Technology Forum

Technology Forum


infection partially prevents me from getting onto the internet

This is a discussion on infection partially prevents me from getting onto the internet within the Spyware forums, part of Technology category; A couple days ago I found that I could not access some sites like hotmail or slickdeals etc.. So I ...




Go Back   Technology Forum > Technology > Spyware

infection partially prevents me from getting onto the internet infection partially prevents me from getting onto the internet

Register FAQ Members List Calendar Search Today's Posts Mark All Read

Reply

 

Thread Tools Display Modes
  #1  
Old 07-23-2008, 06:11 PM
Senior Member
  
Join Date: Apr 2008
Posts: 15,474
Default infection partially prevents me from getting onto the internet



A couple days ago I found that I could not access some sites like hotmail or slickdeals etc.. So I ran lavasofts adaware and norton antivirus to no avail. I figured I would cut remove it from startup when I found a string like this in msconfig's startup tab :startup item: kvlqkmbtcommand: rundll32.exe "c:\WINDOWS\system32\kvlqkmbt" location: SOFTWARE\Microsoft\Windows\Currentversion\Runso I ctrlshiftesc to the task manager and shut off the rundll32.exe under the computer name, went to c:\WINDOWS\system32\ found that there were more crazy filenames after I sorted by date and tried to erase the kvlqkmbt file with no success. I then went into regedit and followed the location to get to the kvlqkmbt file, erased it successfully then erased all the related files in sys32 folder (they were arranged by date and they were all some sort of jumbling of letters) it solved the internet problem at that point. However, two days later it came back again, and my internet of course slowed down once more. I would greatly appreciate anything that can be done to clean up my computer. Thank you so much in advance!!FOLLOWING SCANS ATTACHED - Deckard System Scanner - extra.txtPASTED BELOW - Deckard System Scanner - main.txt - Panda Active Scan log*Deckard System Scanner main.txt*Deckard's System Scanner v20071014.68Run by Dude on 2008-07-23 13:11:48Computer is in Normal Mode.---------------------------------------------------------------------------------- System Restore --------------------------------------------------------------Successfully created a Deckard's System Scanner Restore Point.-- Last 5 Restore Point(s) --7: 2008-07-23 17:11:57 UTC - RP7 - Deckard's System Scanner Restore Point6: 2008-07-23 03:33:45 UTC - RP6 - Removed J2SE Runtime Environment 5.0 Update 105: 2008-07-23 03:31:29 UTC - RP5 - Removed Java(TM) 6 Update 24: 2008-07-23 03:29:49 UTC - RP4 - Removed Java(TM) 6 Update 33: 2008-07-23 03:27:53 UTC - RP3 - Removed Java(TM) 6 Update 5-- First Restore Point -- 1: 2008-07-22 17:46:37 UTC - RP1 - System CheckpointBacked up registry hives.Performed disk cleanup.-- HijackThis Clone ------------------------------------------------------------Emulating logfile of Trend Micro HijackThis v2.0.2Scan saved at 2008-07-23 13:17:10Platform: windows xp Service Pack 2 (5.01.2600)MSIE: Internet Explorer (6.00.2900.2180)Boot mode: NormalRunning processes:C:\WINDOWS\system32\smss.exeC:\WINDOWS\s ystem32\winlogon.exeC:\WINDOWS\system32\services.e xeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32 \ibmpmsvc.exeC:\WINDOWS\system32\svchost.exeC:\WIN DOWS\system32\svchost.exeC:\WINDOWS\system32\svcho st.exeC:\WINDOWS\explorer.exeC:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeC:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeC:\WINDOWS\system32\spoolsv.exe C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exeC:\WINDOWS\system32\ati2evxx.exeC:\Prog ram Files\Symantec AntiVirus\DefWatch.exeC:\Program Files\Symantec AntiVirus\Rtvscan.exeC:\Documents and Settings\Dude\Desktop\dss.