|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
05-08-2008, 03:31 PM
|
#1 (permalink) |
|
Registered User
|
infection and virus found
Hi,,, One of the kids told me that internet explorer and windows explorer kept crashing on there computer. On the C: drive i found a load of files i dont know what they are (sqmnoopt19.sqm) 20 of them. I didnt get a extra.txt from Deckard's System Scanner (DSS) but i didnt download a fresh copy of it as i had it on the comp from last year.
Scans posted: Deckard's System Scanner; panda online ActiveScan and kaspersky online scan Deckard's System Scanner v20070809.63 Run by all on 2008-05-08 at 23:08:31 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of HijackThis v1.99.1 Scan saved at 2008-05-08 23:09:01 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16640) Running processes: C:\WINDOWS\system32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\WINDOWS\explorer.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE C:\WINDOWS\system32\inetsrv\inetinfo.exe C:\Program Files\Maxtor\Sync\SyncServices.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\PnkBstrA.exe C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe C:\WINDOWS\system32\snmp.exe C:\Program Files\Spyware Terminator\sp_rsser.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Messenger\usnsvc.exe C:\Documents and Settings\all\Desktop\cleaning\dss.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/ R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://www.microsoft.com/isapi/redir...ie&ar=iesearch R1 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O4 - HKEY_LOCAL_MACHINE\..\Run: [AtiPTA] atiptaxx.exe O4 - HKEY_LOCAL_MACHINE\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [EPSON Stylus Photo R265 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.EXE /FU "C:\WINDOWS\TEMP\E_S8C.tmp" /EF "HKCU" O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe O4 - Startup: ATI Tray Tools.lnk = C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.exe O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm O8 - Extra context menu item: Download video with Free Download Manager - file://C:\Program Files\Free Download Manager\dlfvideo.htm O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra 'Tools' menuitem: (no name) - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra 'Tools' menuitem: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Plugin Control) - http://appldnld.apple.com.edgesuite....x/qtplugin.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/par...an_unicode.cab O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...irector/sw.cab O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab56986.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by114fd.bay114.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/...toUploader.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/micr...?1188034837656 O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab Class) - http://www.readyforcrysis.com/sysreqlab2.cab O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1188034823671 O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} () - http://fpdownload.macromedia.com/get.../ultrashim.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab56907.cab O16 - DPF: {E856B973-45FD-4559-8F82-EAB539144667} (Dell PC Checkup Installer Control) - http://pccheckup.dellfix.com/rel/41/...l/gtdownde.cab O18 - Protocol: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\system32\msvidctl.dll O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O20 - Winlogon Notify: AtiExtEvent - C:\WINDOWS\system32\Ati2evxx.dll O23 - Service: Adobe LM Service - Unknown owner - "C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe" O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - Unknown owner - C:\Documents and Settings\All Users\Application Data\EPSON\EPW!3 SSRP\E_S30RP1.EXE O23 - Service: Macromedia Licensing Service - Unknown owner - "C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe" O23 - Service: ServiceLayer - Nokia. - "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe" O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe -- Files created between 2008-04-08 and 2008-05-08 ----------------------------- 2008-05-08 12:26:10 0 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-05-08 09:00:18 0 d-------- C:\WINDOWS\system32\ActiveScan 2008-05-06 17:37:52 0 d-------- C:\Documents and Settings\all\Application Data\PandoraRecovery 2008-05-04 16:27:58 0 d-------- C:\Program Files\ReflexiveArcade 2008-05-03 10:09:20 56 --ah----- C:\WINDOWS\system32\ezsidmv.dat 2008-05-03 10:09:19 0 d-------- C:\Documents and Settings\all\Application Data\skypePM 2008-05-03 10:08:37 0 d-------- C:\Program Files\Common Files\Skype 2008-04-24 21:14:47 0 d-------- C:\Documents and Settings\all\Application Data\PC Suite 2008-04-24 21:14:46 0 d-------- C:\Documents and Settings\All Users\Application Data\PC Suite 2008-04-24 21:14:26 0 d-------- C:\Documents and Settings\all\Application Data\Nokia 2008-04-24 21:13:55 0 d-------- C:\Program Files\Common Files\PCSuite 2008-04-24 21:13:40 0 d-------- C:\Program Files\DIFX 2008-04-24 21:13:19 0 d-------- C:\Program Files\PC Connectivity Solution 2008-04-24 20:30:59 0 d-------- C:\Documents and Settings\All Users\Application Data\Nokia 2008-04-24 20:29:49 0 