--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, January 30, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, January 29, 2010 20:00:04
Records in database: 3384767
--------------------------------------------------------------------------------
Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes
Scan area - My Computer:
A:\
C:\
D:\
E:\
Z:\
Scan statistics:
Objects scanned: 118755
Threats found: 21
Infected objects found: 67
Suspicious objects found: 16
Scan duration: 05:43:14
File name / Threat / Threats count
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\00303571.tmp Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0322036E.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\036E491B.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\05E92B6F.tmp Infected: Email-Worm.Win32.Klez.h 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\0C8748EE.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\16383456.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\192F7AD5.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\25B62116.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2ADA0BF9.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2D7C6566.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\2DCB5510.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\30253191.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\31CB110D.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3234509A.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\33D370E1.tmp Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\38EC50EF.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\391672C0.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\39472DB5.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3CDE4208.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\3FD0476D.tmp Infected: Email-Worm.Win32.Bagle.fb 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\43415E3E.tmp Infected: Email-Worm.Win32.Bagle.pac 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4A6C6F86.tmp Infected: Email-Worm.Win32.Tanatos.b.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\4D176BC0.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\53934EE9.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\56DB1842.tmp Infected: Email-Worm.Win32.NetSky.b 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B62422D.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B763E17.exe Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B796814.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B7C1210.dll Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\5B9A3311.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\60D11009.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\64D91BF8.tmp Infected: Email-Worm.Win32.Tanatos.b.dam 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\655910D6.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\65870430.tmp Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 2
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\66BD714E.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\68DF2867.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\706B0CFC.tmp Infected: Email-Worm.Win32.Swen 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\70FB4838.tmp Infected: Email-Worm.Win32.Bagle.bj 1
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Quarantine\78B93894.tmp Infected: Email-Worm.Win32.Tanatos.b 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\incoming.verizon-3.net\Inbox Infected: Email-Worm.Win32.Bagle.bj 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\incoming.verizon-3.net\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Inbox Infected: Trojan-Spy.HTML.Bayfraud.p 4
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Suspicious: Exploit.HTML.Iframe.FileDownload 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Suspicious: Trojan-Spy.HTML.Fraud.gen 13
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Bagle.eb 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Sober.y 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Infected: Trojan-Spy.HTML.Bayfraud.p 4
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Zhelatin.a 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Junk Infected: Email-Worm.Win32.Zhelatin.r 1
C:\Documents and Settings\EDWARD STAHL\Application Data\Thunderbird\Profiles\5xm2ga6h.default\Mail\Local Folders\Sent Infected: not-a-virus:Monitor.Win32.SpyAgent.44103 2
C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI Infected: not-a-virus:PSWTool.Win32.PWDump.k 1
C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI Infected: not-a-virus:PSWTool.Win32.PWDump.2 1
C:\Program Files\Common Files\Wise Installation Wizard\WIS1EFAF4929A3B48C39349234B146FDA46_5_0_4.MSI Infected: not-a-virus:PSWTool.Win32.PWDump.3 2
C:\Program Files\LCP\Data\pwdump2\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.k 1
C:\Program Files\LCP\Data\pwdump2-orig\samdump.dll Infected: not-a-virus:PSWTool.Win32.PWDump.2 1
C:\Program Files\LCP\Data\pwdump3\pwservice.exe Infected: not-a-virus:PSWTool.Win32.PWDump.3 1
C:\Program Files\LCP\Data\pwdump3e\pwservice.exe Infected: not-a-virus:PSWTool.Win32.PWDump.3 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2096\A0206426.exe Infected: Trojan.Win32.Agent.dgbt 1
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP2096\A0206464.sys Infected: Rootkit.Win32.TDSS.u 1
Selected area has been scanned.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:50:01 AM, on 1/30/2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SYSTEM32\Rundll32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\MemTurbo30\MemTurbo.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Motive\McciCMService.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\PSIService.exe
C:\WINDOWS\system32\ssoftsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\PROGRAM FILES\CREATIVE\SOUND BLASTER LIVE! 24-BIT\SURROUND MIXER\CTSYSVOL.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Documents and Settings\EDWARD STAHL\Local Settings\temp\jkos-EDWARD STAHL\binaries\ScanningProcess.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:5555
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: RedBox Toolbar - {e6d87380-6e47-11db-9fe1-0800200c9a66} - C:\Program Files\Studio V5\RedBox7\RedBoxBar.dll
O4 - HKLM\..\Run: [P17Helper] "C:\WINDOWS\SYSTEM32\Rundll32.exe" P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] "C:\WINDOWS\UpdReg.EXE"
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [igfxtray] "C:\WINDOWS\system32\igfxtray.exe"
O4 - HKLM\..\Run: [igfxhkcmd] "C:\WINDOWS\system32\hkcmd.exe"
O4 - HKLM\..\Run: [igfxpers] "C:\WINDOWS\system32\igfxpers.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe -expressboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE" -atboottime
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [igndlm.exe] C:\Program Files\Download Manager\DLM.exe /windowsstart /startifwork
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ParetoLogic Anti-Spyware] "C:\Program Files\ParetoLogic\Anti-Spyware\Pareto_AS.exe" -NM -hidesplash
O4 - HKCU\..\Run: [WeatherBug Desktop] C:\PROGRAM FILES\AWS\WEATHERBUG\Weather.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - S-1-5-18 Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe (User 'SYSTEM')
O4 - S-1-5-18 Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe (User 'Default user')
O4 - .DEFAULT Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe (User 'Default user')
O4 - Startup: MemTurbo.lnk = C:\Program Files\MemTurbo30\MemTurbo.exe
O4 - Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\MSOFFI~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Subscribe in RSS Bandit - C:\Documents and Settings\EDWARD STAHL\Application Data\RssBandit\iecontext_subscribebandit.htm
O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/rap ... loader.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sdcCo ... taller.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (CDownloadCtrl Object) - http://www.fileplanet.com/fpdlmgr/cabs/ ... .6.108.cab
O16 - DPF: {72C9EA8F-8965-40C2-ABAD-D460A5815F86} (hostCntrlIE Class) - http://host.oddcast.com/hostClientIE.cab
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\PhotoshopElementsFileAgent.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McciCMService - Motive Communications, Inc. - C:\Program Files\Common Files\Motive\McciCMService.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe
O23 - Service: Cryptainer service (ssoftservice) - Cypherix - C:\WINDOWS\SYSTEM32\ssoftsrv.exe
--
End of file - 9202 bytes