-26 13:55:46 111104 ( A.... ) "C:\numbsoftnew.exe"
2006-07-26 13:55:44 45068 ( A.... ) "C:\WINDOWS\system32\ZICORN003.exe"
2006-07-26 13:55:42 389632 ( A.... ) "C:\webnexmknew.exe"
2006-07-26 13:55:34 184829 ( A.... ) "C:\WINDOWS\srvzvabvka.exe"
2006-07-26 13:55:34 2560 ( A.... ) "C:\ac3_0003.exe"
2006-07-26 13:55:32 235134 ( A.... ) "C:\WINDOWS\srvvtgolki.exe"
2006-07-26 13:55:22 587776 ( A.... ) "C:\626_101newer.exe"
2006-07-26 13:55:08 27648 ( A.... ) "C:\dist13.exe"
2006-07-26 13:54:44 ( .D... ) "C:\Program Files\Common Files\kzfm"
2006-07-26 13:54:34 143360 ( A.... ) "C:\WINDOWS\sys03805807811.exe"
2006-07-26 13:53:56 221184 ( A.... ) "C:\WINDOWS\system32\xeymi.dll"
2006-07-26 13:53:56 36864 ( A.... ) "C:\WINDOWS\system32n9nyb.exe"
2006-07-26 13:53:56 36864 ( A.... ) "C:\WINDOWS\system32\n9nyb.exe"
2006-07-26 13:53:56 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
2006-07-26 13:53:56 28672 ( A.... ) "C:\WINDOWS\system32\iqqr.exe"
2006-07-26 13:53:56 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-20 16:31:36 1163264 ( A.... ) "C:\WINDOWS\system32\wfxqhv.exe"
2006-07-20 16:31:24 36864 ( A.... ) "C:\WINDOWS\system32\zqskw.exe"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-28 22:13 45,076 C:\WINDOWS\system32\dwdsregt.exe
2006-07-28 21:56 1,144,839 C:\stng260.exe
2006-07-28 19:25 290,169 C:\spybotsd14.exe
2006-07-27 08:57 59,144 C:\WINDOWS\zllsputility.exe
2006-07-27 08:57 11,264 C:\WINDOWS\system32\SpOrder.dll
2006-07-26 13:55 587,776 C:\626_101newer.exe
2006-07-26 13:55 45,068 C:\WINDOWS\system32\ZICORN003.exe
2006-07-26 13:55 389,632 C:\webnexmknew.exe
2006-07-26 13:55 32,443 C:\WINDOWS\system32\uninstIcn.exe
2006-07-26 13:55 27,648 C:\dist13.exe
2006-07-26 13:55 235,134 C:\WINDOWS\srvvtgolki.exe
2006-07-26 13:55 2,560 C:\ac3_0003.exe
2006-07-26 13:55 184,829 C:\WINDOWS\srvzvabvka.exe
2006-07-26 13:55 111,104 C:\numbsoftnew.exe
2006-07-26 13:55 1,064 C:\WINDOWS\system32\vwe16315.sys
2006-07-26 13:54 444,304 C:\WINDOWS\bucsewuA.exe
2006-07-26 13:54 443,728 C:\WINDOWS\bucsewu.exe
2006-07-26 13:54 143,360 C:\WINDOWS\sys03805807811.exe
2006-07-26 13:54 127,578 C:\WINDOWS\system32\tsuninst.exe
2006-07-26 13:53 36,864 C:\WINDOWS\system32n9nyb.exe
2006-07-26 13:53 36,864 C:\WINDOWS\system32\zqskw.exe
2006-07-26 13:53 36,864 C:\WINDOWS\system32\n9nyb.exe
2006-07-26 13:53 28,672 C:\WINDOWS\system32bez6n4r21.exe
2006-07-26 13:53 28,672 C:\WINDOWS\system32\iqqr.exe
2006-07-26 13:53 28,672 C:\WINDOWS\system32\bez6n4r21.exe
2006-07-26 13:53 221,184 C:\WINDOWS\system32\xeymi.dll
2006-07-26 13:53 1,163,264 C:\WINDOWS\system32\wfxqhv.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"k6mmN5IOU"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""
"TheMonitor"="C:\\WINDOWS\\SYSC00.exe"
"sys03805807811"="C:\\WINDOWS\\sys03805807811.exe"
"bucsewuA"="C:\\WINDOWS\\bucsewuA.exe"
"{32-2C-C6-6F-ZN}"="C:\\windows\\system32\\dwdsregt.exe CORN003"
"w98851bd.dll"="RUNDLL32.EXE w98851bd.dll,I2 00216313098851bd"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"kzfm"="C:\\PROGRA~1\\COMMON~1\\kzfm\\kzfmm.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\WindowsUpdate\\xunydy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\vilobozo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,e4,00,00,00,00,00,00,00,9c,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder

Completion time: Sun 07/30/2006 16:22:40.45
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt







Logfile of HijackThis v1.99.1
Scan saved at 4:26:03 PM, on 7/30/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\sys03805807811.exe
C:\WINDOWS\bucsewuA.exe
C:\windows\system32\dwdsregt.exe
C:\WINDOWS\system32\zqskw.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfma.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\PROGRA~1\COMMON~1\kzfm\kzfml.exe
C:\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {80464084-6442-8602-0840-280448680888} - C:\WINDOWS\eeeaqam.dll (file missing)
O2 - BHO: (no name) - {90D86076-BE6C-4B51-B68D-51D5BEA29A7A} - C:\Program Files\Windows NT\vigyqeko.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03805807811] C:\WINDOWS\sys03805807811.exe
O4 - HKLM\..\Run: [bucsewuA] C:\WINDOWS\bucsewuA.exe
O4 - HKLM\..\Run: [{32-2C-C6-6F-ZN}] C:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [w98851bd.dll] RUNDLL32.EXE w98851bd.dll,I2 00216313098851bd
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [kzfm] C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

#4 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 31 July 2006 - 01:58 AM

Hi

Yes, it removed both look2me and surfsidekick :thumbsup:

Still much left, though.

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
O2 - BHO: (no name) - {80464084-6442-8602-0840-280448680888} - C:\WINDOWS\eeeaqam.dll (file missing)
O2 - BHO: (no name) - {90D86076-BE6C-4B51-B68D-51D5BEA29A7A} - C:\Program Files\Windows NT\vigyqeko.dll (file missing)
O2 - BHO: (no name) - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - (no file)
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [sys03805807811] C:\WINDOWS\sys03805807811.exe
O4 - HKLM\..\Run: [bucsewuA] C:\WINDOWS\bucsewuA.exe
O4 - HKLM\..\Run: [{32-2C-C6-6F-ZN}] C:\windows\system32\dwdsregt.exe CORN003
O4 - HKLM\..\Run: [w98851bd.dll] RUNDLL32.EXE w98851bd.dll,I2 00216313098851bd
O4 - HKCU\..\Run: [kzfm] C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\ZICORN003.exe


Close all windows including browser and press fix checked.

Please download the Killbox.
Unzip it to the desktop.

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\WINDOWS\system32\dwdsregt.exe
C:\stng260.exe
C:\WINDOWS\system32\vwe16315.sys
C:\WINDOWS\system32\uninstIcn.exe
C:\numbsoftnew.exe
C:\WINDOWS\system32\ZICORN003.exe
C:\webnexmknew.exe
C:\WINDOWS\srvzvabvka.exe
C:\ac3_0003.exe
C:\WINDOWS\srvvtgolki.exe
C:\626_101newer.exe
C:\dist13.exe
C:\WINDOWS\sys03805807811.exe
C:\WINDOWS\system32\xeymi.dll
C:\WINDOWS\system32n9nyb.exe
C:\WINDOWS\system32\n9nyb.exe
C:\WINDOWS\system32bez6n4r21.exe
C:\WINDOWS\system32\iqqr.exe
C:\WINDOWS\system32\bez6n4r21.exe
C:\WINDOWS\system32\tsuninst.exe
C:\WINDOWS\system32\wfxqhv.exe
C:\WINDOWS\system32\zqskw.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfmm.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfma.exe
C:\PROGRA~1\COMMON~1\kzfm\kzfml.exe
C:\WINDOWS\bucsewuA.exe
C:\WINDOWS\bucsewu.exe
C:\WINDOWS\system32\iqqr.exe