d-------- C:\Program Files\Common Files\Nokia 2008-04-24 20:29:48 0 d-------- C:\Program Files\Nokia 2008-04-24 20:29:09 0 d-------- C:\Documents and Settings\All Users\Application Data\Installations 2008-04-23 15:14:31 0 d-------- C:\Documents and Settings\all\Application Data\RSG 2008-04-23 12:20:08 0 dr-h----- C:\Documents and Settings\all\Recent 2008-04-21 21:27:31 0 d-------- C:\Program Files\Router Screenshot Grabber 2008-04-21 16:00:16 0 d-------- C:\Documents and Settings\all\Application Data\InstallShield 2008-04-21 15:58:58 96256 --a------ C:\WINDOWS\system32\drivers\mcdbus.sys <Not Verified; MagicISO, Inc.; MagicISO SCSI Host Controller> 2008-04-21 15:58:57 0 d-------- C:\Program Files\MagicDisc 2008-04-11 17:36:28 0 d-------- C:\Program Files\QuickTime 2008-04-11 15:43:53 0 d-------- C:\Downloads -- Find3M Report --------------------------------------------------------------- 2008-05-08 10:15:30 0 d-------- C:\Program Files\Windows Live Toolbar 2008-05-08 10:13:43 0 d-------- C:\Program Files\Spyware Terminator 2008-05-06 22:57:45 0 d-------- C:\Documents and Settings\all\Application Data\Skype 2008-05-05 23:58:07 0 d-------- C:\Program Files\Java 2008-05-03 10:08:40 0 d-------- C:\Program Files\Skype 2008-05-03 10:08:37 0 d-------- C:\Program Files\Common Files 2008-04-29 23:35:29 0 d-------- C:\Program Files\GameSpy Arcade 2008-04-27 13:09:30 0 d-------- C:\Documents and Settings\all\Application Data\uTorrent 2008-04-26 12:46:16 0 d-------- C:\Program Files\SpywareBlaster 2008-04-25 12:46:13 0 d--h----- C:\Program Files\InstallShield Installation Information 2008-04-25 09:30:11 0 d-------- C:\Documents and Settings\all\Application Data\Free Download Manager 2008-04-21 16:05:00 0 d-------- C:\Program Files\THQ 2008-04-11 12:54:44 0 d-------- C:\Documents and Settings\all\Application Data\Adobe 2008-04-06 18:51:10 0 d-------- C:\Program Files\Winmx 2008-04-04 02:13:54 0 d-------- C:\Program Files\MSXML 4.0 2008-04-03 03:46:41 2548 --a------ C:\WINDOWS\unins000.dat 2008-04-03 03:45:20 691545 --a------ C:\WINDOWS\unins000.exe 2008-04-03 02:31:40 0 d-------- C:\Program Files\Lavasoft 2008-04-03 02:31:12 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard 2008-04-02 14:25:17 0 d-------- C:\Program Files\Steam 2008-03-31 00:14:16 0 d-------- C:\Program Files\Alcohol Soft 2008-03-27 02:46:45 0 d-------- C:\Program Files\Avira 2008-03-25 14  29 0 d-------- C:\Program Files\Maxtor2008-03-23 09:10:33 0 d-------- C:\Program Files\Common Files\Adobe 2008-03-19 18:18:37 116 --a------ C:\Documents and Settings\all\Application Data\wklnhst.dat 2008-03-19 13:31:32 0 d-------- C:\Documents and Settings\all\Application Data\Template 2008-03-19 13:25:45 0 d-------- C:\Program Files\Microsoft Works 2008-03-10 16:22:02 0 d-------- C:\Program Files\Windows Live 2008-03-01 20:58:27 16 --a------ C:\WINDOWS\popcinfo.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AtiPTA"="atiptaxx.exe" [22/02/2006 01:05 C:\WINDOWS\system32\atiptaxx.exe] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [14/04/2008 23:39] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [04/08/2004 00:56] "EPSON Stylus Photo R265 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBNE.exe" [19/05/2006 05:00] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [28/01/2008 11:43] [HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce] "RunNarrator"=Narrator.exe C:\Documents and Settings\all\Start Menu\Programs\Startup\ ATI Tray Tools.lnk - C:\Program Files\Radeon Omega Drivers\v3.8.360\ATI Tray Tools\atitray.exe [13/11/2005 23:43:26] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegistryTools"=0 (0x0) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}] @="Volume shadow copy" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk backup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth Manager.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk backup=C:\WINDOWS\pss\Bluetooth Manager.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Sam.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Sam.lnk backup=C:\WINDOWS\pss\Sam.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SnagIt 8.lnk] path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnagIt 8.lnk backup=C:\WINDOWS\pss\SnagIt 8.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^all^Start Menu^Programs^Startup^MagicDisc.lnk] path=C:\Documents and Settings\all\Start Menu\Programs\Startup\MagicDisc.lnk backup=C:\WINDOWS\pss\MagicDisc.lnkStartup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lovefilm DLM Manager] C:\Program Files\LOVEFiLM International\Lovefilm Download Manager\Download Manager.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mxomssmenu] "C:\Program Files\Maxtor\OneTouch Status\maxmenumgr.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia.PCSync] "G:\Program-Files\Nokia software suit\Nokia PC Suite 6\PCSync2.exe" /NoDialog [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray] "G:\Program-Files\Nokia software suit\Nokia PC Suite 6\PCSuite.exe" -onlytray [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan] SOUNDMAN.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam] "c:\program files\steam\steam.exe" -silent [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uninstall_CToolbar] "C:\WINDOWS\Temp\CTun.exe" "/remove" [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F] AutoRun\command- F:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-05-08 at 23:09:32 --------- panda online ActiveScan Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\UBCD4Win\BartPE\I386\SYSTEM32\NIRCMD.EXE Hacktool:Hacktool/AngryScan Not disinfected C:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\UBCD4Win\plugin\AntiVirus\AV7PE\nircmd.exe Hacktool:Hacktool/AngryScan Not disinfected C:\UBCD4Win\plugin\Network\ipscan\ipscan.exe Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\SAMInside.exe] Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetHashes.exe] Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetSyskey.exe] Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar[SAMInside\SAMInside.exe] Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetHashes.exe] Potentially unwanted tool:Application/SAMInside Not disinfected F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetSyskey.exe] Potentially unwanted tool:Application/SAMInside Not disinfected G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\SAMInside.exe] Potentially unwanted tool:Application/SAMInside Not disinfected G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetHashes.exe] Potentially unwanted tool:Application/SAMInside Not disinfected G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar[SAMInside\Tools\GetSyskey.exe] kaspersky online scan ------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Thursday, May 08, 2008 9:18:54 PM Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.98.0 Kaspersky Anti-Virus database last update: 8/05/2008 Kaspersky Anti-Virus database records: 746421 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: A:\ C:\ D:\ E:\ F:\ G:\ H:\ I:\ J:\ K:\ L:\ Scan Statistics: Total number of scanned objects: 137771 Number of viruses found: 13 Number of infected objects: 106 Number of suspicious objects: 0 Duration of the scan process: 08:13:56 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\all\Cookies\index.dat Object is locked skipped C:\Documents and Settings\all\Desktop\lime wire downloads\honey daniels.mp3 Infected: Trojan-Downloader.WMA.Wimad.n skipped C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db Object is locked skipped C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\CardSpace\CardSpace.db.shadow Object is locked skipped C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\all\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\all\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\all\Local Settings\History\History.IE5\MSHist012008050820080509\index.dat Object is locked skipped C:\Documents and Settings\all\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped C:\Documents and Settings\all\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\all\ntuser.dat Object is locked skipped C:\Documents and Settings\all\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2008-05-08.08-57-15.log Object is locked skipped C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP107\A0005674.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP107\A0005675.exe Infected: not-a-virus:AdWare.Win32.Trymedia.d skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP137\A0007585.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP137\A0007585.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP137\A0007585.exe Inno: infected - 2 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP158\change.log Object is locked skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3145 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3324 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3326 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3329 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3382 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3385 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3386 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3387 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3587/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3587/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3587/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe/file3587 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped C:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP76\A0003314.exe Inno: infected - 12 skipped C:\UBCD4Win\BartPE\I386\SYSTEM32\WM_HOOKS.DLL Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\BartPE\PROGRAMS\IPScan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UBCD4Win\BartPE\PROGRAMS\ultravnc\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\UBCD4Win\BartPE\PROGRAMS\ultravnc\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UBCD4Win\BartPE\PROGRAMS\vncserver\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\BartPE\PROGRAMS\vncserver\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\plugin\Network\ipscan\ipscan.exe Infected: not-a-virus:NetTool.Win32.Portscan.c skipped C:\UBCD4Win\plugin\Network\ultravnc\files\vnchooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UBCD4Win\plugin\Network\ultravnc\files\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped C:\UBCD4Win\plugin\Network\ultravnc\files\winvnc.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped C:\UBCD4Win\plugin\Network\VNCServer\vncconfig.