Nasty Infection

Started by thuband , Nov 08 2007 12:24 AM

This topic is locked

10 replies to this topic

#1 thuband

Newbie

Members
5 posts

Posted 08 November 2007 - 12:24 AM

I have a nasty hijack that continues to install new hijakcs. One of them is a BHO for "Security Toolbar 7.1" The systray reports a yellow exclamation point which routinely pops up with trojan/malware/virus alerts. I also get routine gray windows that pops up saying similar with a "Yes/No" button to download Scanner software.

I ran TrendMicro and found TSPY_AGENT.AAYO and Backdoor.CIADoor. No results. AdAware reports only cookies. Spybot S&D reports Virtumundo,Virtumundo.rtk, and Virtumondo.general. Downloaded the Symantec scanner to no avail. I am at the point where I need advice. Your help is appreciated. In one of your forums for Vitumundo I saw where combofix was to be run. I did that and attached is the Hijackthis and Combofix Logs. Thanks.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:20:51 PM, on 11/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\WINDOWS\BCMSMMSG.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\dhfroipt.exe
F:\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....6...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\elorcjtp.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [509b7d20] rundll32.exe "C:\WINDOWS\system32\cijchpcj.dll",b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192732172036
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: DomainService - - C:\WINDOWS\system32\dhfroipt.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 10942 bytes

ComboFix 07-11-08.1 - Liz 2007-11-07 14:49:30.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.154 [GMT -5:00]
Running from: F:\Documents and Settings\Liz\My Documents\My Downloads\ComboFix.exe
* Created a new restore point
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Administrator\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Administrator\Favorites\Online Security Guide.lnk
C:\Documents and Settings\All Users\Start Menu\Live Safety Center.lnk
C:\Documents and Settings\All Users\Start Menu\Online Security Guide.lnk
C:\Documents and Settings\Colin\Desktop\internet.lnk
C:\Documents and Settings\Liz\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Liz\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Liz\Favorites\Online Security Guide.lnk
C:\Documents and Settings\Ty\Desktop\Live Safety Center.lnk
C:\Documents and Settings\Ty\Desktop\Online Security Guide.lnk
C:\Documents and Settings\Ty\Favorites\Online Security Guide.lnk
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\bdeeg.bak1
C:\WINDOWS\system32\bdeeg.bak2
C:\WINDOWS\system32\bdeeg.ini
C:\WINDOWS\system32\ccbeg.bak1
C:\WINDOWS\system32\ccbeg.bak2
C:\WINDOWS\system32\ccbeg.ini
C:\WINDOWS\system32\ccbeg.ini2
C:\WINDOWS\system32\ccbeg.tmp
C:\WINDOWS\system32\ddayv.dll
C:\WINDOWS\system32\elorcjtp.dllbox
C:\WINDOWS\system32\gebcc.dll
C:\WINDOWS\system32\geedb.dll
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rttss.bak1
C:\WINDOWS\system32\rttss.ini
C:\WINDOWS\system32\ssttr.dll
C:\WINDOWS\system32\vyadd.bak1
C:\WINDOWS\system32\vyadd.ini

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_DOMAINSERVICE

((((((((((((((((((((((((( Files Created from 2007-10-08 to 2007-11-08 )))))))))))))))))))))))))))))))
.

2007-11-07 14:44 145,984 --a------ C:\WINDOWS\system32\tlhwygfq.dll
2007-11-07 14:44 145,984 --a------ C:\WINDOWS\system32\elorcjtp.dll
2007-11-07 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 13:02 79,936 --a------ C:\WINDOWS\system32\qgmmbvxq.dll
2007-11-07 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-07 10:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-07 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 09:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 09:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 09:53 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\SUPERAntiSpyware.com
2007-11-07 09:39 35,328 --a------ C:\WINDOWS\system32\hgghgff.dll
2007-11-07 00:05 81,472 --a------ C:\WINDOWS\system32\gliyqgts.dll
2007-11-06 23:58 87,104 --a------ C:\WINDOWS\system32\fvlxxaqy.dll
2007-11-06 23:55 71,232 --a------ C:\WINDOWS\system32\asyoogeb.exe
2007-11-06 23:52 145,984 --a------ C:\WINDOWS\system32\kksmknrj.dll
2007-11-06 21:33 35,328 --a------ C:\WINDOWS\system32\iifddaa.dll
2007-11-06 20:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 20:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Lavasoft
2007-11-06 19:43 <DIR> d-------- C:\Program Files\CCleaner
2007-11-06 13:10 <DIR> d-------- C:\Documents and Settings\Liz\.housecall6.6
2007-11-06 10:02 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HouseCall 6.6
2007-11-06 09:59 <DIR> d-------- C:\Documents and Settings\Liz\Shared
2007-11-06 09:58 <DIR> d-------- C:\Documents and Settings\Liz\Incomplete
2007-11-06 09:48 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Apple Computer
2007-11-06 09:22 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HouseCall 6.6
2007-11-06 09:07 81,472 --a------ C:\WINDOWS\system32\yfgfhmss.dll
2007-11-06 09:05 87,104 --a------ C:\WINDOWS\system32\kgwlivbg.dll
2007-11-06 08:45 35,328 --a------ C:\WINDOWS\system32\mljihif.dll
2007-11-06 00:05 83,008 --a------ C:\WINDOWS\system32\tdfnkhpx.dll
2007-11-05 23:00 35,328 --a------ C:\WINDOWS\system32\ljjkihf.dll
2007-11-05 11:57 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\LimeWire
2007-11-04 21:49 78,912 --a------ C:\WINDOWS\system32\fyfrkneo.dll
2007-11-04 21:47 86,080 --a------ C:\WINDOWS\system32\pueghuvm.dll
2007-11-04 11:44 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2007-11-04 10:36 <DIR> d-------- C:\WINDOWS\system32\Mz18r
2007-11-04 10:36 <DIR> d-------- C:\TEMP\mZOr
2007-11-04 10:36 35,328 --a------ C:\WINDOWS\system32\yaywwvw.dll.vir
2007-11-04 09:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Viewpoint
2007-11-03 18:05 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\fretsonfire
2007-11-03 18:03 <DIR> d-------- C:\Program Files\Frets on Fire
2007-11-03 11:59 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\acccore
2007-11-02 17:44 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Viewpoint
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Shared
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Incomplete
2007-10-31 07:51 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\LimeWire
2007-10-30 19:50 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\AdobeUM
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Shared
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Incomplete
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\LimeWire
2007-10-30 13:13 19,496 --a------ C:\Documents and Settings\Liz\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Quicken
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-24 14:37 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Image Zone Express
2007-10-24 14:23 117,037 --a------ C:\WINDOWS\hpoins11.dat
2007-10-24 09:39 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HP
2007-10-24 02:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-23 21:16 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\AdobeUM
2007-10-23 21:01 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HP
2007-10-23 20:39 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\acccore
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-23 20:38 <DIR> d-------- C:\Program Files\AIM6
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-23 19:53 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\HP
2007-10-23 18:58 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\HP
2007-10-23 18:57 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Sonic
2007-10-23 18:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-23 17:32 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-23 17:32 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-23 17:30 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-23 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-23 12:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 12:17 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-10-23 12:17 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-10-23 12:16 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
2007-10-23 12:16 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
2007-10-23 12:16 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
2007-10-23 12:16 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-10-23 12:16 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2007-10-23 12:15 <DIR> d-------- C:\TEMP\Google Toolbar
2007-10-23 12:14 <DIR> d-------- C:\TEMP
2007-10-23 12:14 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-10-23 12:14 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-10-23 12:14 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-10-23 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-10-23 12:14 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-10-23 12:14 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-10-23 12:13 <DIR> d-------- C:\Program Files\HP
2007-10-23 12:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-23 12:13 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-23 12:13 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-23 12:13 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-23 12:12 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2007-10-23 10:16 <DIR> d-------- C:\WINDOWS\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-11-07 02:37 278,546 ----a-w C:\WINDOWS\Fonts\Setup.exe
2007-11-04 15:34 278,545 --sh--w C:\WINDOWS\Fonts\svchost.exe
2007-10-30 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 16:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-18 17:50 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42738672-7C35-47A9-B413-717642C5E7F6}]
2007-11-08 15:30 313440 --a------ C:\WINDOWS\system32\ddaby.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DFF131B-E9FC-4C6B-8D60-9A5F979C79DB}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}]
2007-11-07 14:44 145984 --a------ C:\WINDOWS\system32\elorcjtp.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]
2007-11-05 23:00 35328 --a------ C:\WINDOWS\system32\ljjkihf.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\elorcjtp.dll [2007-11-07 14:44 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{11A69AE4-FBED-4832-A2BF-45AF82825583}"= C:\WINDOWS\system32\elorcjtp.dll [2007-11-07 14:44 145984]

[HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-24 15:58]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"POINTER"="point32.exe" []
"BCMSMMSG"="BCMSMMSG.exe" [2003-08-29 03:59 C:\WINDOWS\BCMSMMSG.exe]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-29 14:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-22 09:55]
"Aim6"="C:\Program Files\AIM6\aim6.exe" [2007-09-29 15:22]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-21 19:27:46]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]
"{BCC73622-F72D-4277-803C-D65565A0947F}"= C:\WINDOWS\system32\ljjkihf.dll [2007-11-05 23:00 35328]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\elorcjtp]
elorcjtp.dll 2007-11-07 14:44 145984 C:\WINDOWS\system32\elorcjtp.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkihf]
ljjkihf.dll 2007-11-05 23:00 35328 C:\WINDOWS\system32\ljjkihf.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\ddaby.dll

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 01:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-08 20:28:03 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-08 15:25:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-08 15:33:09 - machine was rebooted
.
--- E O F ---

Attached Files

ComboFix.txt 15.03K 110 downloads
hijackthis.log 10.69K 167 downloads

#2 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 08 November 2007 - 08:39 PM

Hi

Open notepad and copy/paste the text in the quotebox below into it:

File&#58;&#58;
C&#58;\WINDOWS\system32\tlhwygfq.dll
C&#58;\WINDOWS\system32\elorcjtp.dll
C&#58;\WINDOWS\system32\qgmmbvxq.dll
C&#58;\WINDOWS\system32\hgghgff.dll
C&#58;\WINDOWS\system32\gliyqgts.dll
C&#58;\WINDOWS\system32\fvlxxaqy.dll
C&#58;\WINDOWS\system32\asyoogeb.exe
C&#58;\WINDOWS\system32\kksmknrj.dll
C&#58;\WINDOWS\system32\iifddaa.dll
C&#58;\WINDOWS\system32\yfgfhmss.dll
C&#58;\WINDOWS\system32\kgwlivbg.dll
C&#58;\WINDOWS\system32\mljihif.dll
C&#58;\WINDOWS\system32\tdfnkhpx.dll
C&#58;\WINDOWS\system32\ljjkihf.dll
C&#58;\WINDOWS\system32\fyfrkneo.dll
C&#58;\WINDOWS\system32\pueghuvm.dll
C&#58;\WINDOWS\system32\vbzip10.dll
C&#58;\WINDOWS\system32\yaywwvw.dll.vir
C&#58;\WINDOWS\Fonts\Setup.exe
C&#58;\WINDOWS\Fonts\svchost.exe
C&#58;\WINDOWS\system32\ddaby.dll
C&#58;\WINDOWS\system32\elorcjtp.dll
C&#58;\WINDOWS\system32\ljjkihf.dll

Folder&#58;&#58;
C&#58;\WINDOWS\system32\Mz18r
C&#58;\TEMP\mZOr

Registry&#58;&#58;
&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{42738672-7C35-47A9-B413-717642C5E7F6}&#93;

&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{5DFF131B-E9FC-4C6B-8D60-9A5F979C79DB}&#93;

&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A95B2816-1D7E-4561-A202-68C0DE02353A}&#93;

&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}&#93;

&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar&#93;
&#34;{11A69AE4-FBED-4832-A2BF-45AF82825583}&#34;=-

&#91;-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}&#93;

&#91;HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser&#93;
&#34;{11A69AE4-FBED-4832-A2BF-45AF82825583}&#34;=-

&#91;-HKEY_CLASSES_ROOT\CLSID\{11A69AE4-FBED-4832-A2BF-45AF82825583}&#93;

&#91;HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks&#93;
&#34;{BCC73622-F72D-4277-803C-D65565A0947F}&#34;=-

&#91;-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\elorcjtp&#93;

&#91;-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkihf&#93; 

&#91;HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa&#93;
&#34;Authentication Packages&#34;= hex&#40;7&#41;&#58;6d,73,76,31,5f,30,00,00

Save this as
CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

#3 thuband

Newbie

Members
5 posts

Posted 08 November 2007 - 10:51 PM

For some reason the SED application failed to run. The Combo and HJT logs are below. Thank you for your help.

ComboFix 07-11-08.1 - Liz 2007-11-09 15:29:52.3 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.130 [GMT -5:00]
Running from: F:\HiJackThis\ComboFix.exe
Command switches used :: F:\HiJackThis\CFScript.txt
* Created a new restore point

FILE
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\asyoogeb.exe
C:\WINDOWS\system32\ddaby.dll
C:\WINDOWS\system32\elorcjtp.dll
C:\WINDOWS\system32\fvlxxaqy.dll
C:\WINDOWS\system32\fyfrkneo.dll
C:\WINDOWS\system32\gliyqgts.dll
C:\WINDOWS\system32\hgghgff.dll
C:\WINDOWS\system32\iifddaa.dll
C:\WINDOWS\system32\kgwlivbg.dll
C:\WINDOWS\system32\kksmknrj.dll
C:\WINDOWS\system32\ljjkihf.dll
C:\WINDOWS\system32\mljihif.dll
C:\WINDOWS\system32\pueghuvm.dll
C:\WINDOWS\system32\qgmmbvxq.dll
C:\WINDOWS\system32\tdfnkhpx.dll
C:\WINDOWS\system32\tlhwygfq.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\yaywwvw.dll.vir
C:\WINDOWS\system32\yfgfhmss.dll
.