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder -> C:\!KillBox

Please do an online scan with Kaspersky Online Scanner. You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:

    o Scan using the following Anti-Virus database:

    + Extended (If available otherwise Standard)

    o Scan Options:

    + Scan Archives
    + Scan Mail Bases

  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Re-run combofix

Send:

- a fresh HijackThis log
- kaspersky report
- combofix report
Microsoft MVP Consumer Security
Posted Image

Posted Image

#5 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 31 July 2006 - 10:42 AM

Thanks again Shaba,

I hope I followed your directions correctly, below are the new reports.

Thanks,
takemoto

Logfile of HijackThis v1.99.1
Scan saved at 8:36:21 AM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Gary.DELL-OFFICE\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe




-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 31, 2006 8:29:26 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/07/2006
Kaspersky Anti-Virus database records: 211069
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 73098
Number of viruses found: 41
Number of infected objects: 176
Number of suspicious objects: 6
Duration of the scan process: 01:32:06

Infected Object Name / Virus Name / Last Action
C:\!KillBox\626_101newer.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\!KillBox\ac3_0003.exe Infected: Trojan-Downloader.Win32.Small.cyh skipped
C:\!KillBox\bez6n4r21.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\!KillBox\bucsewu.exe Infected: Trojan-Clicker.Win32.VB.ij skipped
C:\!KillBox\bucsewuA.exe Infected: Trojan-Downloader.Win32.VB.nw skipped
C:\!KillBox\dist13.exe Infected: Trojan-Downloader.Win32.Agent.aaf skipped
C:\!KillBox\dwdsregt.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\!KillBox\iqqr.exe Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!KillBox\kzfma.exe Infected: Trojan-Downloader.Win32.TSUpdate.l skipped
C:\!KillBox\kzfml.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\!KillBox\kzfmm.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\!KillBox\n9nyb.exe Infected: Trojan.Win32.Runner.j skipped
C:\!KillBox\numbsoftnew.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\!KillBox\srvvtgolki.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\!KillBox\srvvtgolki.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\!KillBox\srvvtgolki.exe NSIS: infected - 2 skipped
C:\!KillBox\srvzvabvka.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\!KillBox\srvzvabvka.exe NSIS: infected - 1 skipped
C:\!KillBox\sys03805807811.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\!KillBox\system32bez6n4r21.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\!KillBox\system32n9nyb.exe Infected: Trojan.Win32.Runner.j skipped
C:\!KillBox\webnexmknew.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\!KillBox\xeymi.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\!KillBox\ZICORN003.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\!KillBox\zqskw.exe Infected: Trojan.Win32.Runner.j skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/drsmartload849a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/drsmartload46a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Program Files\Common Files\kzfm\kzfmp.exe Infected: Trojan-Downloader.Win32.TSUpdate.f skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\139.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\149.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\14B.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\14F.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\14F.tmp Inno: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\14F.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\151.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\151.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\151.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\153.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\153.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\153.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\155.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\155.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\155.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\156.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\156.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\156.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\156.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\157.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\159.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\15B.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\15D.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\16.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\164.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\164.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\164.tmp NSIS: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\164.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\166.tmp Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\16D.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\17E.tmp Infected: Trojan.Win32.VB.tg skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\181.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\184.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\186.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\188.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\189.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\18A.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\18D.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\18F.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\190.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\191.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\194.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\196.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\197.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\199.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\19B.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A0.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp WiseSFX Dropper: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A2.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A4.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A6.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A8.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A8.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A8.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1A8.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1AA.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1AC.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1AE.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1B0.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1B2.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1B4.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1B6.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1BC.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1BE.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E1.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E4.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E6.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E8.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EA.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EA.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EA.tmp NSIS: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EA.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EC.tmp Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp WiseSFX Dropper: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1EE.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1F0.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\223.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\23D.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\24.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\24.tmp Inno: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\24.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\25.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\25.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\25.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\26.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\26.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\26.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\27.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\27.tmp ZIP: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\27.tmp CryptFF.b: infected - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp ZIP: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp WiseSFX Dropper: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\28.tmp CryptFF.b: infected - 3 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\29.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2A.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2B.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2C.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2D.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2E.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2E.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2E.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2E.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2F9.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\3.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\30.tmp/zqskw.exe Infected: Trojan.Win32.Runner.j skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\30.tmp/cvn0.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\30.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\30.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\31.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\33D.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\33D.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\33D.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\33D.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4.tmp Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4B3.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4B5.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4BD.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4BF.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4C4.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4C6.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4D1.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4D1.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4D1.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\4D1.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\5B.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\5B.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\5B.tmp CAB: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\5B.tmp CryptFF.b: infected - 2 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\REPAIRS303169590.DLL Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped

Scan process completed.




Start Time= Mon 07/31/2006 8:30:31.06
Running from: C:\Documents and Settings\Gary.DELL-OFFICE\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-28 19:31:02 ( .D... ) "C:\Program Files\Spybot - Search & Destroy"
2006-07-28 19:25:42 290169 ( A.... ) "C:\spybotsd14.exe"
2006-07-27 13:51:36 ( .D... ) "C:\Program Files\Trend Micro"
2006-07-26 13:54:44 ( .D... ) "C:\Program Files\Common Files\kzfm"
2006-06-19 16:20:42 702768 ( A.... ) "C:\WINDOWS\system32\WgaLogon.dll"
2006-05-19 05:59:42 148480 ( A.... ) "C:\WINDOWS\system32\dnsapi.dll"
2006-05-19 05:59:42 111616 ( A.... ) "C:\WINDOWS\system32\dhcpcsvc.dll"
2006-05-19 05:59:42 94720 ( A.... ) "C:\WINDOWS\system32\iphlpapi.dll"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-28 19:25 290,169 C:\spybotsd14.exe
2006-07-27 08:57 59,144 C:\WINDOWS\zllsputility.exe
2006-07-27 08:57 11,264 C:\WINDOWS\system32\SpOrder.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\System32\\NvCpl.dll,NvStartup"
"diagent"="\"C:\\Program Files\\Creative\\SBLive\\Diagnostics\\diagent.exe\" startup"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"dla"="C:\\WINDOWS\\system32\\dla\\tfswctrl.exe"
"UpdateManager"="\"C:\\Program Files\\Common Files\\Sonic\\Update Manager\\sgtray.exe\" /r"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"pccguide.exe"="\"C:\\Program Files\\Trend Micro\\Internet Security 2006\\pccguide.exe\""
"k6mmN5IOU"="\"C:\\WINDOWS\\system32\\wfxqhv.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"Sonic RecordNow!"=""
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=""
"NoDriveTypeAutoRun"=hex:5f,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\WindowsUpdate\\xunydy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\Online Services\\vilobozo.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,30,01,00,00,00,00,00,00,50,03,00,00,42,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""




Contents of the 'Scheduled Tasks' folder

Completion time: Mon 07/31/2006 8:31:30.95
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

ComboFix.2006-07-31.083031.txt

#6 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 31 July 2006 - 12:18 PM

Hi

Yes, it seems pretty good :thumbsup:

Open HijackThis, click do a system scan only and checkmark these:

O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"


Close all windows including browser and press fix checked.

Empty temporary internet files, see here -> http://support.microsoft.com/default.aspx?...kb;en-us;260897

Boot in safe mode -> http://www.pchell.com/support/safemode.shtml

Empty these folders (delete all files inside but don't delete the folder itself):

C:\!KillBox\
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\

Delete this:

C:\Program Files\Common Files\kzfm

Reboot

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#7 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 31 July 2006 - 03:44 PM

Shaba,

I again hope I followed your instructions correctly. When I deleted the quarantined files SskBho.dll could not be deleted, I got "access denied" message. Also it tokk me two tries to reboot into safe mode, hope this didn't allow the bug to reestablish itself. The new log files are included below.

Thanks again,
takemoto


Logfile of HijackThis v1.99.1
Scan saved at 1:31:27 PM, on 7/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gary.DELL-OFFICE\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe




Hit message length limit, Kaspersky log in following reply.