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\plugin\Network\VNCServer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\plugin\Network\VNCServer\winvnc4.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\UBCD4Win\plugin\Network\VNCServer\wm_hooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\default Object is locked skipped C:\WINDOWS\system32\config\default.LOG Object is locked skipped C:\WINDOWS\system32\config\Internet.evt Object is locked skipped C:\WINDOWS\system32\config\SAM Object is locked skipped C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\SECURITY Object is locked skipped C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped C:\WINDOWS\system32\config\software Object is locked skipped C:\WINDOWS\system32\config\software.LOG Object is locked skipped C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped C:\WINDOWS\system32\config\system Object is locked skipped C:\WINDOWS\system32\config\system.LOG Object is locked skipped C:\WINDOWS\system32\h323log.txt Object is locked skipped C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_67c.dat Object is locked skipped C:\WINDOWS\wiadebug.log Object is locked skipped C:\WINDOWS\wiaservc.log Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped F:\2a81faac611e32dcd1d6ff\msxml6-KB927977-enu-x86.log Object is locked skipped F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/SAMInside.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetHashes.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetSyskey.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar RAR: infected - 3 skipped F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar/SAMInside/SAMInside.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetHashes.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetSyskey.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar RAR: infected - 3 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3145 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3324 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3326 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3329 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3382 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3385 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3386 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3387 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3587/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3587/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3587/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe/file3587 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\(APP) UBCD 4 Win V306.exe Inno: infected - 12 skipped F:\doj\programs 1\(OS) Windows XP Pro Corp Slipstreamed.iso/$OEM$/$$/System32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped F:\doj\programs 1\(OS) Windows XP Pro Corp Slipstreamed.iso ISOimage: infected - 1 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3145 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3324 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3326 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3329 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3382 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3385 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3386 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3387 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3587/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3587/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3587/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\UBCD 4 Win V306.exe/file3587 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped F:\doj\programs 1\UBCD 4 Win V306.exe Inno: infected - 12 skipped F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped F:\System Volume Information\_restore{FA0518AC-1051-4EA3-8BBD-49D6FA043FEA}\RP21\A0008419.exe/WISE0034.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped F:\System Volume Information\_restore{FA0518AC-1051-4EA3-8BBD-49D6FA043FEA}\RP21\A0008419.exe/WISE0159.BIN/WISE0005.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped F:\System Volume Information\_restore{FA0518AC-1051-4EA3-8BBD-49D6FA043FEA}\RP21\A0008419.exe/WISE0159.BIN Infected: not-a-virus:RiskTool.Win32.CloseApp.a skipped F:\System Volume Information\_restore{FA0518AC-1051-4EA3-8BBD-49D6FA043FEA}\RP21\A0008419.exe WiseSFX: infected - 3 skipped F:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped F:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped F:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe Inno: infected - 2 skipped F:\to sort\Apps - PC Tools - Ultimate Boot Disk 9.02 SE.iso/Programs/RemoteControl/apc_host.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.b skipped F:\to sort\Apps - PC Tools - Ultimate Boot Disk 9.02 SE.iso ISOimage: infected - 1 skipped G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/SAMInside.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetHashes.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar/SAMInside/Tools/GetSyskey.exe Infected: not-a-virus:PSWTool.Win32.SAMInside.g skipped G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar RAR: infected - 3 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3145 Infected: not-a-virus:NetTool.Win32.Portscan.c skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3324 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3326 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1102 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3329 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.c skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3382 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3385 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3386 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3387 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3587/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.g skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3587/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3587/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped G:\programs 2\(APP) UBCD 4 Win V306.exe/file3587 Infected: not-a-virus:PSWTool.Win32.RAS.a skipped G:\programs 2\(APP) UBCD 4 Win V306.exe Inno: infected - 12 skipped G:\programs 2\(OS) Windows XP Pro Corp Slipstreamed.iso/$OEM$/$$/System32/cmdow.exe Infected: not-a-virus:RiskTool.Win32.HideWindows skipped G:\programs 2\(OS) Windows XP Pro Corp Slipstreamed.iso ISOimage: infected - 1 skipped G:\stick programs 22-4-08\VNC\vnc-4_1_1-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped G:\stick programs 22-4-08\VNC\vnc-4_1_1-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\stick programs 22-4-08\VNC\vnc-4_1_1-x86_win32.exe Inno: infected - 2 skipped G:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped G:\System Volume Information\_restore{BAD70DFF-4068-444B-B3C4-547AF0E48124}\RP158\change.log Object is locked skipped G:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe/file1 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4110 skipped G:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe/file3 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.4 skipped G:\temp stick\programs\VNC\vnc-4_1_1-x86_win32.exe Inno: infected - 2 skipped G:\to sort\Apps - PC Tools - Ultimate Boot Disk 9.02 SE.iso/Programs/RemoteControl/apc_host.exe Infected: not-a-virus:RemoteAdmin.Win32.RemoteDesktopControl.b skipped G:\to sort\Apps - PC Tools - Ultimate Boot Disk 9.02 SE.iso ISOimage: infected - 1 skipped Scan process completed. Thanks for your time DojHarris EDITS messege i get Internet explore cannot open the internet site (what ever site I am opening,,, but not all the time) operation aborted When running adware 2007 my antivirus popped and found: Virus or unwanted program 'TR/Horse2.DBA.1 [trojan]' detected in file 'F:\System Volume Information\_restore{7CA3826A-2F48-4A96-A949-80A5D96A75E7}\RP17\A0010330.exe. Action performed: Move file to quarantine Last edited by dojharris; 05-08-2008 at 03:50 PM. Reason: EDITS messege i get and running adware 2007 |
|
     |
| Sponsored Links |
|
05-20-2008, 09:38 PM
|
#4 (permalink) | ||
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,951
OS: WinXP and Vista
|
Re: infection and virus found
Hi dojharris,
Quote:
Delete the following files: F:\doj\programs 1\(APP) - SAMInside_v2.6.0.0 + Crack .rar F:\doj\programs 1\(App) SAMInside_v2.6.0.0 + Crack .rar G:\programs 2\(APP) - SAMInside_v2.6.0.0 + Crack .rar ------------------------------------------------ Quote:
How is the system behaving? |
||
|
|
|
|
05-21-2008, 05:59 AM
|
#5 (permalink) |
|
Registered User
|
Re: infection and virus found
Hi, Thanks for the infore, I have brought the computer down stairs for a bit and it has been behaving better latley, It started behaving better before i deleted them files.
I had a word with him about them files and he said that program is not installed and his friend downloaded it. Hes be warned about his friend using the his computer. I am a bit concerned about a program i use, CleanUp! > http://www.majorgeeks.com/CleanUp_d4895.html It seems to be deleting 100 or 200 files every time i run the program daily, i use it on my other 3 computer and it just find 1 or 2 files. Should i run somthing like disk cleanup on me external hard drives? Thanks for you time |
|
|
|
|
05-21-2008, 06:50 AM
|
#6 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,951
OS: WinXP and Vista
|
Re: infection and virus found
What types of files is it deleting? Depending on the amount of web surfing that is going on, it could easily reach that many temp and temp internet files.
|
|
|
|
|
05-22-2008, 08:56 PM
|
#9 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,951
OS: WinXP and Vista
|
Re: infection and virus found
I'm sorry, but I'm not sure what you're saying.
Are you saying this only happens when you try to access Microsoft Update site, or all sites with IE? |
|
|
|
|
05-23-2008, 01:47 AM
|
#10 (permalink) |
|
Registered User
|
Re: infection and virus found
Well it doest allways happen on all sites, but it has been happening on the microsoft update site for the last 2 days. Its a bit random seems to be ok some days then other days it happens all the time (on all sites). With IE
|
|
|
|
|
05-23-2008, 10:21 PM
|
#11 (permalink) |
|
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
Join Date: Jan 2005
Location: Ohio
Posts: 23,951
OS: WinXP and Vista
|
Re: infection and virus found
This does not appear to be malware related. I would suggest discussing this issue with the folks in the Internet Exporer Forum
|
|
|
|
| Thread Tools | |
|
|
