oh hamburgers Posted September 2, 2008 ID:26448 Share Posted September 2, 2008 Malwarebytes' Anti-Malware 1.25Database version: 1102Windows 5.1.2600 Service Pack 22:10:27 AM 9/1/2008mbam-log-09-01-2008 (02-10-21).txtScan type: Quick ScanObjects scanned: 51596Time elapsed: 2 minute(s), 16 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 11Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\amvo0.dll (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\amvo1.dll (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jeff\Local Settings\Temp\tru8.tmp (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jeff\Local Settings\Temp\tru9.tmp (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jeff\Local Settings\Temp\bng8.tmp (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jeff\Local Settings\Temp\bng9.tmp (Trojan.Agent) -> No action taken.C:\Documents and Settings\Jeff\Local Settings\Temp\bngB.tmp (Trojan.Agent) -> No action taken.ActiveScan;***********************************************************************************************************************************************************************************ANALYSIS: 2008-09-02 12:43:07PROTECTIONS: 1MALWARE: 48SUSPECTS: 0;***********************************************************************************************************************************************************************************PROTECTIONSDescription Version Active Updated;===================================================================================================================================================================================Kaspersky Anti-Virus 7.0 7.0.0.125 No No;===================================================================================================================================================================================MALWAREId Description Type Active Severity Disinfectable Disinfected Location;===================================================================================================================================================================================00020994 W32/Bagle.pwdzip Virus No 0 Yes No C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\WildTangent33.zip00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.casalemedia.com/]00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.casalemedia.com/]00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.casalemedia.com/]00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.casalemedia.com/]00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.doubleclick.net/]00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.atdmt.com/]00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.tradedoubler.com/]00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.tradedoubler.com/]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.fastclick.net/]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.fastclick.net/]00145457 Cookie/FastClick TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.fastclick.net/]00145731 Cookie/Tribalfusion TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.tribalfusion.com/]00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.com.com/]00167749 Cookie/Toplist TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.toplist.cz/]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.statcounter.com/]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.statcounter.com/]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.statcounter.com/]00167753 Cookie/Statcounter TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.statcounter.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[ad.yieldmanager.com/]00168056 Cookie/YieldManager TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[ad.yieldmanager.com/]00168061 Cookie/Apmebf TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.apmebf.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.serving-sys.com/]00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.bs.serving-sys.com/]00168109 Cookie/Adtech TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.adtech.de/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Cookies\jeff@advertising[2].txt00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00169190 Cookie/Advertising TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.advertising.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00170495 Cookie/PointRoll TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.ads.pointroll.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.questionmarket.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.questionmarket.com/]00171982 Cookie/QuestionMarket TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.questionmarket.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]00194327 Cookie/Go TrackingCookie No 0 Yes No C:\Documents and Settings\Jeff\Application Data\Mozilla\Firefox\Profiles\6jd9qyin.default\cookies.txt[.go.com/]02164907 Generic Malware Virus/Trojan No 0 Yes No C:\Program Files\DIGStream\digstream.exe02903629 Trj/Lineage.HQA Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0019349.dll02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP286\A0019150.cmd02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\u2.cmd02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0019217.cmd02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP284\A0019127.cmd02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP283\A0019120.cmd02903667 W32/Lineage.HPX.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP285\A0019133.cmd02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP318\A0024558.inf02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP285\A0019134.inf02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP284\A0019128.inf02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP283\A0019121.inf02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP287\A0019218.inf02906972 W32/Autorun.RO.worm Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP286\A0019151.inf02914919 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027288.dll02914919 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027278.dll02914919 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028281.dll02914919 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026278.dll03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026155.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028447.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028459.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028624.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028440.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028410.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028319.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028391.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028300.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028334.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028362.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028637.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026156.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028369.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028634.sys03295708 Rootkit/Autorun.gen HackTools No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028328.sys03472228 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0024582.cmd03472228 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0024642.cmd03472228 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0024644.exe03472745 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0024583.inf03472745 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0025076.inf03472745 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0024643.inf03472745 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP320\A0025061.inf03475853 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026009.dll03475853 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026027.dll03475853 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026159.dll03475853 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025044.dll03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026013.cmd03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025053.exe03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0025077.cmd03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025050.cmd03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026016.exe03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP320\A0025062.cmd03476289 W32/Lineage.JJE Virus/Worm No 1 Yes No C:\x0.cmd03476291 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026160.dll03476291 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026017.dll03476291 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026008.dll03476291 W32/Lineage.JJE.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025054.dll03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP320\A0025060.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025051.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP319\A0025057.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026026.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\tyktjfww.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0026012.exe03476572 W32/Lineage.JJN Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP321\A0025075.exe03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP325\A0026186.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP322\A0026038.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP323\A0026045.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027287.exe03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027282.