#8 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 31 July 2006 - 03:48 PM

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Monday, July 31, 2006 1:30:15 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 31/07/2006
Kaspersky Anti-Virus database records: 211149
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 59345
Number of viruses found: 41
Number of infected objects: 845
Number of suspicious objects: 6
Duration of the scan process: 01:26:34

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/drsmartload849a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/drsmartload46a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[1].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[2].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[3].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[4].htm Infected: Trojan-Clicker.HTML.Agent.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\139.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\16.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\191.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E1.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\223.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2D.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc10.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc100.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc101.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc102.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc103.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc104.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc105.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc106.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc107.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc108.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc109.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc11.exe Infected: Trojan-Downloader.Win32.TSUpdate.n skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc110.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc111.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc112.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc113.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc114.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc115.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc115.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc115.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc115.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc116.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc117.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc117.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc117.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc118.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc118.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc118.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc119.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc12.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc121.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc122.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc123.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc123.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc123.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc123.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc124.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc124.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc124.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc124.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc126.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc127.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc127.tmp Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc127.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc128.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc129.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc13.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc130.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc131.tmp Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc132.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc133.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc134.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc135.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc136.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc137.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc137.tmp Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc137.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc138.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc138.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc138.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc139.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc139.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc139.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc14.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc14.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc14.exe NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc140.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc140.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc140.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc141.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc142.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc143.tmp/zqskw.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc143.tmp/cvn0.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc143.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc143.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc144.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc145.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc146.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc148.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc149.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc15.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc15.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc151.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc152.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc154.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc155.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc155.tmp Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc155.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc156.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc157.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc158.tmp Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc159.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc159.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc159.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc159.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc160.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc160.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc160.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc160.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc162.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc163.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc163.tmp Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc163.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc164.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc165.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc166.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc166.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc166.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc166.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc167.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc167.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc167.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc167.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc168.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc17.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc170.tmp Infected: Trojan-Downloader.Win32.VB.air skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc171.tmp Infected: Trojan-Downloader.Win32.VB.aiy skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc172.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc173.tmp Infected: not-a-virus:AdWare.Win32.180Solutions.au skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc174.tmp Infected: Trojan.Win32.VB.tg skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc176.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc177.tmp/data0001 Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc177.tmp Inno: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc177.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc178.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc179.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc18.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc180.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc180.tmp ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc180.tmp CryptFF.b: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc181.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc181.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc181.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc181.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc182.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc183.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc184.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc184.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc184.tmp NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc184.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc185.tmp Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc186.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc187.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc188.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc189.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc19.exe Infected: Trojan-Downloader.Win32.VB.aga skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc190.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc191.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc192.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc193.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc194.tmp Infected: Trojan-Downloader.Win32.Qoologic.at skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc195.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc197.DLL Infected: not-a-virus:AdWare.Win32.SurfSide.ap skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc2.exe Infected: Trojan-Dropper.Win32.Agent.mu skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc20.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc204.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc205.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc206.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc207.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc207.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc207.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc207.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc208.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc21.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc215.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc215.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc215.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc215.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc216.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc217.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc218.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc219.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc220.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc221.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc222.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc223.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc224.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc225.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc226.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc227.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc228.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc229.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc230.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc231.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc231.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc231.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc231.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc232.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc233.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc234.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc235.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc236.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc237.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc238.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc239.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc240.tmp/zqskw.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc240.tmp/cvn0.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.f skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc240.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc240.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc241.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc242.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc243.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc244.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc245.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc245.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc245.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc245.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc246.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc247.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc248.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc249.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc25.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc250.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc251.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc252.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc253.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc254.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc255.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc256.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc257.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc257.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc257.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc257.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc258.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc259.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc260.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc261.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc262.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc263.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc264.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc265.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc266.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc267.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc268.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc269.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc27.dll Infected: not-a-virus:AdWare.Win32.Suggestor.o skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc270.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc271.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc272.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc273.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc274.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc274.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc274.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc274.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc275.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc276.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc277.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc278.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc279.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc28.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc280.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc281.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc282.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc283.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc284.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc285.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc286.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc287.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc288.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc289.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc29.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc290.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc291.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc292.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc293.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc294.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc295.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc296.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc297.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc298.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc299.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc299.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc299.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc299.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc3.exe Infected: not-a-virus:AdWare.Win32.SearchAssistant.g skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc30.exe Infected: Trojan.Win32.Runner.j skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc300.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc301.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc302.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc303.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc304.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc304.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc304.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc304.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc305.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc306.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc307.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc308.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc309.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc31.exe Infected: Trojan-Dropper.Win32.Agent.hl skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc310.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc311.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc312.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc313.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc314.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc315.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc316.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc317.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc318.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc319.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc319.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc319.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc319.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc32.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc32.exe/stream Infected: not-a-virus:AdWare.Win32.BHO.ao skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc32.exe NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc320.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc321.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc322.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc323.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc324.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc325.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc326.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc327.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc328.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc329.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc33.exe/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc33.exe NSIS: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc330.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc331.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc332.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc333.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc334.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc335.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc336.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc337.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc337.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc337.tmp NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc337.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc338.tmp Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc339.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc340.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc341.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc342.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc343.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc343.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc343.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc343.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc344.tmp Infected: Trojan.Win32.Agent.sx skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc345.tmp/InpB/Ssk.exe Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc345.tmp/InpB Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc345.tmp CAB: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc345.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc346.tmp Infected: not-a-virus:AdWare.Win32.PurityScan.ep skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc347.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc348.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc349.tmp Infected: Trojan-Clicker.Win32.VB.is skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc35.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc350.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp ZIP: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp WiseSFX Dropper: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc351.tmp CryptFF.b: infected - 3 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc352.tmp Infected: Trojan-Downloader.Win32.Qoologic.c skipped