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.comR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dtmpower.net/R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%sR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ieR1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ieR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: (no name) - {8DDB26C9-2B90-485B-A2B6-CDF92CF4AB61} - C:\WINDOWS\system32\jkkLBrsS.dllO2 - BHO: {504000f9-2474-5288-0f34-674efde3074a} - {a4703edf-e476-43f0-8825-47429f000405} - C:\WINDOWS\system32\czkpvz.dll (file missing)O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\3.0.1225.9868\s wg.dll (file missing)O2 - BHO: (no name) - {F5764EFC-8E49-461F-8E81-0F0EF81985E7} - C:\WINDOWS\system32\wvUmjJcD.dllO3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dllO4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Default user')O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing)O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exeO9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exeO10 - Unknown file in Winsock LSP: C:\WINDOWS\system32\nwprovau.dllO16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cabO16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/s...ctor/sw.cabO16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cabO16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://kohler1.view22.com/app/view22RTE.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/s...swflash.cabO18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLLO18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLLO18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLLO20 - Winlogon Notify: jkkLBrsS - C:\WINDOWS\system32\jkkLBrsS.dllO23 - Service: Atheros Configuration Service (ACS) - Atheros - C:\Program Files\D-Link\D-Link RangeBooster N DWA-642\acs.exeO23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\ati2evxx.exeO23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exeO23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exeO23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exeO23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exeO23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exeO23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exeO23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exeO23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exeO23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe--End of file - 7005 bytes-- File Associations -----------------------------------------------------------All associations okay.-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------R2 AegisP (AEGIS Protocol (IEEE 802.1x) v3.4.7.0) - c:\windows\system32\drivers\aegisp.sys R3 AR5416 (D-Link RangeBooster N Service) - c:\windows\system32\drivers\ar5416.sys S3 portio - c:\program files\zinf\portio.sys (file missing)-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------R2 ACS (Atheros Configuration Service) - c:\program files\d-link\d-link rangebooster n dwa-642\acs.exe S3 FLEXnet Licensing Service - "c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe" -- Device Manager: Disabled ----------------------------------------------------No disabled devices found.-- Scheduled Tasks -------------------------------------------------------------2007-11-06 15:11:30 104 --a------ C:\WINDOWS\Tasks\Low Battery Alarm Program.job-- Files created between 2008-06-23 and 2008-07-23 -----------------------------2008-07-23 12:59:20 0 d-------- C:\Documents and Settings\All Users\Application Data\TEMP2008-07-23 12:58:53 0 d-------- C:\Program Files\SpywareBlaster2008-07-22 23:03:12 0 d-------- C:\Program Files\Panda Security2008-07-20 20:35:00 0 d-------- C:\Program Files\Common Files\Download Manager2008-07-20 15:51:31 0 d--h----- C:\Documents and Settings\Administrator\Templates2008-07-20 15:51:31 0 dr------- C:\Documents and Settings\Administrator\Start Menu2008-07-20 15:51:31 0 dr-h----- C:\Documents and Settings\Administrator\SendTo2008-07-20 15:51:31 0 d--h----- C:\Documents and Settings\Administrator\Recent2008-07-20 15:51:31 0 d--h----- C:\Documents and Settings\Administrator\PrintHood2008-07-20 15:51:31 0 d--h----- C:\Documents and Settings\Administrator\NetHood2008-07-20 15:51:31 0 d-------- C:\Documents and Settings\Administrator\My Documents2008-07-20 15:51:31 0 d--h----- C:\Documents and Settings\Administrator\Local Settings2008-07-20 15:51:31 0 d-------- C:\Documents and Settings\Administrator\Favorites2008-07-20 15:51:31 0 d-------- C:\Documents and Settings\Administrator\Desktop2008-07-20 15:51:31 0 d---s---- C:\Documents and Settings\Administrator\Cookies2008-07-20 15:51:31 0 dr-h----- C:\Documents and Settings\Administrator\Application Data2008-07-20 15:51:31 0 d---s---- C:\Documents and Settings\Administrator\Application Data\Microsoft2008-07-20 15:51:30 524288 --ah----- C:\Documents and Settings\Administrator\NTUSER.DAT2008-07-19 21:54:29 850121 --ahs---- C:\WINDOWS\system32\DcJjmUvw.ini22008-07-19 21:54:14 319488 --a------ C:\WINDOWS\system32\wvUmjJcD.dll2008-07-19 21:49:06 25600 --a------ C:\WINDOWS\system32\jkkLBrsS.dll2008-07-14 23:59:01 0 d-------- C:\Program Files\QuickTime2008-07-14 23:56:20 0 d-------- C:\Program Files\Apple Software Update2008-07-14 23:56:20 0 d-------- C:\Documents and Settings\All Users\Application Data\Apple2008-07-09 18:52:35 0 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet2008-07-09 18:06:59 0 d-------- C:\Program Files\Rosetta Stone2008-07-09 18:03:01 0 d-------- C:\Program Files\Common Files\Macrovision Shared2008-07-09 18:01:50 0 d-------- C:\Documents and Settings\All Users\Application Data\Rosetta Stone2008-07-09 01:14:04 0 d-------- C:\Program Files\PeerGuardian22008-07-08 22:37:33 0 d-------- C:\Program Files\DAEMON Tools Lite2008-07-08 22:32:54 717296 --a------ C:\WINDOWS\system32\drivers\sptd.sys2008-07-08 22:32:44 0 d-------- C:\Documents and Settings\Dude\Application Data\DAEMON Tools2008-07-08 22:16:03 0 d-------- C:\Program Files\The Rosetta Stone2008-06-28 12:47:14 0 d-------- C:\WINDOWS\Cache2008-06-28 12:47:12 0 d-------- C:\Program Files\Coupons2008-06-23 11:58:49 0 d-------- C:\Program Files\View22-- Find3M Report ---------------------------------------------------------------2008-07-23 12:46:44 0 d-------- C:\Program Files\Symantec AntiVirus2008-07-23 12:44:52 0 d-------- C:\Program Files\Virtools2008-07-22 23:47:34 0 d-------- C:\Program Files\Zinf2008-07-22 23:46:26 0 d-------- C:\Program Files\Google2008-07-22 23:36:43 0 dr-h----- C:\Documents and Settings\Dude\Application Data\yahoo!2008-07-22 23:35:49 0 d-------- C:\Program Files\DivX2008-07-22 23:34:25 0 d-------- C:\Program Files\Java2008-07-22 23:27:04 0 d-------- C:\Program Files\QO Labs2008-07-22 23:25:52 0 d-------- C:\Program Files\Winamp2008-07-22 22:49:48 0 d-------- C:\Program Files\Common Files\Adobe2008-07-22 01:09:15 0 d-------- C:\Documents and Settings\Dude\Application Data\Adobe2008-07-21 14:20:02 0 d-------- C:\Documents and Settings\Dude\Application Data\EndNote2008-07-20 20:35:00 0 d-------- C:\Program Files\Common Files2008-07-16 23:43:40 0 d-------- C:\Documents and Settings\Dude\Application Data\DNA2008-07-15 00:11:32 0 d-------- C:\Program Files\Xvid2008-07-12 14:19:18 0 d-------- C:\Documents and Settings\Dude\Application Data\Aim2008-06-22 00:23:45 0 d-------- C:\Documents and Settings\Dude\Application Data\Mozilla2008-06-21 20:20:35 0 d-------- C:\Program Files\Selteco2008-06-19 01:57:25 0 d-------- C:\Documents and Settings\Dude\Application Data\Eltima Software2008-06-19 01:56:43 0 d-------- C:\Program Files\Common Files\Eltima Shared2008-06-19 01:56:36 0 d-------- C:\Program Files\Eltima Software2008-06-15 23:23:06 0 d-------- C:\Documents and Settings\Dude\Application Data\FLVPlayer4Free2008-06-15 23:22:09 0 d-------- C:\Program Files\FLVPlayer4Free2008-06-15 23:15:23 0 d-------- C:\Program Files\FLV Player2008-05-30 19:22:48 802816 --a------ C:\WINDOWS\system32\divx_xx11.dll 2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx0c.dll 2008-05-30 19:22:48 823296 --a------ C:\WINDOWS\system32\divx_xx07.dll 2008-05-30 19:22:46 815104 --a------ C:\WINDOWS\system32\divx_xx0a.dll 2008-05-30 19:22:46 683520 --a------ C:\WINDOWS\system32\DivX.dll 2008-05-22 18:22:18 3596288 --a------ C:\WINDOWS\system32\qt-dx331.dll2008-05-22 18:19:46 196608 --a------ C:\WINDOWS\system32\dtu100.dll 2008-05-22 18:19:46 81920 --a------ C:\WINDOWS\system32\dpl100.dll 2008-05-22 18:18:54 12288 --a------ C:\WINDOWS\system32\DivXWMPExtType.dll-- Registry Dump ---------------------------------------------------------------*Note* empty entries & legit default entries are not shown[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{8DDB26C9-2B90-485B-A2B6-CDF92CF4AB61}]07/19/2008 09:49 PM 25600 --a------ C:\WINDOWS\system32\jkkLBrsS.