Unable to gain System Privileges

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\TEMP\mZOr
C:\WINDOWS\Fonts\Setup.exe
C:\WINDOWS\Fonts\svchost.exe
C:\WINDOWS\system32\asyoogeb.exe
C:\WINDOWS\system32\fvlxxaqy.dll
C:\WINDOWS\system32\fyfrkneo.dll
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\gliyqgts.dll
C:\WINDOWS\system32\hgghgff.dll
C:\WINDOWS\system32\iifddaa.dll
C:\WINDOWS\system32\kgwlivbg.dll
C:\WINDOWS\system32\kksmknrj.dll
C:\WINDOWS\system32\ljjkihf.dll
C:\WINDOWS\system32\mljihif.dll
C:\WINDOWS\system32\Mz18r
C:\WINDOWS\system32\pueghuvm.dll
C:\WINDOWS\system32\qgmmbvxq.dll
C:\WINDOWS\system32\tdfnkhpx.dll
C:\WINDOWS\system32\tlhwygfq.dll
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\xybeg.bak1
C:\WINDOWS\system32\xybeg.bak2
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\yaywwvw.dll.vir
C:\WINDOWS\system32\yfgfhmss.dll

.
((((((((((((((((((((((((( Files Created from 2007-10-09 to 2007-11-09 )))))))))))))))))))))))))))))))
.

2007-11-08 23:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-08 22:32 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Grisoft
2007-11-08 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 22:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 20:47 <DIR> d-------- C:\Program Files\ProcessExplorer
2007-11-08 19:35 145,984 --a------ C:\WINDOWS\system32\haqwjxpb.dll
2007-11-08 18:44 <DIR> d-------- C:\VundoFix Backups
2007-11-08 18:19 86,080 --a------ C:\WINDOWS\system32\cijchpcj.dll
2007-11-08 18:19 79,936 --a------ C:\WINDOWS\system32\obmarjky.dll
2007-11-08 18:19 71,232 --a------ C:\WINDOWS\system32\dhfroipt.exe
2007-11-07 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-07 10:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-07 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 09:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 09:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 09:53 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\SUPERAntiSpyware.com
2007-11-06 20:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 20:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Lavasoft
2007-11-06 19:43 <DIR> d-------- C:\Program Files\CCleaner
2007-11-06 13:10 <DIR> d-------- C:\Documents and Settings\Liz\.housecall6.6
2007-11-06 10:02 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HouseCall 6.6
2007-11-06 09:59 <DIR> d-------- C:\Documents and Settings\Liz\Shared
2007-11-06 09:58 <DIR> d-------- C:\Documents and Settings\Liz\Incomplete
2007-11-06 09:48 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Apple Computer
2007-11-06 09:22 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HouseCall 6.6
2007-11-05 11:57 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\LimeWire
2007-11-04 09:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Viewpoint
2007-11-03 18:05 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\fretsonfire
2007-11-03 18:03 <DIR> d-------- C:\Program Files\Frets on Fire
2007-11-03 11:59 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\acccore
2007-11-02 17:44 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Viewpoint
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Shared
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Incomplete
2007-10-31 07:51 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\LimeWire
2007-10-30 19:50 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\AdobeUM
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Shared
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Incomplete
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\LimeWire
2007-10-30 13:13 19,496 --a------ C:\Documents and Settings\Liz\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Quicken
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-24 14:37 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Image Zone Express
2007-10-24 14:23 117,037 --a------ C:\WINDOWS\hpoins11.dat
2007-10-24 09:39 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HP
2007-10-24 02:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-23 21:16 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\AdobeUM
2007-10-23 21:01 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HP
2007-10-23 20:39 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\acccore
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-23 20:38 <DIR> d-------- C:\Program Files\AIM6
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-23 19:53 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\HP
2007-10-23 18:58 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\HP
2007-10-23 18:57 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Sonic
2007-10-23 18:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-23 17:32 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-23 17:32 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-23 17:30 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-23 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-23 12:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 12:17 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-10-23 12:17 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-10-23 12:16 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
2007-10-23 12:16 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
2007-10-23 12:16 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
2007-10-23 12:16 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-10-23 12:16 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2007-10-23 12:15 <DIR> d-------- C:\TEMP\Google Toolbar
2007-10-23 12:14 <DIR> d-------- C:\TEMP
2007-10-23 12:14 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-10-23 12:14 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-10-23 12:14 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-10-23 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-10-23 12:14 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-10-23 12:14 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-10-23 12:13 <DIR> d-------- C:\Program Files\HP
2007-10-23 12:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-23 12:13 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-23 12:13 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-23 12:13 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-23 12:12 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2007-10-23 10:16 <DIR> d-------- C:\WINDOWS\Sun
2007-10-23 09:53 <DIR> d-------- C:\Program Files\Java
2007-10-23 09:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-22 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-10-22 09:55 <DIR> d-------- C:\Program Files\Siber Systems
2007-10-22 08:23 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Sonic
2007-10-22 08:00 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-21 19:56 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Apple Computer
2007-10-21 19:55 <DIR> d-------- C:\Program Files\QuickTime
2007-10-21 19:55 <DIR> d-------- C:\Program Files\iTunes
2007-10-21 19:55 <DIR> d-------- C:\Program Files\iPod

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 16:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-18 17:50 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_15.31.11.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-11-09 04:50:18 59,392 ----a-r C:\WINDOWS\system32\streamhlp.dll
+ 2007-11-09 20:44:06 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_5a4.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12AA182F-BD55-43E1-AB27-6753844D5D20}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B760C2C0-2FD7-4D52-AD05-6D9FD56AF84A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-24 15:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]
"THGuard"="C:\Program Files\TrojanHunter 5.0\THGuard.exe" [2007-09-09 09:31]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-29 14:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-22 09:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-21 19:27:46]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkihf]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 01:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-09 20:45:14 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-09 15:43:18
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-09 15:52:23 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-08 21:31
C:\ComboFix3.txt ... 2007-11-08 15:33
.
--- E O F ---

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:46:57 PM, on 11/9/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TrojanHunter 5.0\THGuard.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
F:\HiJackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B760C2C0-2FD7-4D52-AD05-6D9FD56AF84A} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 5.0\THGuard.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192732172036
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11977 bytes

#4 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 09 November 2007 - 04:56 PM

Hi

Disable Spybot's TeaTimer

Run Spybot-S&D in Advanced Mode
If it is not already set to do this, go to the Mode menu
select
Advanced Mode
On the left hand side, click on Tools
Then click on the Resident icon in the list
Uncheck
Resident TeaTimer
and OK any prompts.
Restart your computer

Open notepad and copy/paste the text in the quotebox below into it:

File&#58;&#58;
C&#58;\WINDOWS\system32\haqwjxpb.dll
C&#58;\WINDOWS\system32\cijchpcj.dll
C&#58;\WINDOWS\system32\obmarjky.dll
C&#58;\WINDOWS\system32\dhfroipt.exe

Folder&#58;&#58;
C&#58;\VundoFix Backups

Registry&#58;&#58;
&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{12AA182F-BD55-43E1-AB27-6753844D5D20}&#93;

&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{B760C2C0-2FD7-4D52-AD05-6D9FD56AF84A}&#93;

&#91;-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{BCC73622-F72D-4277-803C-D65565A0947F}&#93;

&#91;-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ljjkihf&#93;

Save this as
CFScript

Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log & a fresh hjt log.

For some reason the SED application failed to run

What is SED application?

#5 thuband

Newbie

Members
5 posts

Posted 12 November 2007 - 05:08 AM

I ran Combofix and HJT. Logs are posted. In RE: to the SED application referred to earlier. Combofix runs, Reboots and starts preparing the log. Right at the end of the process OS reports that SED.CFEXE has encountered problems and needs to close. When I acknowledge, the Combofix process finishes and generates the log.