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP326\A0026198.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026050.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026165.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0026336.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP327\A0026210.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP328\A0026237.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0026324.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP335\A0026299.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP329\A0026245.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP334\A0026295.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026283.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP330\A0026249.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\r2nl.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026264.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP332\A0026257.com03476691 W32/Lineage.JJP Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP331\A0026255.com03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP331\A0026254.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP327\A0026209.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026167.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026048.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP323\A0026044.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP326\A0026197.inf03476693 W32/Lineage.JJP.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP322\A0026037.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP329\A0026246.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP330\A0026250.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP332\A0026258.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP328\A0026238.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026284.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP325\A0026187.inf03477343 W32/Lineage.JKD.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026265.inf03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP322\A0026036.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP330\A0026251.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026287.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP328\A0026239.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP332\A0026259.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\bpu.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP329\A0026247.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026166.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026282.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP331\A0026253.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026047.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP323\A0026043.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP327\A0026208.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP325\A0026188.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026266.exe03480331 W32/Lineage.JKW Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP326\A0026196.exe03480445 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026288.dll03480445 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027279.dll03480445 W32/Lineage.JLK.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP333\A0026277.dll03489070 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP324\A0026179.exe03520264 W32/Autorun.ADA.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0026337.inf03520264 W32/Autorun.ADA.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027283.inf03520264 W32/Autorun.ADA.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP334\A0026296.inf03520264 W32/Autorun.ADA.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP335\A0026300.inf03520264 W32/Autorun.ADA.worm Virus/Worm No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0026325.inf03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP335\A0026301.com03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0026338.com03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\n.com03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP334\A0026297.com03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP336\A0026326.com03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027292.exe03522341 W32/Lineage.JNV.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027284.com03522357 W32/Lineage.JOJ.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP337\A0027293.dll03522357 W32/Lineage.JOJ.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028282.dll03533869 W32/Lineage.JPJ.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0027333.inf03533869 W32/Lineage.JPJ.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP338\A0027296.inf03533869 W32/Lineage.JPJ.worm Virus/Worm No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028292.inf03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\WINDOWS\system32\amvo.exe03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028325.com03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\bwpncb6.com03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP338\A0027295.com03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028290.com03548677 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0027332.com03548678 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028321.dll03548678 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028694.dll03548678 W32/Lineage.JPL.worm Virus/Trojan No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028693.dll03556320 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028320.dll03556320 Generic Malware Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028302.dll03556324 Generic Trojan Virus/Trojan No 0 Yes No C:\ph.com03556324 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028291.com03556324 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028301.exe03556324 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP338\A0027297.com03556324 Generic Trojan Virus/Trojan No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0027334.com03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028370.exe03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028396.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028629.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\kk3.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028367.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028422.exe03563587 W32/Lineage.JPU Virus No 1 Yes No c:\windows\system32\ckvo.exe03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028425.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028324.bat03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028329.exe03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028441.exe03563587 W32/Lineage.JPU Virus No 1 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028445.bat03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028423.dll03563588 W32/Lineage.JPU.worm Virus Yes 0 Yes No C:\WINDOWS\system32\ckvo0.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028411.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028371.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\WINDOWS\system32\ckvo1.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028392.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028442.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028363.dll03563588 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028330.dll03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028326.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\autorun.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028446.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028426.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028397.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP339\A0028368.inf03563589 W32/Lineage.JPU.worm Virus No 0 Yes No C:\System Volume Information\_restore{129201FA-B0AC-49B3-96B2-DEB8B91E727B}\RP340\A0028630.inf;===================================================================================================================================================================================SUSPECTSSent Location ;===================================================================================================================================================================================;===================================================================================================================================================================================VULNERABILITIESId Severity Description ;===================================================================================================================================================================================;===================================================================================================================================================================================Logfile of Trend Micro HijackThis v2.0.2Scan saved at 3:54:22 PM, on 8/31/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001C:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXEC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\WINDOWS\regedit.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exeO4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 9532 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted September 2, 2008 ID:26498 Share Posted September 2, 2008 Hello and welcome to Malwarebytes. Please update MBAM and run a quick scan again. This time, be sure you have an check next to all items found and you take action. Post that log and a new HJT log. Link to post Share on other sites More sharing options...
