Tech Support Forum - View Single Post

sirav · 11-18-2008, 12:34 AM

OK! I'm back (finally). Man, that Kaspersky scan took like, forever! Anyways...

So here's what you requested:

Kaspersky Scan Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, November 18, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, November 18, 2008 00:50:57
Records in database: 1390443
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
M:\
V:\
Y:\

Scan statistics:
Files scanned: 167096
Threat name: 10
Infected objects: 24
Suspicious objects: 0
Duration of the scan: 04:22:08

File name / Threat name / Threats count
C:\Downloads\Smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Downloads\Smitfraudfix\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1
C:\Downloads\WMP Codecs etc\mediacodec-v4.300.exe Infected: Trojan-Notifier.Win32.Zlob.d 1
C:\Downloads\WMP Codecs etc\mediacodec-v4.300.exe Infected: Trojan-Downloader.Win32.Zlob.ky 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DDD54EF.com Infected: Packed.Win32.Krap.b 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1670402D.exe Infected: Trojan.Win32.Qhost.kgw 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23B62F2E.dll Infected: Trojan-GameThief.Win32.Magania.akop 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C994938.com Infected: Packed.Win32.Krap.b 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F7461E6.tmp Infected: Trojan.Win32.Qhost.kgw 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45957679.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45B27059.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45CC403C.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB7280.com Infected: Packed.Win32.Krap.b 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6C13601F.com Infected: Packed.Win32.Krap.b 1
C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75572B5B.dll Infected: Trojan-GameThief.Win32.Magania.ajgg 1
C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1
C:\Qoobox\Quarantine\K\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1
C:\Qoobox\Quarantine\M\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1
C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@14.35.zip Infected: Trojan-Downloader.Win32.Zlob.aceg 3
V:\95 Archived Data\070522 Old Data\Counter Intelligence POS\vnc-4.0-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3

The selected area was scanned.

New Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:34 PM, on 18/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\Varis\Local Settings\temp\jkos-Varis\binaries\ScanningProcess.exe
C:\Documents and Settings\Varis\Local Settings\temp\jkos-Varis\binaries\ScanningProcess.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Premier11\Myobp.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Microsoft Office\Office\EXCEL.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Downloads\Hijack This 2.0\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE
O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE
O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE
O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

--
End of file - 9041 bytes

Report on Computers Behaviour

Well, the PC seems to be working fine and at least back to normal. No idea what that WMP Codec thing is that Kaspersky found though... Interestingly it's in my "Downloads" folder which leads me to believe that it's something that I have chosen to download! ***?

I'm pretty sure the NAV autoprotect thing is rectified now, but I'll just check again after this post.

If you are wondering what the "V" Drive (or the "Y" Drive for that matter) is that Kaspersky scanned, they are network drives located on my QNAP NAS thingy.

But otherwise all seems pretty good. Thanks again for your assistance chemist. It's a great service that you all do here and it is hugely appreciated by all us clowns who can't seem to keep those viruses at bay.

Oh yeh - about the torrenting stuff you mentioned before....Sorry, can't live without it. I do take care however and I only tend to torrent from fairly reputable places (Dimeadozen, bt.tree, some private trackers) and my motto here is "Constant Vigilance!". Everything gets checked and scanned regardless of where it comes from. I use a fairly good degree of commonsense usually (although there is that nagging issue about those WMP codecs isn't there.....).

Thanks again - you are a superhero.