ComboFix 07-11-08.1 - Liz 2007-11-11 22:52:17.4 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.126 [GMT -5:00]
Running from: F:\HiJackThis\ComboFix.exe
Command switches used :: F:\HiJackThis\cfscript.txt
* Created a new restore point

FILE
C:\WINDOWS\system32\cijchpcj.dll
C:\WINDOWS\system32\dhfroipt.exe
C:\WINDOWS\system32\haqwjxpb.dll
C:\WINDOWS\system32\obmarjky.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\VundoFix Backups
C:\VundoFix Backups\elorcjtp.dll.bad
C:\WINDOWS\system32\dhfroipt.exe

.
((((((((((((((((((((((((( Files Created from 2007-10-12 to 2007-11-12 )))))))))))))))))))))))))))))))
.

2007-11-12 22:04 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\TrojanHunter
2007-11-12 22:03 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Grisoft
2007-11-12 21:03 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Grisoft
2007-11-08 23:50 <DIR> d-------- C:\Program Files\TrojanHunter 5.0
2007-11-08 22:32 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Grisoft
2007-11-08 22:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2007-11-08 22:31 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-11-08 20:47 <DIR> d-------- C:\Program Files\ProcessExplorer
2007-11-07 14:44 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-11-07 11:02 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Lavasoft
2007-11-07 10:58 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2007-11-07 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-11-07 09:54 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2007-11-07 09:53 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2007-11-07 09:53 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-11-07 09:53 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\SUPERAntiSpyware.com
2007-11-06 20:21 <DIR> d-------- C:\Program Files\Lavasoft
2007-11-06 20:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Lavasoft
2007-11-06 19:43 <DIR> d-------- C:\Program Files\CCleaner
2007-11-06 13:10 <DIR> d-------- C:\Documents and Settings\Liz\.housecall6.6
2007-11-06 10:02 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HouseCall 6.6
2007-11-06 09:59 <DIR> d-------- C:\Documents and Settings\Liz\Shared
2007-11-06 09:58 <DIR> d-------- C:\Documents and Settings\Liz\Incomplete
2007-11-06 09:48 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Apple Computer
2007-11-06 09:22 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HouseCall 6.6
2007-11-05 11:57 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\LimeWire
2007-11-04 09:21 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Viewpoint
2007-11-03 18:05 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\fretsonfire
2007-11-03 18:03 <DIR> d-------- C:\Program Files\Frets on Fire
2007-11-03 11:59 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\acccore
2007-11-02 17:44 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Viewpoint
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Shared
2007-10-31 07:52 <DIR> d-------- C:\Documents and Settings\Ty\Incomplete
2007-10-31 07:51 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\LimeWire
2007-10-30 19:50 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\AdobeUM
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Shared
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Incomplete
2007-10-30 19:46 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\LimeWire
2007-10-30 13:13 20,272 --a------ C:\Documents and Settings\Liz\Application Data\GDIPFONTCACHEV1.DAT
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Quicken
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Palo Alto Software
2007-10-30 10:45 <DIR> d-------- C:\Program Files\Common Files\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Intuit
2007-10-30 10:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Intuit
2007-10-24 14:37 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\Image Zone Express
2007-10-24 14:23 117,037 --a------ C:\WINDOWS\hpoins11.dat
2007-10-24 09:39 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\HP
2007-10-24 02:01 <DIR> d-------- C:\Program Files\MSXML 4.0
2007-10-23 21:16 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\AdobeUM
2007-10-23 21:01 <DIR> d-------- C:\Documents and Settings\Liz\Application Data\HP
2007-10-23 20:39 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\acccore
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Program Files\Common Files\AOL
2007-10-23 20:38 <DIR> d-------- C:\Program Files\AIM6
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Viewpoint
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-23 20:38 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\AOL
2007-10-23 19:53 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\HP
2007-10-23 18:58 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\HP
2007-10-23 18:57 <DIR> d-------- C:\Documents and Settings\Conrad\Application Data\Sonic
2007-10-23 18:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2007-10-23 17:32 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2007-10-23 17:32 <DIR> d-------- C:\Program Files\Common Files\HP
2007-10-23 17:30 <DIR> d-------- C:\Program Files\Hewlett-Packard
2007-10-23 12:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\HP
2007-10-23 12:17 <DIR> d-------- C:\Program Files\Common Files\Hewlett-Packard
2007-10-23 12:17 77,824 -ra------ C:\WINDOWS\system32\HPZIDS01.dll
2007-10-23 12:17 38,400 --a------ C:\WINDOWS\system32\hpz3l054.dll
2007-10-23 12:16 827,392 -ra------ C:\WINDOWS\system32\hpotiop2.dll
2007-10-23 12:16 659,456 -ra------ C:\WINDOWS\system32\hpowiax2.dll
2007-10-23 12:16 254,026 -ra------ C:\WINDOWS\system32\hpovst09.dll
2007-10-23 12:16 6,784 --a------ C:\WINDOWS\system32\drivers\serscan.sys
2007-10-23 12:16 6,784 --a--c--- C:\WINDOWS\system32\dllcache\serscan.sys
2007-10-23 12:15 <DIR> d-------- C:\TEMP\Google Toolbar
2007-10-23 12:14 <DIR> d-------- C:\TEMP
2007-10-23 12:14 282,680 --a------ C:\WINDOWS\system32\HPZidr12.dll
2007-10-23 12:14 204,800 --a------ C:\WINDOWS\system32\HPZipr12.dll
2007-10-23 12:14 94,208 --a------ C:\WINDOWS\system32\HPZipt12.dll
2007-10-23 12:14 69,632 --a------ C:\WINDOWS\system32\HPZipm12.exe
2007-10-23 12:14 65,536 --a------ C:\WINDOWS\system32\HPZinw12.exe
2007-10-23 12:14 57,344 --a------ C:\WINDOWS\system32\HPZisn12.dll
2007-10-23 12:13 <DIR> d-------- C:\Program Files\HP
2007-10-23 12:13 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2007-10-23 12:13 31,616 --a--c--- C:\WINDOWS\system32\dllcache\usbccgp.sys
2007-10-23 12:13 25,856 --a------ C:\WINDOWS\system32\drivers\usbprint.sys
2007-10-23 12:13 25,856 --a--c--- C:\WINDOWS\system32\dllcache\usbprint.sys
2007-10-23 12:12 98,304 --a------ C:\WINDOWS\system32\hpzjsn01.dll
2007-10-23 10:16 <DIR> d-------- C:\WINDOWS\Sun
2007-10-23 09:53 <DIR> d-------- C:\Program Files\Java
2007-10-23 09:52 <DIR> d-------- C:\Program Files\Common Files\Java
2007-10-22 09:59 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\RoboForm
2007-10-22 09:55 <DIR> d-------- C:\Program Files\Siber Systems
2007-10-22 08:23 <DIR> d-------- C:\Documents and Settings\Ty\Application Data\Sonic
2007-10-22 08:00 <DIR> d-------- C:\Program Files\Windows Defender
2007-10-21 19:56 <DIR> d-------- C:\Documents and Settings\Colin\Application Data\Apple Computer
2007-10-21 19:55 <DIR> d-------- C:\Program Files\QuickTime
2007-10-21 19:55 <DIR> d-------- C:\Program Files\iTunes
2007-10-21 19:55 <DIR> d-------- C:\Program Files\iPod
2007-10-21 19:55 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-10-21 19:54 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-30 15:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-21 16:57 --------- d-----w C:\Program Files\Common Files\InstallShield
2007-10-18 17:50 --------- d-----w C:\Program Files\microsoft frontpage
.