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4703edf-e476-43f0-8825-47429f000405}] C:\WINDOWS\system32\czkpvz.dll[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F5764EFC-8E49-461F-8E81-0F0EF81985E7}]07/19/2008 09:54 PM 319488 --a------ C:\WINDOWS\system32\wvUmjJcD.dll[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Run]"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [06/10/2008 04:27 AM][HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\system]"DisableStatusMessages"=1 (0x1)[HKEY_LOCAL_MACHINE\software\microsoft\windows\curr entversion\policies\explorer]"ForceClassicControlPanel"=1 (0x1)[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\policies\explorer]"NoSMHelp"=1 (0x1)"NoLowDiskSpaceChecks"=1 (0x1)"NoRecentDocsMenu"=1 (0x1)[HKEY_USERS\.default\software\microsoft\windows\cur rentversion\policies\explorer]"NoSMHelp"=1 (0x1)[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\ShellExecuteHooks]"{8DDB26C9-2B90-485B-A2B6-CDF92CF4AB61}"= C:\WINDOWS\system32\jkkLBrsS.dll [07/19/2008 09:49 PM 25600][HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\jkkLBrsS] jkkLBrsS.dll 07/19/2008 09:49 PM 25600 C:\WINDOWS\system32\jkkLBrsS.dll[HKEY_LOCAL_MACHINE\system\currentcontrolset\contro l\lsa]"Authentication Packages"= msv1_0 C:\WINDOWS\system32\wvUmjJcD[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnkbackup=C:\WINDOWS\pss\Adobe Acrobat Speed Launcher.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnkbackup=C:\WINDOWS\pss\Adobe Gamma Loader.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Wireless Connection Manager.lnk]path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnkbackup=C:\WINDOWS\pss\Wireless Connection Manager.lnkCommon Startup[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ANR]C:\Program Files\XemiComputers\Audio Notes Recorder\ANR.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ATIModeChange]Ati2mdxx.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent DNA]"C:\Program Files\DNA\btdna.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BMe3f3fb96]Rundll32.exe "C:\WINDOWS\system32\cxkexbaq.dll",s[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ccApp]"C:\Program Files\Common Files\Symantec Shared\ccApp.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]C:\WINDOWS\system32\ctfmon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DeadAIM]rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\e0c0c80a]rundll32.exe "C:\WINDOWS\system32\kvlqkmbt.dll",b[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]"C:\Program Files\MSN Messenger\msnmsgr.exe" /background[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]C:\WINDOWS\system32\NeroCheck.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]"C:\Program Files\QuickTime\QTTask.exe" -atboottime[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]"C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNo tifier.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]tp4mon.exe[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]"C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\vptray]C:\PROGRA~1\SYMANT~1\VPTray.exe[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]LocalService LmHosts SSDPSRV[HKEY_CURRENT_USER\software\microsoft\windows\curre ntversion\explorer\mountpoints2\{e7aac6d2-7d00-11dc-94fd-00d059b54b90}]AutoRun\command- D:\LaunchU3.exe*Newly Created Service* - PAVBOOT-- End of Deckard's System Scanner: finished at 2008-07-23 13:18:44 ------------*PANDA ACTIVE SCAN LOG:*;******************************************** ************************************************** ************************************************** ***********************************ANALYSIS: 2008-07-23 07:37:25PROTECTIONS: 1MALWARE: 15SUSPECTS: 0;************************************************ ************************************************** ************************************************** *******************************PROTECTIONSDescript ion Version Active Updated;========================================== ================================================== ================================================== =====================================Symantec Antivirus Corporate Edition 9.0 No Yes;============================================== ================================================== ================================================== =================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;========================================= ================================================== ================================================== ======================================00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.doubleclick.net/]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Cookies\dude@atdmt[1].txt00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.atdmt.com/]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.tribalfusion.com/]00167647 