oh hamburgers Posted September 2, 2008 Author ID:26521 Share Posted September 2, 2008 Hello and welcome to Malwarebytes. Please update MBAM and run a quick scan again. This time, be sure you have an check next to all items found and you take action. Post that log and a new HJT log.Malwarebytes' Anti-Malware 1.26Database version: 1104Windows 5.1.2600 Service Pack 29/2/2008 11:26:02 PMmbam-log-2008-09-02 (23-26-02).txtScan type: Quick ScanObjects scanned: 51050Time elapsed: 5 minute(s), 3 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 4Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Not selected for removal.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Delete on reboot.C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\amvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:48 AM, on 9/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001C:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXE Link to post Share on other sites More sharing options...
JeanInMontana Posted September 2, 2008 ID:26524 Share Posted September 2, 2008 You only posted a portion of the HJT log. Please post all of it. Link to post Share on other sites More sharing options...
oh hamburgers Posted September 2, 2008 Author ID:26525 Share Posted September 2, 2008 You only posted a portion of the HJT log. Please post all of it.Sorry about that.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 12:02:48 AM, on 9/3/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001C:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exeC:\Program Files\NetWaiting\netWaiting.exeC:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\Adobe\Acrobat 7.0\Acrobat\Acrobat_sl.exeC:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [updateMgr] "C:\PROGRA~1\Adobe\ACROBA~1.0\Acrobat\AdobeUpdateManager.exe" AcPro7_1_0 -reboot 1O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 10209 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted September 2, 2008 ID:26534 Share Posted September 2, 2008 You should notice an improved performance. MBAM ripped the heart out of some nasty stuff. You are running an outdated and unsafe version of Java. You need to uninstall it via Add/Remove programs and delete the program file also. Then go here Java Update and install the correct version for your system. Choose the offline installation.Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etcDo these updates. Update MBAM and run a quick scan post that log and a new HJT please. Link to post Share on other sites More sharing options...
oh hamburgers Posted September 2, 2008 Author ID:26548 Share Posted September 2, 2008 (edited) Malwarebytes' Anti-Malware 1.26Database version: 1104Windows 5.1.2600 Service Pack 29/3/2008 2:19:21 AMmbam-log-2008-09-03 (02-19-11).txtScan type: Quick ScanObjects scanned: 50459Time elapsed: 5 minute(s), 44 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> No action taken.Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> No action taken.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> No action taken.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> No action taken.C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> No action taken. Edited September 3, 2008 by JeanInMontana remove invalid hjt log AND quote Link to post Share on other sites More sharing options...