((((((((((((((((((((((((((((( snapshot@2007-11-08_15.31.11.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2007-11-07 02:25:40 121,336 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-10 10:30:26 131,688 ----a-w C:\WINDOWS\system32\FNTCACHE.DAT
+ 2007-11-09 04:50:18 59,392 ----a-r C:\WINDOWS\system32\streamhlp.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="C:\WINDOWS\system32\dla\tfswctrl.exe" [2003-08-06 00:04]
"StorageGuard"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [2003-02-13 00:01]
"vptray"="C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe" [2002-07-30 10:35]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 17:58]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 01:12]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-26 13:42]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 01:41]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-04-24 15:58]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sonic RecordNow!"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 05:00]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-29 14:32]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 11:24]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-22 09:55]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-10-21 19:27:46]
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-03-16 18:16:50]
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2006-02-19 03:21:22]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Aim6"=

.
Contents of the 'Scheduled Tasks' folder
"2007-11-01 01:08:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
"2007-11-12 03:47:29 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-11 22:57:30
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-11 23:00:17 - machine was rebooted
C:\ComboFix2.txt ... 2007-11-09 15:52
C:\ComboFix3.txt ... 2007-11-08 21:31
.
--- E O F ---
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:02:26 PM, on 11/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\HPZinw12.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
F:\HiJackThis\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pogo.com/home/home.do
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1192732172036
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.su...ows-i586-jc.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Port Resolver - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBPRO.EXE
O23 - Service: HP Status Server - Hewlett-Packard Company - C:\WINDOWS\system32\spool\drivers\w32x86\3\HPBOID.EXE
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 11423 bytes

#6 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 12 November 2007 - 08:21 AM

Good. Let's do a final check with Kaspersky Webscanner.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Please do an online scan with
Kaspersky
WebScanner (use Internet Explorer)

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

The program will launch and then begin downloading the latest
definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
Extended (if available otherwise
Standard)
- Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:Select My Computer
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been
infected.
- Now click on the Save as Text button:
Save the file to your desktop.
Copy and paste that information & a fresh hjt log in your next post.

Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

#7 thuband

Newbie

Members
5 posts

Posted 16 November 2007 - 11:55 PM

The Kapersky log was over 21MB because of items in the RECYCLER folder. I truncated the list posted here with notes. However, I uploaded the file. ALso a fresh HJT is posted. Thanks.

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Friday, November 16, 2007 7:20:15 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/11/2007
Kaspersky Anti-Virus database records: 460201
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Z:\

Scan Statistics:
Total number of scanned objects: 234472
Number of viruses found: 21
Number of infected objects: 68408
Number of suspicious objects: 0
Duration of the scan process: 03:48:03