Broke up file for size, to be continued.




C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc353.tmp/data0004 Infected: Trojan-Downloader.Win32.Small.ctp skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc353.tmp/data0005 Infected: Trojan-Downloader.Win32.Small.ajc skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc353.tmp NSIS: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc353.tmp CryptFF.b: infected - 2 skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc354.tmp Infected: Trojan-Dropper.Win32.Small.qn skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc355.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc356.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc357.tmp Infected: not-a-virus:AdWare.Win32.SurfSide.av skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc358.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc359.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc36.exe Infected: Trojan-Downloader.Win32.TSUpdate.r skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc360.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc361.tmp Infected: Trojan-Downloader.Win32.Agent.ahv skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc362.tmp Infected: not-a-virus:AdWare.Win32.Look2Me.ab skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc363.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc364.tmp Infected: Trojan-Clicker.Win32.Small.jf skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc365.tmp Infected: not-a-virus:AdWare.Win32.Ucmore.a skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc366.tmp Infected: not-a-virus:AdWare.Win32.Ucmore skipped
C:\RECYCLER\S-1-5-21-1644491937-682003330-1448944231-1003\Dc367.tmp Infected: Troj

#9 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 01 August 2006 - 02:55 AM

Hi

Kaspersky log cuts off, but that's ok

First, empty your Recycle Bin.

After that:

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[1].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\86UHGA51\popup[2].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[1].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[2].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\9XHZNULS\popup[3].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[1].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[2].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[3].htm
C:\Documents and Settings\Stephanie\Local Settings\Temporary Internet Files\Content.IE5\HL5XTFVV\popup[4].htm

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty these folders:

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine
C:\!KillBox\

Empty Recycle Bin

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#10 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 01 August 2006 - 10:00 AM

Hi Shaba,

Again SskBho.dll could not be deleted from the TrndMicro quarantine file, everything else seemed to go well.
Here's the latest logs.

takemoto


Logfile of HijackThis v1.99.1
Scan saved at 7:47:33 AM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Gary.DELL-OFFICE\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe




-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 01, 2006 7:47:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 1/08/2006
Kaspersky Anti-Virus database records: 211340
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58728
Number of viruses found: 2
Number of infected objects: 6
Number of suspicious objects: 6
Duration of the scan process: 01:24:26

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/drsmartload849a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/drsmartload46a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\139.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\16.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\191.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E1.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\223.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2D.tmp Infected: not-a-virus:AdWare.Win32.CommAd.a skipped

Scan process completed.

#11 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 01 August 2006 - 10:07 AM

Hi

We are almost there :thumbsup:

Please run Killbox.

Select "Delete on Reboot" and "All files"

Copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\139.tmp
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\16.tmp
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\191.tmp
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\1E1.tmp
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\223.tmp
C:\Program Files\Trend Micro\Internet Security 2006\Quarantine\2D.tmp

Go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run TheKillbox, click here to download and run missingfilesetup.exe. Then try TheKillbox again..

If your computer does not restart automatically, please restart it manually.

Empty this folder:

C:\!KillBox

Re-scan with kaspersky

Send:

- a fresh HijackThis log
- kaspersky report.
Microsoft MVP Consumer Security
Posted Image

Posted Image

#12 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 01 August 2006 - 11:59 AM

Hi Shaba,

Will this bug ever give up? Here's the new logs.

takemoto


Logfile of HijackThis v1.99.1
Scan saved at 9:54:43 AM, on 8/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Gary.DELL-OFFICE\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe





-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, August 01, 2006 9:53:58 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 1/08/2006
Kaspersky Anti-Virus database records: 211386
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\

Scan Statistics:
Total number of scanned objects: 58907
Number of viruses found: 1
Number of infected objects: 0
Number of suspicious objects: 6
Duration of the scan process: 01:25:13

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip/cas2stub.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\CASClient.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/drsmartload849a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip/drsmartload46a7i.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC1.zip ZIP: suspicious - 1 skipped

Scan process completed.

#13 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 01 August 2006 - 12:18 PM

Hi.

Those are ok - Spybot backups.

Logs look good.

Do you have any problems?
Microsoft MVP Consumer Security
Posted Image

Posted Image

#14 takemot

takemot
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:22 AM

Posted 01 August 2006 - 12:25 PM

Shaba,

Computer seems ok. So we're done? If so I'll follow the security advice BC recommends in the future. Thanks a million for your help. I'll send a donation to BC for sure.

Thanks,
takemoto

#15 Shaba

Shaba

    Koutsi


  • Members
  • 7,872 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:06:22 PM

Posted 01 August 2006 - 12:28 PM

Yes, we are :D

You're clean!

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:
  • Disable and Enable System Restore. - If you are using Windows XP then you should disable and re-enable system restore to make sure there are no infected files found in a restore point.

    You can find instructions on how to enable and reenable system restore here:

    Windows XP System Restore Guide
Reenable system restore with instructions from tutorial above
  • Make your Internet Explorer more secure - This can be done by following these simple instructions:
  • From within Internet Explorer click on the Tools menu and then click on Options.
  • Click once on the Security tab
  • Click once on the Internet icon so it becomes highlighted.
  • Click once on the Custom Level button.
  • Change the Download signed ActiveX controls to Prompt
  • Change the Download unsigned ActiveX controls to Disable
  • Change the Initialize and script ActiveX controls not marked as safe to Disable
  • Change the Installation of desktop items to Prompt
  • Change the Launching programs and files in an IFRAME to Prompt
  • Change the Navigate sub-frames across different domains to Prompt
  • When all these settings have been made, click on the OK button.
  • If it prompts you as to whether or not you want to save the settings, press the Yes button.
  • Next press the Apply button and then the OK to exit the Internet Properties page.
  • Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
  • Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.

  • Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

    For a tutorial on Firewalls and a listing of some available ones see the link below:

    Understanding and Using Firewalls

  • Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

  • Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

    A tutorial on installing & using this product can be found here:

    Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer

  • Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option.

    This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. A tutorial on installing & using this product can be found here:

    Instructions for - Spybot S & D and Ad-aware

  • Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

    A tutorial on installing & using this product can be found here:

    Using SpywareBlaster to protect your computer from Spyware and Malware

  • Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
Follow this list and your potential for being infected again will reduce dramatically.

Here are some additional utilities that will enhance your safety
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Winpatrol <= Download and install the free version of Winpatrol. a tutorial for this product is located here:
    Using Winpatrol to protect your computer from malicious software
Stand Up and Be Counted ---> Malware Complaints <--- where you can make difference!

The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.

Also, please read this great article by Tony Klein So How Did I Get Infected In First Place

Happy surfing and stay clean!
Microsoft MVP Consumer Security
Posted Image

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users