JeanInMontana Posted September 3, 2008 ID:26622 Share Posted September 3, 2008 There is no point in scanning and not taking action. Remove the malware found. Update MBAM and quickscan again. Post that log and a new HJT log please. Link to post Share on other sites More sharing options...
oh hamburgers Posted September 3, 2008 Author ID:26626 Share Posted September 3, 2008 There is no point in scanning and not taking action. Remove the malware found. Update MBAM and quickscan again. Post that log and a new HJT log please.I never closed the previous scan, so I had the program "remove the malware," and then rebooted. Then I ran another scan and came up with these results. There does not seem to be much progress.Malwarebytes' Anti-Malware 1.26Database version: 1104Windows 5.1.2600 Service Pack 29/4/2008 1:47:33 AMmbam-log-2008-09-04 (01-47-33).txtScan type: Quick ScanObjects scanned: 50127Time elapsed: 8 minute(s), 21 second(s)Memory Processes Infected: 0Memory Modules Infected: 1Registry Keys Infected: 0Registry Values Infected: 1Registry Data Items Infected: 1Folders Infected: 0Files Infected: 3Memory Processes Infected:(No malicious items detected)Memory Modules Infected:C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.Registry Keys Infected:(No malicious items detected)Registry Values Infected:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kamsoft (Trojan.Agent) -> Quarantined and deleted successfully.Registry Data Items Infected:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL\CheckedValue (Hijack.System.Hidden) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.Folders Infected:(No malicious items detected)Files Infected:C:\WINDOWS\system32\ckvo.exe (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ckvo0.dll (Trojan.Agent) -> Quarantined and deleted successfully.C:\WINDOWS\system32\ckvo1.dll (Trojan.Agent) -> Delete on reboot.Logfile of Trend Micro HijackThis v2.0.2Scan saved at 1:50:14 AM, on 9/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001C:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 10138 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted September 3, 2008 ID:26630 Share Posted September 3, 2008 Looks like progress to me... you removed several trojans.Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.Reboot and update MBAM run another quickscan post that log and a new HJT log. Link to post Share on other sites More sharing options...
oh hamburgers Posted September 3, 2008 Author ID:26637 Share Posted September 3, 2008 Looks like progress to me... you removed several trojans.Your running an outdated and unsafe version of Adobe Acrobat Reader latest version. Or get the alternative faster lighter on resources Foxit PDF Reader and Editor Look at the Downloads tab here or Downloads if you don't want to see the features etc.Reboot and update MBAM run another quickscan post that log and a new HJT log.I have updated Adobe.Malwarebytes' Anti-Malware 1.26Database version: 1104Windows 5.1.2600 Service Pack 29/4/2008 2:39:49 AMmbam-log-2008-09-04 (02-39-49).txtScan type: Quick ScanObjects scanned: 50032Time elapsed: 7 minute(s), 51 second(s)Memory Processes Infected: 0Memory Modules Infected: 0Registry Keys Infected: 0Registry Values Infected: 0Registry Data Items Infected: 0Folders Infected: 0Files Infected: 0Memory Processes Infected:(No malicious items detected)Memory Modules Infected:(No malicious items detected)Registry Keys Infected:(No malicious items detected)Registry Values Infected:(No malicious items detected)Registry Data Items Infected:(No malicious items detected)Folders Infected:(No malicious items detected)Files Infected:(No malicious items detected)Logfile of Trend Micro HijackThis v2.0.2Scan saved at 2:41:54 AM, on 9/4/2008Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v7.00 (7.00.6000.16705)Boot mode: NormalRunning processes:C:\WINDOWS\System32\smss.exeC:\WINDOWS\system32\winlogon.exeC:\WINDOWS\system32\services.exeC:\WINDOWS\system32\lsass.exeC:\WINDOWS\system32\svchost.exeC:\WINDOWS\System32\svchost.exeC:\WINDOWS\System32\WLTRYSVC.EXEC:\WINDOWS\System32\bcmwltry.exeC:\WINDOWS\system32\spoolsv.exeC:\WINDOWS\Explorer.EXEC:\WINDOWS\system32\Rundll32.exeC:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\jre1.6.0_07\bin\jusched.exeC:\DOCUME~1\Jeff\LOCALS~1\Temp\clclean.0001C:\Program Files\Dell Support\DSAgnt.exeC:\WINDOWS\system32\ctfmon.exeC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exeC:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeC:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeC:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeC:\WINDOWS\system32\CTsvcCDA.exeC:\WINDOWS\eHome\ehRecvr.exeC:\WINDOWS\eHome\ehSched.exeC:\WINDOWS\system32\nvsvc32.exeC:\WINDOWS\system32\stacsv.exeC:\WINDOWS\system32\svchost.exeC:\Program Files\Malwarebytes' Anti-Malware\mbam.exeC:\Program Files\Mozilla Firefox\firefox.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINDOWS\system32\dllhost.exeC:\WINDOWS\system32\NOTEPAD.EXEC:\Program Files\Trend Micro\HijackThis\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.localR3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLLO2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dllO2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dllO3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dllO3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dllO3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dllO4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [MBMon] Rundll32 CTMBHA.DLL,MBMonO4 - HKLM\..