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows Defender\Support\MPLog-10222007-090027.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\11000001.VBN CryptZ: infected - 1 skipped
**NOTE* There were 31 Files in C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\
C:\Documents and Settings\Colin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Colin\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Colin\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Colin\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Conrad\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Conrad\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Liz\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\History\History.IE5\MSHist012007111520071116\index.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\History\History.IE5\MSHist012007111620071117\index.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Temp\hpodvd09.log Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Temp\hsperfdata_Liz\4220 Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Liz\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Liz\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Liz\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\config\configuration\org.eclipse.core.runtime\.manager\.tmp15335.instance Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ibdata1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile0 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\ib_logfile1 Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhasset.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabel.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhlabeltoversion.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhpqentry.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhschemaversion.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhserverglobals.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\data\versioncue\bhuser.ibd Object is locked skipped
C:\Program Files\Adobe\Adobe Version Cue CS2\logs\VersionCue.log Object is locked skipped
C:\qoobox\Quarantine\C\WINDOWS\Fonts\Setup.exe.vir Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\qoobox\Quarantine\C\WINDOWS\Fonts\svchost.exe.vir Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\asyoogeb.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\dhfroipt.exe.vir Infected: Trojan.Win32.Obfuscated.kp skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\fyfrkneo.dll.vir Infected: Trojan.Win32.BHO.rg skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\hgghgff.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\iifddaa.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\mljihif.dll.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\pueghuvm.dll.vir Infected: Trojan.Win32.BHO.rf skipped
C:\qoobox\Quarantine\C\WINDOWS\system32\yaywwvw.dll.vir.vir Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\qoobox\Quarantine\catchme2007-11-09_154255.51.zip/ljjkihf.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\qoobox\Quarantine\catchme2007-11-09_154255.51.zip ZIP: infected - 1 skipped
C:\RECYCLER\S-1-5-21-1409082233-115176313-839522115-1004\Dc1.6\Quarantine\#1 DVD Ripper v6.01.zip.bac_a05928/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
*NOTE* There were hundreds of files listed for C:\RECYCLER\S-1-5-21-1409082233-115176313-839522115-1004\Dc1.6\Quarantine\ Infected&Skipped
C:\RECYCLER\S-1-5-21-1409082233-115176313-839522115-1005\Dc4.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP40\A0008934.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP41\A0008972.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP42\A0008988.exe Infected: Trojan-Downloader.Win32.VB.bru skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP42\A0008991.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP42\A0009015.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP42\A0010101.exe Infected: Trojan-Downloader.Win32.VB.bru skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP42\A0010104.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP45\A0010123.exe Infected: Trojan-Downloader.Win32.VB.bru skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP45\A0010124.exe Infected: not-a-virus:PSWTool.Win32.ProtectStorage.b skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011620.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011621.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011622.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011624.dll Infected: Trojan.Win32.BHO.rg skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011626.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011627.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011630.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahr skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011631.dll Infected: Trojan.Win32.BHO.rf skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP54\A0011642.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP58\A0011941.exe Infected: Trojan.Win32.Obfuscated.kp skipped
C:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP63\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Fonts\'\25 Vista themes for xp.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\25 Vista themes for xp.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3D-Brush 2.01G.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\3D-Brush 2.01G.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\3Delight v6.5.0 for Maya (Win32Win64).zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\3Delight v6.5.0 for Maya (Win32Win64).zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute MP3 SplitterConverter 2.6..zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Absolute MP3 SplitterConverter 2.6..zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Absolute Video Converter 2.9.8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Absolute Video Converter 2.9.8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ACD Systems FotoSlate v4.0.66.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ACD Systems FotoSlate v4.0.66.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ACDSee Photo Manager 10.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ACDSee Photo Manager 10.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Buddy 3.00.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ace Buddy 3.00.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Translator 4.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ace Translator 4.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ace Translator v4.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ace Translator v4.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium 4.0.0.363.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acoustica Premium 4.0.0.363.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.0.0.363.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.0.0.363.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00.363.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition 4.00.363.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.0.0.363.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.0.0.363.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.00.363.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acoustica Premium Edition v4.00.363.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acronis Snap Deploy 2.0.0.2152.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acronis Snap Deploy 2.0.0.2152.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Acronis Snap Deploy v2.0.0.2152.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Acronis Snap Deploy v2.0.0.2152.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Active Desktop Calendar 7.25 Build 071.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Active Desktop Calendar 7.25 Build 071.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ad Muncher v4.71.28140 Final.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ad Muncher v4.71.28140 Final.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional v8.1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Adobe Acrobat Professional v8.1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Adobe Dreamweaver 8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Adobe Dreamweaver 8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Security Level 6.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Advanced Security Level 6.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller (Pro) 8.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller (Pro) 8.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO 8.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller PRO 8.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller Pro v8.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Advanced Uninstaller Pro v8.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AKVIS Chameleon v3.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\AKVIS Chameleon v3.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alcohol 120% v1.9.6.5429.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Alcohol 120% v1.9.6.5429.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Alive YouTube Video Converter v1.2.2.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Alive YouTube Video Converter v1.2.2.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Amadis Video to ##nospam Converter v2.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Amadis Video to ##nospam Converter v2.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Antenna Web Design 2.7.0.132.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Antenna Web Design 2.7.0.132.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Antenna Web Design v2.7.0.132.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Antenna Web Design v2.7.0.132.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Anti Trojan Elite 3.8.4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Anti Trojan Elite 3.8.4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AnyDVDAnyDVD HD 6.1.66 Final.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\AnyDVDAnyDVD HD 6.1.66 Final.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AP Image To PDF Convert v3.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\AP Image To PDF Convert v3.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Apple QuickTime Pro v7.3.0.70 Multilingual.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Apple QuickTime Pro v7.3.0.70 Multilingual.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Apple QuickTime PRO v7.3.0.70.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Apple QuickTime PRO v7.3.0.70.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ashampoo Photo Commander 5.40.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ashampoo Photo Commander 5.40.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Asiva Sharpen or Soften v2.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Asiva Sharpen or Soften v2.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Audio Damage Fluid VST v1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Audio Damage Fluid VST v1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Audio Damage Vapor VST v1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Audio Damage Vapor VST v1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Autodesk MudBox Pro 1.0.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Autodesk MudBox Pro 1.0.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\AVG Anti-Virus Professional 7.5.0.503.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\AVG Anti-Virus Professional 7.5.0.503.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Backup 4 All Pro 3.9.271.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Backup 4 All Pro 3.9.271.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Batch Photo Factory v2.04.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Batch Photo Factory v2.04.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Benutec Network Mechanic 2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Benutec Network Mechanic 2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Benutec RamCleaner 6.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Benutec RamCleaner 6.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Best Motoring Vol.19 - Japan vs USA Drift Off DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Best Motoring Vol.19 - Japan vs USA Drift Off DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\BitDefender Internet Security 2008 Build 11.0.13.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\BitDefender Internet Security 2008 Build 11.0.13.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\BitDefender Total Security 2008.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\BitDefender Total Security 2008.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Blaze DVD Copy v4.1.0.23.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Blaze DVD Copy v4.1.0.23.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\BWMeter 3.3.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\BWMeter 3.3.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\BWMeter v3.3.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\BWMeter v3.3.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\BWMeter v3.32.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\BWMeter v3.32.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Cakewalk Z3TAv1.5.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Cakewalk Z3TAv1.5.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Camtasia Studio 4.0.2 Incl.Keygen.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Camtasia Studio 4.0.2 Incl.Keygen.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Caricature Studio 3.0.0.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Caricature Studio 3.0.0.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\CheckMail 4.22.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\CheckMail 4.22.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\CheckMail v4.2.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\CheckMail v4.2.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ChildTimer v2.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ChildTimer v2.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Clear Water Vista Style 1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Clear Water Vista Style 1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\CloneDVD 2.9.0.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\CloneDVD 2.9.0.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\CoCSoft Stream Down 6.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\CoCSoft Stream Down 6.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Color Schemer Studio 1.51.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Color Schemer Studio 1.51.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Composite Wizard For Adobe AE.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Composite Wizard For Adobe AE.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ConceptDraw Mindmap Pro v5.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ConceptDraw Mindmap Pro v5.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Daemon Tools Pro 4.10.0218.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Daemon Tools Pro 4.10.0218.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\dBPowerAmp Music Converter 12.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\dBPowerAmp Music Converter 12.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DesktopX 3.2 X Edition.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DesktopX 3.2 X Edition.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DFX for MusicMatch v8.352.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DFX for MusicMatch v8.352.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DFX for RealNetworks v8.352.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DFX for RealNetworks v8.352.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DIMIN Image Viewer v5.2.5 Build 140.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DIMIN Image Viewer v5.2.5 Build 140.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Diskeeper 2008 12.0.758.0 Pro Premier.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Diskeeper 2008 12.0.758.0 Pro Premier.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Diskeeper 2008 Pro Premier Edition.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Diskeeper 2008 Pro Premier Edition.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DivX Pro 6.7.0.28.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DivX Pro 6.7.0.28.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DriverMax 3.0.288 (Portable).zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DriverMax 3.0.288 (Portable).zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Duplicate file remover 1.2.262.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Duplicate file remover 1.2.262.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\DVD Builder Pro 3.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\DVD Builder Pro 3.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\dvdXsoft 3GP Video Converter 1.20.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\dvdXsoft 3GP Video Converter 1.20.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\e-Campaign Professional Edition v6.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\e-Campaign Professional Edition v6.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\EarthTime 1.71.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\EarthTime 1.71.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\EarthView 3.71.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\EarthView 3.71.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\EarthView v3.7.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\EarthView v3.7.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Easy CD-DA Extractor Professional 10.5.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Easy CD-DA Extractor Professional 10.5.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Easy DVD Creator v1.5.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Easy DVD Creator v1.5.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Effective English v1.000.030.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Effective English v1.000.030.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Elf 2003 DVDRip XViD-BRUTUS.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Elf 2003 DVDRip XViD-BRUTUS.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ESET Nod32 3.0.551.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ESET Nod32 3.0.551.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ExtraDNS 3.0.4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ExtraDNS 3.0.4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Face On body v2.4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Face On body v2.4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Family Tree Maker 2008.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Family Tree Maker 2008.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\FinePrint v5.77.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\FinePrint v5.77.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Flash EXE Builder v1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Flash EXE Builder v1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Flash Professional 8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Flash Professional 8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Flash Wallpaper Maker 2.01.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Flash Wallpaper Maker 2.01.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Flash2Video 5.0.200.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Flash2Video 5.0.200.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\FlashFXP 3.6 RC2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\FlashFXP 3.6 RC2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\FloorPlan 3D Design Suite v11.2.60.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\FloorPlan 3D Design Suite v11.2.60.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Folder Lock 5.7.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Folder Lock 5.7.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Folder Marker v2.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Folder Marker v2.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\FolderHighlight 1.5.1017.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\FolderHighlight 1.5.1017.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\FreshUI V. 7.94.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\FreshUI V. 7.94.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ftprush .1.0.0625.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ftprush .1.0.0625.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Glarysoft Absolute Uninstaller v2.5 Pro.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Glarysoft Absolute Uninstaller v2.5 Pro.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\GoldWave v5.22.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\GoldWave v5.22.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Google Earth 4.2 Sky Flight SIM.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Google Earth 4.2 Sky Flight SIM.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Google Maps Image downloader v2.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Google Maps Image downloader v2.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Guitar Pro v.5.2 Pro Edition.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Guitar Pro v.5.2 Pro Edition.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\HardCopy Pro 2.81.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\HardCopy Pro 2.81.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\HardCopy Pro v2.8.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\HardCopy Pro v2.8.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\HardCopy Pro v2.81.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\HardCopy Pro v2.81.