11-18-2008, 12:34 AM	#10 (permalink)
sirav Registered User Join Date: Nov 2008 Posts: 9 OS: XP SP3	Re: Trojan.Packed.NsAnti OK! I'm back (finally). Man, that Kaspersky scan took like, forever! Anyways... So here's what you requested: Kaspersky Scan Report -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7 REPORT Tuesday, November 18, 2008 Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600) Kaspersky Online Scanner 7 version: 7.0.25.0 Program database last update: Tuesday, November 18, 2008 00:50:57 Records in database: 1390443 -------------------------------------------------------------------------------- Scan settings: Scan using the following database: extended Scan archives: yes Scan mail databases: yes Scan area - My Computer: C:\ D:\ E:\ M:\ V:\ Y:\ Scan statistics: Files scanned: 167096 Threat name: 10 Infected objects: 24 Suspicious objects: 0 Duration of the scan: 04:22:08 File name / Threat name / Threats count C:\Downloads\Smitfraudfix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Downloads\Smitfraudfix\SmitfraudFix.zip Infected: not-a-virus:RiskTool.Win32.Reboot.f 1 C:\Downloads\WMP Codecs etc\mediacodec-v4.300.exe Infected: Trojan-Notifier.Win32.Zlob.d 1 C:\Downloads\WMP Codecs etc\mediacodec-v4.300.exe Infected: Trojan-Downloader.Win32.Zlob.ky 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\0DDD54EF.com Infected: Packed.Win32.Krap.b 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\1670402D.exe Infected: Trojan.Win32.Qhost.kgw 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\23B62F2E.dll Infected: Trojan-GameThief.Win32.Magania.akop 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3C994938.com Infected: Packed.Win32.Krap.b 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\3F7461E6.tmp Infected: Trojan.Win32.Qhost.kgw 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45957679.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45B27059.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\45CC403C.vir Infected: Trojan-GameThief.Win32.Magania.ajgg 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6BBB7280.com Infected: Packed.Win32.Krap.b 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\6C13601F.com Infected: Packed.Win32.Krap.b 1 C:\Program Files\Norton Internet Security\Norton AntiVirus\Quarantine\75572B5B.dll Infected: Trojan-GameThief.Win32.Magania.ajgg 1 C:\Qoobox\Quarantine\C\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1 C:\Qoobox\Quarantine\K\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1 C:\Qoobox\Quarantine\M\autorun.inf.vir Infected: Trojan-GameThief.Win32.OnLineGames.tsra 1 C:\Qoobox\Quarantine\[4]-Submit_2008-11-17@14.35.zip Infected: Trojan-Downloader.Win32.Zlob.aceg 3 V:\95 Archived Data\070522 Old Data\Counter Intelligence POS\vnc-4.0-x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 3 The selected area was scanned. New Hijackthis Log Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 4:26:34 PM, on 18/11/2008 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16735) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccProxy.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Norton Internet Security\ISSVC.exe C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\hkcmd.exe C:\WINDOWS\system32\igfxpers.exe C:\WINDOWS\stsystra.exe C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell Support\DSAgnt.exe C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Digital Line Detect\DLG.exe C:\Program Files\WinZip\WZQKPICK.EXE C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE C:\Program Files\Belkin Automatic Power Management Software\jre\bin\javaw.exe C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\internet explorer\iexplore.exe C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Java\jre6\bin\java.exe C:\Documents and Settings\Varis\Local Settings\temp\jkos-Varis\binaries\ScanningProcess.exe C:\Documents and Settings\Varis\Local Settings\temp\jkos-Varis\binaries\ScanningProcess.exe C:\WINDOWS\system32\wuauclt.exe C:\Premier11\Myobp.exe C:\Program Files\Windows Media Player\wmplayer.exe C:\Program Files\Microsoft Office\Office\EXCEL.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Downloads\Hijack This 2.0\HiJackThis.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\RunServices: [BelkinAPM] C:\Program Files\Belkin Automatic Power Management Software\BelkinAPM.exe O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - Global Startup: AOL 7.0 Tray Icon.lnk = C:\Program Files\AOL 7.0\aoltray.exe O4 - Global Startup: Digital Line Detect.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe O23 - Service: BelkinAPM - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~1.EXE O23 - Service: BelkinAPMmanager - ZeroG Software - C:\PROGRA~1\BELKIN~1\BE8806~1.EXE O23 - Service: BelkinAPMmonitor - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~4.EXE O23 - Service: BelkinAPMRMI - ZeroG Software - C:\PROGRA~1\BELKIN~1\BELKIN~3.EXE O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe -- End of file - 9041 bytes Report on Computers Behaviour Well, the PC seems to be working fine and at least back to normal. No idea what that WMP Codec thing is that Kaspersky found though... Interestingly it's in my "Downloads" folder which leads me to believe that it's something that I have chosen to download! **? I'm pretty sure the NAV autoprotect thing is rectified now, but I'll just check again after this post. If you are wondering what the "V" Drive (or the "Y" Drive for that matter) is that Kaspersky scanned, they are network drives located on my QNAP NAS thingy. But otherwise all seems pretty good. Thanks again for your assistance chemist. It's a great service that you all do here and it is hugely appreciated by all us clowns who can't seem to keep those viruses at bay. Oh yeh - about the torrenting stuff you mentioned before....Sorry, can't live without it. I do take care however and I only tend to torrent from fairly reputable places (Dimeadozen, bt.tree, some private trackers) and my motto here is "Constant Vigilance!". Everything gets checked and scanned regardless of where it comes from. I use a fairly good degree of commonsense usually (although there is that nagging issue about those WMP codecs isn't there.....). Thanks again - you are a superhero. Last edited by sirav; 11-18-2008 at 12:46 AM.*