Cookie/Yadro TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Cookies\dude@yadro[1].txt00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[ad.yieldmanager.com/]00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.burstnet.com/]00168076 Cookie/BurstNet TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.burstnet.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.advertising.com/]00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.overture.com/]00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.overture.com/]00170554 Cookie/Overture TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.overture.com/]00172221 Cookie/Zedo TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Application Data\Mozilla\Firefox\Profiles\je0mosu3.mom\cookies .txt[.zedo.com/]00207338 Cookie/Target TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Cookies\dude@target[1].txt01196325 Cookie/Enhance TrackingCookie No 0 Yes No C:\Documents and Settings\Dude\Cookies\dude@enhance[1].txt03296338 Spyware/Virtumonde spyware Yes 2 Yes No C:\WINDOWS\system32\jkkLBrsS.dll03334346 Spyware/Virtumonde spyware No 1 Yes No C:\Documents and Settings\Dude\Local Settings\Temporary Internet Files\Content.IE5\OT4B4J4N\kb456456[1]03334359 Spyware/Virtumonde spyware No 1 Yes No C:\Documents and Settings\Dude\Local Settings\Temporary Internet Files\Content.IE5\OT4B4J4N\kb671231[1]03339241 Spyware/Virtumonde spyware No 1 Yes No C:\Documents and Settings\Dude\Local Settings\Temporary Internet Files\Content.IE5\O0ZPAU4M\CAT4SZHD;============== ================================================== ================================================== ================================================== ===============SUSPECTSSent Location ;================================================= ================================================== ================================================== ==============================;=================== ================================================== ================================================== ================================================== ==========VULNERABILITIESId Severity Description ;================================================= ================================================== ================================================== ============================== 184380 MEDIUM MS08-002 184379 MEDIUM MS08-001 182048 HIGH MS07-069 182046 HIGH MS07-067 182043 HIGH MS07-064 179553 HIGH MS07-061 176382 HIGH MS07-057 176383 HIGH MS07-058 170911 HIGH MS07-050 170907 HIGH MS07-046 170906 HIGH MS07-045 170904 HIGH MS07-043 164915 HIGH MS07-035 164913 HIGH MS07-033 164911 HIGH MS07-031 160623 HIGH MS07-027 157262 HIGH MS07-022 157261 HIGH MS07-021 157260 HIGH MS07-020 157259 HIGH MS07-019 156477 HIGH MS07-017 150253 HIGH MS07-016 150249 HIGH MS07-013 150248 HIGH MS07-012 150247 HIGH MS07-011 150243 HIGH MS07-008 150242 HIGH MS07-007 150241 MEDIUM MS07-006 141034 HIGH MS06-076 141033 MEDIUM MS06-075 141030 HIGH MS06-072 137571 HIGH MS06-070 137568 HIGH MS06-067 133387 MEDIUM MS06-065 133386 MEDIUM MS06-064 133385 MEDIUM MS06-063 133379 HIGH MS06-057 131654 HIGH MS06-055 129977 MEDIUM MS06-053 129976 MEDIUM MS06-052 108744 MEDIUM MS06-008 ;================================================= ================================================== ================================================== ==============================
Reply With Quote
Reply

« Cleanup after virus | Need Help removing trojan-backdoor-progdav plus more »
Thread Tools
Display Modes
Linear Mode Linear Mode


Networking | Windows Vista | Motherboards | Hard Drives | Virus Information | 0x8007f0f1 | hellzlittlespy | Chrome Plugins

Your Computer Networking, Hardware, Software, Windows, Spyware and Malware Info source.

SEO | Domain Forum | Download Ringtones


All times are GMT. The time now is 10:06 AM.

Contact Us - Tech Forum - Sitemap - Tags - Privacy Statement - Top


Powered by vBulletin® Version 3.7.0

1 2 3 4 5 6 7 8 9 10 11 12 13