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\History Sweeper 2.89.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\History Sweeper 2.89.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Holy Quran CD.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Holy Quran CD.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Http File Server 2.2a.140.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Http File Server 2.2a.140.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ImgBurn v2.3.2.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ImgBurn v2.3.2.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ImTOO iPod Movie Converter 3.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ImTOO iPod Movie Converter 3.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Intel Thread Checker v3.1.25458.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Intel Thread Checker v3.1.25458.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Internet Download Manager 5.11 Build 8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Internet Download Manager 5.11 Build 8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\InventoryBuilder v2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\InventoryBuilder v2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\IVM Answering Attendant 3.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\IVM Answering Attendant 3.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Jasc Paintshop Pro 8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Jasc Paintshop Pro 8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Jeremy Clarkson - Supercar Showdown 2007 DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Jeremy Clarkson - Supercar Showdown 2007 DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\JFormDesigner v3.1.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\JFormDesigner v3.1.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Johnny Gaddaar DVDRip RMVB.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Johnny Gaddaar DVDRip RMVB.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Kaspersky Anti-Virus (AVP) 3.5.133.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Kaspersky Anti-Virus (AVP) 3.5.133.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Kaspersky Internet Security v8.0.0.33.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Kaspersky Internet Security v8.0.0.33.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Macromedia Dreamweaver 8.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Macromedia Dreamweaver 8.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Marine Aquarium 2.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Marine Aquarium 2.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Mass Downloader 3.3.698.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Mass Downloader 3.3.698.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Microsoft Max 2007.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Microsoft Max 2007.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\MouseLight v1.5.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\MouseLight v1.5.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\MySuperSoft SuperAVConverter v8.9.6000.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\MySuperSoft SuperAVConverter v8.9.6000.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Nabocorp Softwares Cam2pc v4.6.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Nabocorp Softwares Cam2pc v4.6.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Naevius Yahoo Video Converter 1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Naevius Yahoo Video Converter 1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Nero 7.10.1.0. Premium Reloaded.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Nero 7.10.1.0. Premium Reloaded.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\NetInfo 6.3.1105.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\NetInfo 6.3.1105.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\NetSupport Manager v10 Pro.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\NetSupport Manager v10 Pro.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Network Mechanic 2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Network Mechanic 2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Network Mechanic v2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Network Mechanic v2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Norton Ghost 12.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Norton Ghost 12.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Norton Internet Security 2008 Pre Release.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Norton Internet Security 2008 Pre Release.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Nuke 4.7v4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Nuke 4.7v4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Nvidia Dvd Decoder V1.00.67.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Nvidia Dvd Decoder V1.00.67.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Opera 9.50 Build 9613 Beta.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Opera 9.50 Build 9613 Beta.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Orbit Downloader 2.4.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Orbit Downloader 2.4.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\PC Tools Firewall Plus 3.052.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\PC Tools Firewall Plus 3.052.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\PDF to Word 3.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\PDF to Word 3.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\PdfFactory Pro v3.22.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\PdfFactory Pro v3.22.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Photo Sketch Maker vPhoto Sketch Maker.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Photo Sketch Maker vPhoto Sketch Maker.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\PhotoZoom Professional v2.26.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\PhotoZoom Professional v2.26.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Pinnacle Steinberg My MP3 Pro v5.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Pinnacle Steinberg My MP3 Pro v5.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Planit Solid v4.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Planit Solid v4.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Portable Ashampoo Burning Studio 2007.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Portable Ashampoo Burning Studio 2007.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Portable Picture To Icon v1.97.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Portable Picture To Icon v1.97.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Portable Snagit 8.0.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Portable Snagit 8.0.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\PrintShop Mail 6.0.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\PrintShop Mail 6.0.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ProPoster v2.02.02.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ProPoster v2.02.02.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ProxyCap 3.03.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ProxyCap 3.03.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\QuickTime Pro 7.3.0.70.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\QuickTime Pro 7.3.0.70.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\RamCleaner 6.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\RamCleaner 6.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Real Desktop v1.21.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Real Desktop v1.21.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\RealPlayer 11.0.0.183.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\RealPlayer 11.0.0.183.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Redline PROPER DVDRiP XViD-mVs.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Redline PROPER DVDRiP XViD-mVs.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\RegClean 2007 Edition v2.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\RegClean 2007 Edition v2.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\RegCure 1.5.0.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\RegCure 1.5.0.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Registry Booster v2.0.1069.3238.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Registry Booster v2.0.1069.3238.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Registry Clean Expert v4.54.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Registry Clean Expert v4.54.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\RegistryBot 4.2.7.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\RegistryBot 4.2.7.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Replay Music v2.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Replay Music v2.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Roxio BackOnTrack Suite v3.0 Retail.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Roxio BackOnTrack Suite v3.0 Retail.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Rush Hour 3 PROPER TS XViD-mVs.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Rush Hour 3 PROPER TS XViD-mVs.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Salo The 120 Days of Sodom 1975 DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Salo The 120 Days of Sodom 1975 DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SlySoft CloneCD v5.3.1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SlySoft CloneCD v5.3.1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SmartSound Sonicfire Pro 4.55 Network.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SmartSound Sonicfire Pro 4.55 Network.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Sonic RecordNow Deluxe 7.3 Multilanguage.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Sonic RecordNow Deluxe 7.3 Multilanguage.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\South River WebDrive v7.34.1801 Enterp.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\South River WebDrive v7.34.1801 Enterp.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\South River WebDrive v7.34.1801 Enterprise Edition.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\South River WebDrive v7.34.1801 Enterprise Edition.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SpotDialup v1.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SpotDialup v1.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SpyHunter v2.9.1008.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SpyHunter v2.9.1008.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Spyware Doctor v.5.0.6.259.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Spyware Doctor v.5.0.6.259.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SpywareDoctor V5.0.0.186.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SpywareDoctor V5.0.0.186.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SRS Audio Sandbox 1.7.0.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SRS Audio Sandbox 1.7.0.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\SRS Audio SandBox v1.7.0.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\SRS Audio SandBox v1.7.0.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Star Video Converter 1.2.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Star Video Converter 1.2.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Star Video Converter v1.2.2.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Star Video Converter v1.2.2.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Star Wars Revenge Of The Spoofs DVDRip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Star Wars Revenge Of The Spoofs DVDRip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Stardock SkinStudio 6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Stardock SkinStudio 6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Stardock WindowBlinds 6.0 (Build 32).zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Stardock WindowBlinds 6.0 (Build 32).zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Steinberg Cubase SX 3.1.1.944.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Steinberg Cubase SX 3.1.1.944.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Sticker Lite 5.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Sticker Lite 5.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Surviving The Game 1994 DVDRip XviD-SRD.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Surviving The Game 1994 DVDRip XviD-SRD.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Sysinternals Process Monitor 1.26.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Sysinternals Process Monitor 1.26.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\The History Of Le Mans 1991 DVDrip Xvid.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\The History Of Le Mans 1991 DVDrip Xvid.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\The Man From Earth 2007 PROPER DVDRip XviD-DOMiNO.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\The Man From Earth 2007 PROPER DVDRip XviD-DOMiNO.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\The Road trip Effect Pro 2.5.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\The Road trip Effect Pro 2.5.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Thinstall (Portable) 3.2.07.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Thinstall (Portable) 3.2.07.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Thinstalled Advanced Uninstaller 8.4.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Thinstalled Advanced Uninstaller 8.4.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Thinstalled DVDInfo Pro 4.700.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Thinstalled DVDInfo Pro 4.700.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\ToolbarStudio v4.0.2.11.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\ToolbarStudio v4.0.2.11.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Total Commander 7.02a.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Total Commander 7.02a.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Truster v2.40.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Truster v2.40.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Tsarfin NetGong v6.2.715.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Tsarfin NetGong v6.2.715.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Tsarfin NetInfo v6.2.715.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Tsarfin NetInfo v6.2.715.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Tunebite Platinum Edition 4.1.0.35.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Tunebite Platinum Edition 4.1.0.35.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\TuneUp Utilities 2007 Full.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\TuneUp Utilities 2007 Full.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Ultimate Defrag 1.54.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Ultimate Defrag 1.54.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Uniblue SpeedUpMyPC 3 3.5.2356.130.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Uniblue SpeedUpMyPC 3 3.5.2356.130.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Video Edit Magic 4.34.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Video Edit Magic 4.34.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Video Editor Tools AIO.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Video Editor Tools AIO.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Waves Mercury Bundle VST DX RTAS v5.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Waves Mercury Bundle VST DX RTAS v5.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\WebcamMax 3.2.0.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\WebcamMax 3.2.0.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Wes Cravens New Nightmare 1994 WS DVDRip XviD iNT-EwDp.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Wes Cravens New Nightmare 1994 WS DVDRip XviD iNT-EwDp.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Win SCP ver4.0.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Win SCP ver4.0.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Winamp 5.5 Beta.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Winamp 5.5 Beta.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Windows docter 1.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Windows docter 1.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Windows Docter v1.6.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Windows Docter v1.6.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Windows Doctor Pro V1.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Windows Doctor Pro V1.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Windows Server 2008.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Windows Server 2008.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\WinRAR v.3.71.1.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\WinRAR v.3.71.1.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Xara Xtreme Pro 3.2.4.3017.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Xara Xtreme Pro 3.2.4.3017.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Xilinx PlanAhead v9.2.5.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Xilinx PlanAhead v9.2.5.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Xilisoft Video Converter 3.1.44.1105b.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Xilisoft Video Converter 3.1.44.1105b.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Xtreme Toolkit Pro 11.20.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Xtreme Toolkit Pro 11.20.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\XYplorer 6.50.0000.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\XYplorer 6.50.0000.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Yahoo Webcam Recorder v1.2.3.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Yahoo Webcam Recorder v1.2.3.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Yahoo! Messenger 9.0.0.797 Beta.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Yahoo! Messenger 9.0.0.797 Beta.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Zaxwerks 3D Warps v1.3.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Zaxwerks 3D Warps v1.3.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Zaxwerks ProAnimator v4.3.0.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Zaxwerks ProAnimator v4.3.0.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\'\Zone Alarm Security Suite 7.1.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\'\Zone Alarm Security Suite 7.1.zip ZIP: infected - 1 skipped
C:\WINDOWS\Fonts\a.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\WINDOWS\Fonts\a.zip ZIP: infected - 1 skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{37C44EDC-0E04-45DF-94FD-0CE358CE0EAA}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\hsperfdata_SYSTEM\584 Object is locked skipped
C:\WINDOWS\Temp\ib10 Object is locked skipped
C:\WINDOWS\Temp\ib8 Object is locked skipped
C:\WINDOWS\Temp\ib9 Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_5a0.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580000.VBN/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580000.VBN/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580000.VBN/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580000.VBN ZIP: infected - 3 skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580000.VBN CryptZ: infected - 3 skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580001.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4580002.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640000.VBN/BaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640000.VBN/VaaaaaaaBaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640000.VBN/Baaaaa.class Infected: Trojan.Java.ClassLoader.ao skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640000.VBN ZIP: infected - 3 skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640000.VBN CryptZ: infected - 3 skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640001.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4640002.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4680000.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800000.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800001.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800002.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800003.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4800004.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4880000.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine48C0000.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4900000.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine49C0000.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine49C0001.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4A00000.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4A00001.VBN Infected: Trojan.Java.ClassLoader.k skipped
F:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine4A00002.VBN Infected: Trojan.Java.ClassLoader.i skipped
F:\HiJackThis\backups\backup-20071108-224742-766.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
F:\HiJackThis\backups\backup-20071108-232040-221.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ahq skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{58702EE2-AE98-4C0E-BC0A-5AA62E647257}\RP63\change.log Object is locked skipped
F:\System Volume Information\_restore{A19503AF-5342-4EA0-A2C5-FEBCAD24C92C}\RP246\A0034624.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.v skipped
F:\System Volume Information\_restore{A19503AF-5342-4EA0-A2C5-FEBCAD24C92C}\RP246\A0034626.exe/data0007 Infected: Trojan.Win32.Obfuscated.en skipped
F:\System Volume Information\_restore{A19503AF-5342-4EA0-A2C5-FEBCAD24C92C}\RP246\A0034626.exe NSIS: infected - 1 skipped
F:\WINDOWS\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.b skipped
F:\WINDOWS\Temp\hsperfdata_SYSTEM\252 Object is locked skipped

Scan process completed.

#8 thuband

Newbie

Members
5 posts

Posted 16 November 2007 - 11:56 PM

The Kapersky log text file would not upload. Too big.

#9 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 17 November 2007 - 12:58 PM

Hi

Please do following things and then run kaspersky webscanner again

1. Delete C:\WINDOWS\Fonts\' folder (be careful here and remove only ' subfolder not whole Fonts folder!)
2. Delete c:\qoobox folder
3. Empty recycler bin
4. Delete Norton Antivirus quarantined items.

You may upload the log to http://rapidshare.com

#10 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 17 November 2007 - 08:35 PM

It is really bad news in that recent reports on this nasty include the fact that it not only contacts a remote site to download additional malware to the PC, but also that it often includes a data theft routine to steal info off of your computer and a password stealer which may affect any and all accounts you have stored on there. As soon as this PC is clean, you need to change all accounts and all passwords!!

This is a very serious threat and I can't caution you enough about the damage going on. This is beyond a spyware/adware problem in that this infection includes this extremely dangerous backdoor/remote access trojan. We are seeing quite a few of these and it is one of the nastier infections we have seen in quite a while.

What is a backdoor or remote access trojan?
Read this article.
Danger: Remote Access Trojans
http://www.microsoft...;/virusrat.mspx

Basically, your system has been compromised. Anyone may have had access to anything on your system or done whatever they want to it and hidden it from you.

I'm now getting real concerned if this PC is still connected to the internet and being used? You are at high risk of identify theft as well. Really the best remediation recommendation may be to stop trying to clean and do a reformat/reinstall of the operating system to be certain this machine is trustworthy for future use.

When should I re-format? How should I reinstall?
http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
http://www.dslreports.com/faq/10451

#11 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 24 November 2007 - 02:39 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else please begin a New Topic.

Thank You !

Back to Resolved/Inactive HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users