\Run: [VoiceCenter] "C:\Program Files\Creative\VoiceCenter\AndreaVC.exe" /trayO4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exe"O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /autoO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"O4 - HKCU\..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netWaiting.exeO4 - HKCU\..\Run: [setDefaultMIDI] MIDIDef.exeO4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startupO4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exeO4 - HKCU\..\Run: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeO4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_1_0 -reboot 1O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exeO4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: Bluetooth.lnk = ?O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htmO8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlO8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlO8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.htmlO8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.htmlO8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htmO8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htmO8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htmO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dllO9 - Extra button: Web Anti-Virus statistics - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\SCIEPlgn.dllO9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLLO9 - Extra button: (no name) - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Common Files\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLLO9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dllO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dllO23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exeO23 - Service: Kaspersky Anti-Virus 7.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 7.0\avp.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exeO23 - Service: Creative Labs Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\CreativeLicensing.exeO23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exeO23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\WINDOWS\system32\stacsv.exeO23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE--End of file - 10138 bytes Link to post Share on other sites More sharing options...
JeanInMontana Posted September 4, 2008 ID:26746 Share Posted September 4, 2008 Run HJT in scan only and put a check next to the following then click fix.O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)If you did update Adobe, you would have the correct version. Your still running 7 the current version is 9. http://www.reader-download-free.com/ I start to lose patience real fast when people think they can fool me.Your log looks clean. We need to now reset a clean System Restore point. If you don't and you need to use System Restore you will reinfect yourself. Go to Start>Control Panel>System. Click on the System Restore tab and put a check in Turn off System Restore. Then click OK. Now go to Start>Help and Support > Undo Changes to Your System or System Restore depending on the make of your PC. Click on what ever will open the System Restore box. You will see two options, Choose Create a System Restore Point. Give it a name like Clean Restore Point and today's date. Now if you need to use it you have it. Many of these infections can be avoided with an added layer of prevention. All recommended programs are free and easy on system resources. You should install them as part of your protection arsenal. Keep MBAM and Spybot Search & Destroy and always immunize SBS&D when you update. You will also need at least one other scanning program Asquared or SuperAntiSpyware are good and there are several other excellent programs with free and paid versions. Read the overviews of what each program below does so you have an understanding of their importance and how to use.A firewall and antivirus are also essential. The Windows firewall in XP and Vista is not sufficient.Preform Windows Updates monthly on the second Tuesday or use automatic updates, and use your scanners weekly at the least. Always update before you scan.Keep other software known for vulnerabilities updated also. Use the Secunia Inspector free scan to identify risks in outdated versions.SpywareBlaster from Javacool SoftwareWinPatrol by BillPStudios SiteHound by FireTrustRogueRemoverhpHostsThe windows firewall is not sufficient to protect. It doesn't monitor outgoing traffic and this is a must. I use and recommend Online Armor Free Also the full protection of MBAM is offered at a very low price. Link to post Share on other sites More sharing options...
JeanInMontana Posted September 10, 2008 ID:27469 Share Posted September 10, 2008 Since this issue is resolved I will close the thread to prevent others from posting into it. If you need assistance please start your own topic and someone will be happy to assist you.The fixes and advice in this thread are for this machine only. Do not apply to your machine. Please start a thread of your own and someone will be happy to help you. Link to post Share on other sites More sharing options...
Recommended Posts