1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Help...BackDoor.Hupigon

Discussion in 'Virus & Other Malware Removal' started by wench56, Mar 28, 2008.

Thread Status:
Not open for further replies.
  1. wench56

    wench56 Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    Hi there...I have a bug and I can't seem to get rid of it! Here is my HiJack this log....You guys sure helped me last year :eek: and I appreciate it so very much! Thanks...Kim


    Logfile of HijackThis v1.99.1
    Scan saved at 1:47:31 PM, on 3/28/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16608)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Ahead\InCD\InCDsrv.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Viewpoint\Common\ViewpointService.exe
    C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
    C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
    C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
    C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe
    C:\Program Files\lg_fwupdate\fwupdate.exe
    C:\Program Files\Ahead\InCD\InCD.exe
    C:\Program Files\Winamp\winampa.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\ResChanger 2005\ResChanger2005.exe
    C:\Program Files\Pando Networks\Pando\Pando.exe
    C:\PROGRA~1\MUSICM~1\MUSICM~1\MMDiag.exe
    C:\Program Files\Musicmatch\Musicmatch Jukebox\mim.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\HP\Digital Imaging\bin\hpqgalry.exe
    C:\Program Files\Grisoft\AVG Free\avgcc.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\MSN Messenger\usnsvc.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dsl.sbc.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
    O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: CInterceptor Object - {38D3FE60-3D53-4F37-BB0E-C7A97A26A156} - C:\Program Files\Pando Networks\Pando\PandoIEPlugin.dll
    O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.6.14.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
    O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [MimBoot] C:\PROGRA~1\MUSICM~1\MUSICM~1\mimboot.exe
    O4 - HKLM\..\Run: [MMTray] "C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe"
    O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [LGODDFU] "C:\Program Files\lg_fwupdate\fwupdate.exe" blrun
    O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
    O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [ResChanger 2005] C:\Program Files\ResChanger 2005\ResChanger2005.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Minimized
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
    O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
    O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
    O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
    O8 - Extra context menu item: &ieSpell Options - res://C:\Program Files\ieSpell\iespell.dll/SPELLOPTION.HTM
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: Check &Spelling - res://C:\Program Files\ieSpell\iespell.dll/SPELLCHECK.HTM
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: (no name) - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra 'Tools' menuitem: ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files\ieSpell\iespell.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnlineScan.cab
    O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
    O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.c...ls/en/x86/client/wuweb_site.cab?1111221103921
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols/fscax.cab
    O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/FujifilmUploadClient.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab53083.cab
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software XUpload) - http://www.sparedollar.com/sdImage/XUpload.ocx
    O16 - DPF: {FE5B9F54-7764-4C01-89F0-4862601EE954} (DigWebHelper Class) - http://photos.msn.com/resources/neutral/controls/DigWebX2.cab?10,0,910,0
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C6F5FDBD-49BD-4DA3-97A2-416DB104E6DE}: NameServer = 172.16.0.1,172.16.0.2
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
     
  2. wench56

    wench56 Thread Starter

    Joined:
    Feb 2, 2007
    Messages:
    25
    KASPERSKY ONLINE SCANNER REPORT
    Saturday, March 29, 2008 6:24:45 AM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version: 5.0.98.0
    Kaspersky Anti-Virus database last update: 29/03/2008
    Kaspersky Anti-Virus database records: 670608


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    J:\

    Scan Statistics
    Total number of scanned objects 126996
    Number of viruses found 7
    Number of infected objects 37
    Number of suspicious objects 0
    Duration of the scan process 04:36:05

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-11292006-073719.log Object is locked skipped

    C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\39\66d7d027-1d477d20/Baaaaa.class Infected: Trojan.Java.ClassLoader.ap skipped

    C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\39\66d7d027-1d477d20/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped

    C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\39\66d7d027-1d477d20/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ap skipped

    C:\Documents and Settings\Kim\Application Data\Sun\Java\Deployment\cache\6.0\39\66d7d027-1d477d20 ZIP: infected - 3 skipped

    C:\Documents and Settings\Kim\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{A92BB881-E58C-41F4-883D-B8C6B54A6932}\Microsoft\Outlook Express\Deleted Items.dbx/[From Ebay ][Date Tue, 22 Feb 2005 01:00:34 +0700]/html Infected: Trojan-Spy.HTML.Bankfraud.fl skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{A92BB881-E58C-41F4-883D-B8C6B54A6932}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 1 skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED/haunted/hauntpc.exe Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED/haunted Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Funnies.dbx Mail MS Outlook 5: infected - 3 skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Inbox.dbx Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{D05E3662-E44B-4BF5-BBC0-52D663356AA4}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{FF9DDE78-6CF3-4856-BADB-6B244E9B56BE}\Microsoft\Outlook Express\FUZZIES.dbx/[From "eBay Member: windsorbaffin" ][Date Wed, 4 May 2005 17:21:11 -0700]/text Infected: Trojan-Spy.HTML.Bayfraud.ib skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Identities\{FF9DDE78-6CF3-4856-BADB-6B244E9B56BE}\Microsoft\Outlook Express\FUZZIES.dbx Mail MS Outlook 5: infected - 1 skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Media Player\CurrentDatabase_219.wmdb Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Pando\Pando Files\cert\key3.db Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Application Data\Pando\Pando Files\pando.log Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\History\History.IE5\MSHist012008032820080329\index.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped

    C:\Documents and Settings\Kim\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Kim\My Documents\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED/haunted/hauntpc.exe Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\My Documents\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED/haunted Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\My Documents\Funnies.dbx/[From [email protected]][Date Sun, 13 Oct 2002 20:14:33 EDT]/UNNAMED Infected: not-virus:BadJoke.Win32.Hauntpc skipped

    C:\Documents and Settings\Kim\My Documents\Funnies.dbx Mail MS Outlook 5: infected - 3 skipped

    C:\Documents and Settings\Kim\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Kim\NTUSER.DAT.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\MxMonitor\Log\monitor_20080329.txt Object is locked skipped

    C:\RECYCLER\S-1-5-18\Dc10\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc11\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc12\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc13\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc14\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc15\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc16\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc17\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc18\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc19\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc3\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc4\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc5\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc6\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc7\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc8\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\RECYCLER\S-1-5-18\Dc9\system.dll Infected: not-a-virus:AdWare.Win32.Mostofate.u skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\migregdb.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB833987$\sxs.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\browser.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped

    C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\Downloaded Installations\{8C5C281F-F05B-452A-856D-FD2E11D12151}\AquaDeluxe.msi/Data1.cab/myBarSp.exe Infected: not-a-virus:AdWare.Win32.MyWay.ac skipped

    C:\WINDOWS\Downloaded Installations\{8C5C281F-F05B-452A-856D-FD2E11D12151}\AquaDeluxe.msi/Data1.cab Infected: not-a-virus:AdWare.Win32.MyWay.ac skipped

    C:\WINDOWS\Downloaded Installations\{8C5C281F-F05B-452A-856D-FD2E11D12151}\AquaDeluxe.msi Embedded: infected - 2 skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\EventCache\{D9B6ADB8-730C-4783-B1C5-C6428CE013B4}.bin Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    F:\Mike's Backup\Local Settings\Temporary Internet Files\Content.IE5\OX6ZS5YZ\WEBCAM_GIRLS[1].0TM Infected: Exploit.Win32.MS05-013.gen skipped

    F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    Scan process completed.
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/698086

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice