IE opens numerous windows of itself

Started by Tulert , Jul 17 2009 10:09 PM

Next

This topic is locked

24 replies to this topic

#1 Tulert

Advanced Member

Members
34 posts

Posted 17 July 2009 - 10:09 PM

Well, I am not totally sure I am infected as Malwarebytes' Anti-Malware is not finding anything even with a full scan. However I already observed 3 or 4 instances of my Internet Exprorer opening Window after Window after Window... of itself. This happened when I closed one of the IE windows I was using. The remedy was to Kill the iexplore.exe in the Process Explorer [www.sysinternals.com]. This never happened before.

Also this computer rebooted itself while I was away, not sure what happened then but it wasn't a power outage. The other info I have is that I've tried to hit a link on the same Website as my other computer that got Virtumonde.

Here is the Log file...

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 3:57:45 PM, on 7/17/2009
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18248)
Boot mode: Normal

Running processes:
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\tp4serv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\aaa\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE
c:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Utilities\HijackThis\HijackThis.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PWMTRV] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [BLOG] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\BTVLogEx.DLL,StartBattLog
O4 - HKLM\..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe
O4 - HKLM\..\Run: [LPManager] C:\PROGRA~1\THINKV~1\PrdCtr\LPMGR.exe
O4 - HKLM\..\Run: [TpShocks] TpShocks.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [LogitechCommunicationsManager] "C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe"
O4 - HKLM\..\Run: [LogitechQuickCamRibbon] "C:\Program Files\Logitech\QuickCam\Quickcam.exe" /hide
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Google IME Autoupdater] "C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "c:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Message Center Plus] C:\Program Files\LENOVO\Message Center Plus\MCPLaunch.exe /start
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes Anti-Malware\mbamgui.exe /install /silent
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [wclock] "C:\Users\Administrator\AppData\Roaming\Google\wclock.exe" 2
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: VPN Client.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Copy to Semagic - C:\Program Files\Semagic\copy.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Semagic - C:\Program Files\Semagic\link.htm
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://*.update.microsoft.com
O16 - DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} (Windows Live Photo Upload Control) - http://cid-14e08c9a5...nPUplden-us.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\Windows\system32\AEADISRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Juniper Network Connect Service (dsNcService) - Juniper Networks - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - C:\Program Files\NCH Software\Eyeline\eyeline.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\Windows\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LVCOMSer - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
O23 - Service: Process Monitor (LVPrcSrv) - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
O23 - Service: LVSrvLauncher - Logitech Inc. - C:\Program Files\Common Files\LogiShrd\SrvLnch\SrvLnch.exe
O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - C:\Program Files\Lenovo\System Update\SUService.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\Windows\System32\TPHDEXLG.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12095 bytes

Back to top

#2 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 19 July 2009 - 09:31 AM

Hi,

You seem to have p2p software installed there. Nowadays big part of infections are obtained from p2p networks. I recommend to uninstall such software. If you don't uninstall then you still have to disable those from running during the process here.

Download DDS and save it to your desktop from here or here or here.
Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs:
- DDS.txt
- Attach.txt
Save both reports to your desktop. Post them back to your topic.

Download GMER here by clicking download exe -button and then saving it your desktop:

Double-click .exe that you downloaded
Click rootkit-tab and then scan.
Don't check
Show All
box while scanning in progress!
When scanning is ready, click Copy.
This copies log to clipboard
Post log in your reply.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#3 Tulert

Advanced Member

Members
34 posts

Posted 21 July 2009 - 11:43 PM

Download DDS.
Disable any script blocker

I didn't disable anything as I am not sure I have something like that, in any case I don't know what to disable.

Post reports back to your topic.

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 17:21:29.74 on 07/21/2009 Tue
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_12
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\tp4serv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\aaa\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE
c:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
c:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = [Deleted by me]
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [wclock] "c:\users\administrator\appdata\roaming\google\wclock.exe" 2
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes anti-malware\mbamgui.exe /install /silent
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{c91de044-d900-4f15-bbd1-44fd9d59b277}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - 'Deleted by me'
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-14e08c9a5320b558.spaces.live.com/PhotoUpload/VistaMsnPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_12-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://vpnconnect.bus.miami.edu/dana-cached/sc/JuniperSetupClient.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\
FF - prefs.js: browser.search.selectedEngine - nciku
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&source=iglk
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-4 208896]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-8-30 13744]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]

=============== Created Last 30 ================

2009-07-16 18:16 <DIR> --d----- c:\program files\Malwarebytes Anti-Malware
2009-07-14 12:19 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 12:19 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 12:19 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 12:19 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-12 00:23 <DIR> --d----- c:\program files\Utilities
2009-07-03 10:38 <DIR> --d----- c:\program files\uTorrent
2009-07-03 10:37 <DIR> --d----- c:\users\admini~1\appdata\roaming\uTorrent
2009-07-01 10:33 <DIR> --d----- C:\ChipGenius
2009-06-30 17:53 22,872 a----r-- c:\windows\system32\AdobePDFUI.dll
2009-06-30 12:53 <DIR> --d----- C:\_AcroTemp
2009-06-23 16:46 299,520 a------- c:\windows\uninst.exe
2009-06-22 11:21 <DIR> --d----- c:\program files\LizardTech

==================== Find3M ====================

2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 12:20 86,016 a------- c:\windows\inf\infpub.dat
2009-06-14 12:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 12:20 86,016 a------- c:\windows\inf\infstor.dat
2009-06-10 10:13 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-05-30 22:50 0 a------- c:\windows\system32\drivers\lvuvc.hs
2009-05-12 12:12 1,712,128 a------- c:\windows\system32\libmysql_d.dll
2009-04-24 11:05 827,904 a------- c:\windows\system32\wininet.dll
2009-04-24 11:02 78,336 a------- c:\windows\system32\ieencode.dll
2009-04-24 08:44 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-04-23 07:43 784,896 a------- c:\windows\system32\rpcrt4.dll
2009-04-23 07:42 636,928 a------- c:\windows\system32\localspl.dll
2008-08-30 11:59 174 a--sh--- c:\program files\desktop.ini
2008-08-30 11:37 665,600 a------- c:\windows\inf\drvindex.dat
2007-12-31 23:03 32 a------- c:\programdata\ezsid.dat
2007-12-31 23:03 32 a------- c:\progra~2\ezsid.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfc.dat
2007-09-01 09:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:23:49.10 ===============

Attached Files

DDS_Attach_090721.zip 4.66K 604 downloads

Back to top

#4 Tulert

Advanced Member

Members
34 posts

Posted 22 July 2009 - 03:22 AM

Just got a reboot after trying to open a 2-nd window of IE.
This interrupted the work of GMER...
I've ran DDS again, pls let me know if those logs should be posted.
Got notification of the following:

Problem signature:
Problem Event Name: BlueScreen
OS Version: 6.0.6001.2.1.0.256.4
Locale ID: 1033

Additional information about the problem:
BCCode: 50
BCP1: 80FDC004
BCP2: 00000000
BCP3: E9A6F6BA
BCP4: 00000000
OS Version: 6_0_6001
Service Pack: 1_0
Product: 256_1

Files that help describe the problem:
C:\Windows\Minidump\Mini072109-01.dmp
C:\Users\Administrator\AppData\Local\Temp\WER-261239-0.sysdata.xml
C:\Users\Administrator\AppData\Local\Temp\WERAB9.tmp.version.txt

Read our privacy statement:
http://go.microsoft....mp;clcid=0x0409

Edited by Tulert, 22 July 2009 - 03:40 AM.

Back to top

#5 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 22 July 2009 - 07:56 AM

Hi,

No script blockers present since logs got generated

Did you try to run GMER again? I'd like to see a log from it too.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#6 Tulert

Advanced Member

Members
34 posts

Posted 22 July 2009 - 04:38 PM

Post GMER log in your reply.

Hmmm -- this is really short! The one I had before reboot wash MUCH longer. Not sure how long this one took as I was away but the 1-st one was taking quite long...
I will rerun this.

*************************
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-22 10:32:08
Windows 6.0.6001 Service Pack 1

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85D2B1E8
Device \FileSystem\fastfat \Fat 888DC1E8

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\tdx \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

---- EOF - GMER 1.0.15 ----

Back to top

#7 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 22 July 2009 - 11:10 PM

Hi,

You seem to have p2p file sharing stuff installed there. Nowadays risks are high to get the system infected of p2p download. I recommend to uninstall such software.

Show hidden files (Vista)
-----------------
1. Open Folder Options by clicking the Start button, clicking Control Panel, clicking Appearance and Personalization, and then clicking Folder Options.
2. Click the View tab.
3. Under Advanced settings, click Show hidden files and folders, and then click OK.

Upload following file to Virustotal and post back the results or a link to the results:
C:\Users\Administrator\AppData\Roaming\Google\wclock.exe

These should be uninstalled and Firefox 3.5 installed if you use that browser:
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (3.0.6)

Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it) here or get Foxit Reader here. Make sure you don't install toolbar if choose Foxit Reader! You may also check free readers introduced here.

Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 14.
Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.
The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u14-windows-i586-p.exe to install the newest version. Uncheck MSN toolbar if it's offered there.

Download ATF (Atribune Temp File) Cleaner© by Atribune to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.

Kaspersky Online Scanner

Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

Read the requirements and privacy statement then click on the Accept button.

The program will launch and start to download the latest definition files.

You will be prompted to install an application from Kaspersky. Click Run

Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Spyware, Adware, Dialers, and other potentially dangerous programs
Archives

Click on My Computer under Scan.

Once the scan is complete, it will display the results. Click on View Scan Report.

Click on Save Report As....

Change the Files of type to Text file (.txt) before clicking on the Save button.

Save this report to a convenient place.

Copy and paste that information into your topic. Is that IE window related thing still occuring?

The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.

If you need a tutorial, see here

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#8 Tulert

Advanced Member

Members
34 posts

Posted 22 July 2009 - 11:11 PM

GMER is still running but I took the liberty to copy whatever it produced so far.

*************************
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-07-22 13:53:16
Windows 6.0.6001 Service Pack 1

---- System - GMER 1.0.15 ----

SSDT 9345B838 ZwAlertResumeThread
SSDT 9345B918 ZwAlertThread
SSDT 9345A090 ZwAllocateVirtualMemory
SSDT 935CFC38 ZwConnectPort
SSDT 9345B598 ZwCreateMutant
SSDT 9345A270 ZwCreateThread
SSDT 9345A788 ZwFreeVirtualMemory
SSDT 9345B678 ZwImpersonateAnonymousToken
SSDT 9345B758 ZwImpersonateThread
SSDT 8FDF71B0 ZwMapViewOfSection
SSDT 9345B4B8 ZwOpenEvent
SSDT 9345A160 ZwOpenProcessToken
SSDT 93459230 ZwOpenThreadToken
SSDT 93441458 ZwResumeThread
SSDT 93459150 ZwSetContextThread
SSDT 93459310 ZwSetInformationProcess
SSDT 93459070 ZwSetInformationThread
SSDT 9345C008 ZwSuspendProcess
SSDT 9345BA60 ZwSuspendThread
SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys ZwTerminateProcess [0x93C73F20]
SSDT 9345BB40 ZwTerminateThread
SSDT 8FDF70D0 ZwUnmapViewOfSection
SSDT 9345A848 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text ntkrnlpa.exe!KeSetTimerEx + 350 822D5914 8 Bytes [38, B8, 45, 93, 18, B9, 45, ...] {CMP [EAX-0x46e76cbb], BH; INC EBP; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 364 822D5928 4 Bytes [90, A0, 45, 93]
.text ntkrnlpa.exe!KeSetTimerEx + 3F4 822D59B8 4 Bytes [38, FC, 5C, 93] {CMP AH, BH; POP ESP; XCHG EBX, EAX}
.text ntkrnlpa.exe!KeSetTimerEx + 428 822D59EC 2 Bytes [98, B5]
.text ntkrnlpa.exe!KeSetTimerEx + 42B 822D59EF 1 Byte [93]
.text ...
? C:\Windows\System32\Drivers\sptd.sys The process cannot access the file because it is being used by another process.
.text USBPORT.SYS!DllUnload 8F5E946F 5 Bytes JMP 88B631C8
.text akb211wr.SYS 8F8B8000 22 Bytes [26, D2, 5D, 82, 10, D1, 5D, ...]
.text akb211wr.SYS 8F8B8017 126 Bytes [00, 32, 27, 78, 80, 3D, 25, ...]
.text akb211wr.SYS 8F8B8096 54 Bytes [27, 82, 78, 85, 27, 82, 00, ...]
.text akb211wr.SYS 8F8B80CE 73 Bytes [00, 00, 00, 00, 01, C2, 03, ...]
.text akb211wr.SYS 8F8B8118 185 Bytes [3F, 48, 3E, 8A, 3C, CC, 3D, ...]
.text ...
? C:\Windows\system32\Drivers\PROCEXP113.SYS The system cannot find the file specified. !

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!free 76789D32 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!malloc 76789DAD 5 Bytes JMP 0A93BE10 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!??3@YAXPAX@Z 7678A17F 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!??2@YAPAXI@Z 7678A18F 5 Bytes JMP 0A93C080 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!realloc 7678AC56 5 Bytes JMP 0A93BE90 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!calloc 7678C69A 5 Bytes JMP 0A93BE50 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_msize 7678EC4F 5 Bytes JMP 0A93BEB0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_aligned_free 767AD34B 5 Bytes JMP 0A93C0E0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_aligned_malloc 767AD445 5 Bytes JMP 0A93BFC0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_aligned_offset_malloc 767AD461 5 Bytes JMP 0A93BFE0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!?set_new_handler@@YAP6AXXZP6AXXZ@Z 767D99B5 5 Bytes JMP 0A93C110 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_aligned_offset_realloc 767D99C5 5 Bytes JMP 0A93C020 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_expand 767D9B3A 5 Bytes JMP 0A93BFA0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapadd 767DB6C0 5 Bytes JMP 0A93C160 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapchk 767DB6D4 5 Bytes JMP 0A93C170 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapset + 1 767DB7D6 4 Bytes JMP 0A93C191 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapmin 767DB7DF 5 Bytes JMP 0A93C260 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapused 767DB8C5 5 Bytes JMP 0A93C230 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_heapwalk 767DB8D8 5 Bytes JMP 0A93C1A0 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)
.text C:\Program Files\palmOne\HOTSYNC.EXE[4132] MSVCRT.dll!_aligned_realloc 767E39FA 5 Bytes JMP 0A93C000 C:\Program Files\palmOne\SHW32.DLL (Memory Management Library for Win32/MicroQuill Software Publishing, Inc.)

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [8068F61E] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [8068EAD4] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [8068F748] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUshort] [8068EB9C] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [8068EC1A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [806A429A] \SystemRoot\System32\Drivers\sptd.sys
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortNotification] 000000DC
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortWritePortUchar] 000000A2
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortWritePortUlong] 00000333
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortGetPhysicalAddress] 000003D8
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortConvertPhysicalAddressToUlong] 0000024D
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortGetScatterGatherList] 00000201
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortReadPortUchar] 000001EF
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortStallExecution] 0000031F
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortGetParentBusType] 000000A1
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortRequestCallback] 0000025C
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortWritePortBufferUshort] 000003BE
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortGetUnCachedExtension] 00000215
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortCompleteRequest] 000000DD
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortMoveMemory] 00000190
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortCompleteAllActiveRequests] 00000182
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortReleaseRequestSenseIrb] 00000363
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortBuildRequestSenseIrb] 00000258
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortReadPortUshort] 0000030E
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortReadPortBufferUshort] 0000017E
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortInitialize] 00000254
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortGetDeviceBase] 0000019E
IAT \SystemRoot\System32\Drivers\akb211wr.SYS[ataport.SYS!AtaPortDeviceStateChange] 000000AB

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Program Files\Skype\Phone\Skype.exe[2412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [02DD2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [02DD2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [02DD2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Phone\Skype.exe[2412] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [02DD2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01C42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01C42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01C42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Live\Messenger\msnmsgr.exe[2444] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01C42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [74A77BA4] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [74AB98C5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [74A7D3C8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [74A6F527] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [74A77599] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [74A6E43D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [74AAB33D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [74A7D68A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [74A7012E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [74A70095] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [74A671F3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74AFD802] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [74A975E1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [74A6DAE1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74A6668F] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [74A666BA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [74A71E45] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18065_none_9e7abe2ec9c13222\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [032D2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [032D2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [032D2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\Explorer.EXE[3012] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [032D2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00342F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00342D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00342CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE[3028] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00342CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00942F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00942D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00942CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe[3448] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00942CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\AAA\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B42F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\AAA\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B42D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\AAA\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B42CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\AAA\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE[3616] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B42CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [019A2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [019A2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [019A2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Windows Media Player\wmpnscfg.exe[3628] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [019A2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00B02F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00B02D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00B02CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Logitech\QuickCam\Quickcam.exe[3788] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00B02CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\palmOne\HOTSYNC.EXE[4132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00CA2F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\palmOne\HOTSYNC.EXE[4132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00CA2D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\palmOne\HOTSYNC.EXE[4132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00CA2CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\palmOne\HOTSYNC.EXE[4132] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00CA2CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00192F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00192D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00192CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Windows\system32\wuauclt.exe[4828] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00192CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[5296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00282F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[5296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00282D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[5296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00282CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Java\jre6\bin\jucheck.exe[5296] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00282CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [01752F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [01752D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [01752CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Program Files\Skype\Plugin Manager\skypePM.exe[5364] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [01752CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Administrator\Desktop\7l8qbyhy.exe[5668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtCreateFile] [00A82F30] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Administrator\Desktop\7l8qbyhy.exe[5668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtClose] [00A82D00] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Administrator\Desktop\7l8qbyhy.exe[5668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDeviceIoControlFile] [00A82CA0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)
IAT C:\Users\Administrator\Desktop\7l8qbyhy.exe[5668] @ C:\Windows\system32\kernel32.dll [ntdll.dll!NtDuplicateObject] [00A82CD0] C:\Program Files\Common Files\Logishrd\LVMVFM\LVPrcInj.dll (Camera Helper Library./Logitech Inc.)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 85D2B1E8
Device \FileSystem\fastfat \FatCdrom 93479610
Device \Driver\volmgr \Device\VolMgrControl 85D251E8
Device \Driver\usbuhci \Device\USBPDO-0 88B0A790
Device \Driver\usbuhci \Device\USBPDO-1 88B0A790
Device \Driver\usbehci \Device\USBPDO-2 88B2F790
Device \Driver\usbuhci \Device\USBPDO-3 88B0A790
Device \Driver\usbuhci \Device\USBPDO-4 88B0A790

AttachedDevice \Driver\tdx \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\usbehci \Device\USBPDO-5 88B2F790
Device \Driver\netbt \Device\NetBT_Tcpip_{EE5ED769-80C5-416B-99D4-64E1F7C8D7A1} 8FDF81E8
Device \Driver\volmgr \Device\HarddiskVolume1 85D251E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\volmgr \Device\HarddiskVolume2 85D251E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\cdrom \Device\CdRom0 899C81E8
Device \Driver\volmgr \Device\HarddiskVolume3 85D251E8

AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)

Device \Driver\netbt \Device\NetBT_Tcpip_{6FA9A0E2-0238-406F-83ED-F2D42B898F1D} 8FDF81E8
Device \Driver\iaStor \Device\Ide\iaStor0 85D271E8
Device \Driver\iaNvStor \Device\Ide\IAACache0 85D281E8
Device \Driver\atapi \Device\Ide\IdePort0 85D291E8
Device \Driver\iaNvStor \Device\Ide\RobsonImd-0 85D281E8
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 85D271E8
Device \Driver\netbt \Device\NetBt_Wins_Export 8FDF81E8
Device \Driver\netbt \Device\NetBT_Tcpip_{4EB5C849-C319-45DF-BF76-A61496E3D50B} 8FDF81E8
Device \Driver\iScsiPrt \Device\RaidPort0 88C651E8

AttachedDevice \Driver\tdx \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device \Driver\USBSTOR \Device000089 8FCEE1E8
Device \Driver\usbuhci \Device\USBFDO-0 88B0A790
Device \Driver\usbuhci \Device\USBFDO-1 88B0A790
Device \Driver\PCI_NTPNP3070 \Device00006e sptd.sys
Device \Driver\usbehci \Device\USBFDO-2 88B2F790
Device \Driver\usbuhci \Device\USBFDO-3 88B0A790
Device \Driver\usbuhci \Device\USBFDO-4 88B0A790
Device \Driver\usbehci \Device\USBFDO-5 88B2F790
Device \Driver\USBSTOR \Device00008b 8FCEE1E8
Device \Driver\akb211wr \Device\Scsi\akb211wr1 88C09790
Device \Driver\akb211wr \Device\Scsi\akb211wr1Port3Path0Target0Lun0 88C09790
Device \FileSystem\fastfat \Fat 93479610

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF7 0x9B 0x77 0xAD ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x9D 0x5D 0x77 0x5A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x06 0xED 0xE0 0x9A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@p0 C:\Program Files\DAEMON Tools\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xF7 0x9B 0x77 0xAD ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001@khjeh 0x9D 0x5D 0x77 0x5A ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4000001Jf40@khjeh 0x06 0xED 0xE0 0x9A ...

----- EOF by Tulert --------------------

Back to top

#9 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 22 July 2009 - 11:26 PM

Hi,

Please see my post before your GMER log. Replied just a moment before your post.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#10 Tulert

Advanced Member

Members
34 posts

Posted 23 July 2009 - 04:46 PM

Just as an update -- GMER is still running and it slows the computer a lot. I will follow instructions once it is finished.

And another one: GMER didn't finish, computer got rebooted ~12:55pm. It did complain for a while about low resources so I am inclined to blame that rather than anything else.

I am pretty reluctant to start it again just because it takes so many resources and I cannot work on this machine pretty much at all. But please let me know if having a final result is very desirable and I'll think about my options.

One more, 1:41pm:

Upload following file
C:\Users\Administrator\AppData\Roaming\Google\wclock.exe

This file is not there. I did the procedure for "Hidden Files', already was supposed to see those.

Just ran DDS, I do see
uRun: [wclock] "c:\users\administrator\appdata\roaming\google\wclock.exe" 2
in it. But I don't see any wclock.exe in that destination...

Edited by Tulert, 23 July 2009 - 08:02 PM.

Back to top

#11 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 23 July 2009 - 10:14 PM

Hi,

It's possible that wclock entry is just a leftover. Please follow other steps listed there (don't need to re-run GMER for now)

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#12 Tulert

Advanced Member

Members
34 posts

Posted 07 August 2009 - 02:01 AM

You seem to have p2p file sharing stuff installed there. I recommend to uninstall such software.

Not done, not feasible, sorry.

Upload ... C:\Users\Administrator\AppData\Roaming\Google\wclock.exe

Not done as file not found as discussed.

These should be uninstalled and Firefox 3.5 installed:
Mozilla Firefox (2.0.0.4)
Mozilla Firefox (3.0.6)

Done.

Uninstall old Adobe Reader versions and get the latest one (9.1 + update 9.1.2 for it)

Done.

Remove older version Java components and update to the latest version

Done.

Download ATF (Atribune Temp File) Cleaner© ... Empty Selected ... Firefox

Done

Kaspersky Online Scanner

Running at the moment, now at 92%.

Sorry it took so long to get back. Got "stuck" at ATF step as wanted to finish a couple of projects and was afraid this might erase some things I needed.

In the meantime while running Kaspersky I've got the following warnings (see pic.). I figure it means I do have something acting on this machine...

Attached Thumbnails

Back to top

#13 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 07 August 2009 - 05:47 PM

Not done, not feasible, sorry.

It was just a recommendation. I won't force to uninstall but will remind you that if the system gets reinfected later, there may not be helper assisting again.

Shall wait for Kaspersky results. Post a fresh dds.txt log along with it when ready.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#14 Tulert

Advanced Member

Members
34 posts

Posted 07 August 2009 - 06:22 PM

It was just a recommendation.

I know but you should know what was and wasn't done nevertheless.

there may not be helper assisting again.

Does it matter whether the infection comes through a p2p or not (not meant to argue with the rules, just curious)? I don't think the infections I've got were acquired through a p2p but this might not be provable.

Also, which Antivirus & Malware, Adware etc protection do you think is the best to have, commercial or free doesn't matter? Do they protect from p2p threats? And how likely are they to produce false alerts?

Edited by Tulert, 07 August 2009 - 06:25 PM.

Back to top

#15 Tulert

Advanced Member

Members
34 posts

Posted 07 August 2009 - 06:29 PM

Kaspersky Report

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, August 6, 2009
Operating System: Microsoft Windows Vista Enterprise Edition, 32-bit Service Pack 1 (build

6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, August 06, 2009 00:42:53
Records in database: 2584686
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Files scanned: 1271993
Threat name: 50
Infected objects: 350
Suspicious objects: 34
Duration of the scan: 26:52:21

File name / Threat name / Threats count
C:\Edited\download\Share2\Share\Share.exe Infected: not-a-virus:Client-

P2P.Win32.Share.a 1
C:\Edited\download\Share2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1

C:\PEBuilder\Bootable USB Utilities_Fuwi.zip Infected: not-a-

virus:RiskTool.Win32.MBRFix.a 1
C:\PEBuilder\USB Boot Utilities\mbrfix.exe Infected: not-a-

virus:RiskTool.Win32.MBRFix.a 1

PEBuilder => mine

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0000

\4B3E038E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0001

\4B3E0757.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0002

\4B3E077A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0003

\4B3E083F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0004

\4B3E0949.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0005

\4B3E0972.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0006

\4B3E0A7E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80000

\4FFD66C9.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80001.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80002.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80003.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80004.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80005.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80006.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0000

\5FEE9FEC.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0001

\5FEEA064.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0002

\5FEEA0EA.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0003

\5FEEA152.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0004

\5FEEA21A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0005

\5FEF9E5F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0006.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0007.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0008.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0009.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000A.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000B.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000C.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000D.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine\15EC000E\5FEF9EF2.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0010

\5FFD06BD.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0011

\5FFD9D0B.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80000.VBN

Infected: P2P-Worm.Win32.Kapucen.b 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: Trojan-Downloader.Win32.Agent.hjs 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: Trojan-Downloader.Win32.PurityScan.gc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80003.VBN

Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80004.VBN

Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN

Infected: Trojan-Proxy.Win32.Horst.be 13
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN

Infected: Trojan.Win32.Pakes.azc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80012.VBN

Infected: P2P-Worm.Win32.Kapucen.b 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80013.VBN

Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80014.VBN

Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0000

\4B3E038E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0001

\4B3E0757.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0002

\4B3E077A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0003

\4B3E083F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0004

\4B3E0949.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0005

\4B3E0972.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0006

\4B3E0A7E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80000

\4FFD66C9.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80001.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80002.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80003.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80004.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80005.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80006.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0000

\5FEE9FEC.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0001

\5FEEA064.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0002

\5FEEA0EA.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0003

\5FEEA152.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0004

\5FEEA21A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0005

\5FEF9E5F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0006.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0007.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0008.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0009.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000A.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000B.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000C.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000D.VBN

Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine\15EC000E\5FEF9EF2.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0010

\5FFD06BD.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0011

\5FFD9D0B.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80000.VBN

Infected: P2P-Worm.Win32.Kapucen.b 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: Trojan-Downloader.Win32.Agent.hjs 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN

Infected: Trojan-Downloader.Win32.PurityScan.gc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80003.VBN

Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80004.VBN

Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN

Infected: Trojan-Proxy.Win32.Horst.be 13
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN

Infected: Trojan.Win32.Pakes.azc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80012.VBN

Infected: P2P-Worm.Win32.Kapucen.b 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80013.VBN

Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80014.VBN

Infected: Trojan-Dropper.Win32.Delf.xo 2
E:80828_Edited Passport\Edited-1 Nonparametric Regression.rar Infected: P2P-

Worm.Win32.Kapucen.b 1
E:80828_Edited Passport\Edited-2 Infected: not-a-virus:AdWare.Win32.PurityScan.fk

1
E:80828_Edited Passport\Edited-3 Infected: Trojan-Downloader.Win32.Agent.hjs 1
E:80828_Edited Passport\Edited-4 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad

1
E:80828_Edited Passport\Edited-5 Infected: Trojan-Downloader.Win32.PurityScan.gc 1
E:80828_Edited Passport\Edited-6 Infected: P2P-Worm.Win32.Kapucen.b 1
E:80828_Edited Passport\Edited-7 Infected: Trojan-Dropper.Win32.Delf.xo 1

E:\Edited\Bootable USB Utilities_Fuwi.zip Infected: not-a-

virus:RiskTool.Win32.MBRFix.a 1

Fuwi.zip => mine

E:90524_Blackout\Edited-8 Infected: not-a-virus:RiskTool.Win32.MBRFix.a 2
E:90524_Blackout\Edited-9 Infected: Backdoor.Win32.Hupigon.fgvq 1
E:\Edited\Eudora\Junk.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
E:\Edited\Eudora\Kinder.mbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
E:\Edited\Eudora\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 9
E:\Edited\Grammar_2006_AV060822.rar Infected: Trojan-Dropper.Win32.VB.lhn 1
E:\Edited 4pack_AV060910.rar Infected: Trojan-Dropper.Win32.VB.lhn 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\hijack\viruses\horst.rar Infected: Trojan-Proxy.Win32.Horst.be 13
E:\Edited\hijack\viruses\horst.rar Infected: Trojan.Win32.Pakes.azc 1
E:\Edited finder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine1D80000.VBN Infected: Email-Worm.Win32.Swen 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine1E40000.VBN Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480000.VBN Infected: Exploit.VBS.Phel.a 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480001.VBN Infected: Exploit.VBS.Phel.a 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480002.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480003.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480004.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480005.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3480006.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine3580000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine35C0000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine35C0001.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0000.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0001.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0002.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0003.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0004.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0005.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0006.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0007.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0008.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0009.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000A.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000B.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000C.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000D.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000E.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C000F.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0010.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0011.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0012.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0013.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0014.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0015.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0016.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0017.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0018.VBN Infected: Backdoor.Win32.Medbot.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine36C0019.VBN Infected: Backdoor.Win32.IRCBot.nw 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0004.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0005.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0006.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0007.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0008.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C0009.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C000A.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C000B.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C000C.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine38C000D.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine40C0000.VBN Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680000.VBN Infected: Trojan-Downloader.Win32.Zlob.ban 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680001.VBN Infected: Trojan-Downloader.Win32.Zlob.ban 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680002.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680003.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680004.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine4680005.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5780000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5880001.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5880003.VBN Infected: Trojan-Downloader.Win32.Zlob.bbc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine58C0000.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine58C0001.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine58C0002.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine58C0003.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine58C0004.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40004.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40005.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40006.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40007.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40008.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine5F40009.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040000.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040001.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040002.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040003.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040006.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040007.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040008.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6040009.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine604000A.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine604000B.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine61C0000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6200000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6380000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6380001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6380002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6380003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine6F40000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100000.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100001.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100002.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100003.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7100005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\Quarantine7B00000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280000.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280001.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280002.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280003.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280004.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280005.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280006.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280007.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280008.VBN Infected: Trojan-Proxy.Win32.Horst.ax 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD280009.VBN Infected: Trojan-Proxy.Win32.Horst.ax 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000A.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000B.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000C.VBN Infected: Trojan-Proxy.Win32.Horst.be 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000D.VBN Infected: Trojan-Proxy.Win32.Horst.be 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000E.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineD28000F.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00000.VBN Infected: Trojan-Downloader.Win32.IstBar.is 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00001.VBN Infected: Trojan-Downloader.Win32.IstBar.is 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00006.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00007.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00008.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00009.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000A.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000B.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000C.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000D.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000E.VBN Infected: Email-Worm.Win32.Bagle.ek 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0000F.VBN Infected: Email-Worm.Win32.Bagle.ek 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00010.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00011.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00012.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00013.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00014.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00015.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00016.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00017.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00018.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00019.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001A.VBN Infected: Email-Worm.Win32.Mydoom.am 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001B.VBN Infected: Email-Worm.Win32.Mydoom.am 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001C.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001D.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001E.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0001F.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00020.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00021.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00022.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00023.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00024.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00025.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00026.VBN Infected: Trojan-Downloader.Win32.Bagle.g 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00027.VBN Infected: Trojan-Downloader.Win32.Bagle.g 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00028.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE00029.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0002A.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0002B.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0002C.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineDE0002D.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineFFC0000.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5

\QuarantineFFC0003.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\ZwinkySetup2.3.50.21.ZJman000.exe Infected: not-a-

virus:WebToolbar.Win32.MyWebSearch.dt 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-

virus:Monitor.Win32.Agent.c 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-

virus:WebToolbar.Win32.MyWebSearch.ax 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Infected: not-a-

virus:AdTool.Win32.MyWebSearch.cl 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-

virus:WebToolbar.Win32.MyWebSearch.du 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-

virus:WebToolbar.Win32.MyWebSearch.du 1
E:\Edited\Program Files\Qualcomm\Eudora\Junk.mbx Suspicious: Trojan-

Spy.HTML.Fraud.gen 11
E:\Edited\Program Files\Qualcomm\Eudora\Kinder.mbx Infected: Trojan-

Spy.HTML.Bayfraud.ib 1
E:\Edited 10-2006.rar Infected: P2P-Worm.Win32.Kapucen.b 1
E:\Edited le0.47c.zip Infected: not-a-virus:AdWare.Win32.Shopper.k 1
E:\Edited RBS(1).zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited RBS.zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited RBS.zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
E:\Edited Infected: not-a-virus:AdWare.Win32.Ucmore 1
E:\Edited\vnc-3.3.3r9_x86_win32\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-

virus:RemoteAdmin.Win32.WinVNC.333 1
E:\Edited\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333

1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
The selected area was scanned.

-------------------EOF------------

Back to top

#16 Tulert

Advanced Member

Members
34 posts

Posted 07 August 2009 - 07:01 PM

DDS Report
--------------------------------------------------------------------------

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 12:32:52.02 on 08/07/2009 Fri
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-

E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\tp4serv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mspaint.exe
C:\Windows\system32\NOTEPAD.EXE
c:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program

files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program

files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search

enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program

files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program

files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program

files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program

files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program

files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows

live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [wclock] "c:\users\administrator\appdata\roaming\google\wclock.exe" 2
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common

files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common

files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0

\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1

\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1

\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk -

c:\windows\installer\{c91de044-d900-4f15-bbd1-44fd9d59b277}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common

files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} -

c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} -

c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} -

c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} -

c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://Edited
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-

14e08c9a5320b558.spaces.live.com/PhotoUpload/VistaMsnPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-

1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} -

hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://Edited
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1

\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program

files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\
FF - prefs.js: browser.search.selectedEngine - nciku
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&source=iglk
FF - component:

c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\extensions\{6a

c85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla

firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin",

false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref

("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota",

5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input",

true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref

("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref

("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref

("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level",

2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions",

true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings",

false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref

("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri",

"https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32

\drivers\iaNvStor.sys [2007-5-4 208896]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-8-30

13744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec

shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-08-04 21:29 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-08-04 21:29 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-08-04 21:28 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-23 13:19 <DIR> --d----- c:\programdata\NOS
2009-07-21 21:09 405,204,727 a------- c:\windows\MEMORY.DMP
2009-07-16 18:16 <DIR> --d----- c:\program files\Malwarebytes Anti-Malware
2009-07-14 12:19 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 12:19 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 12:19 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 12:19 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-12 00:23 <DIR> --d----- c:\program files\Utilities

==================== Find3M ====================

2009-07-25 18:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-18 11:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 11:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 04:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 12:20 86,016 a------- c:\windows\inf\infpub.dat
2009-06-14 12:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 12:20 86,016 a------- c:\windows\inf\infstor.dat
2009-06-10 10:13 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-05-12 12:12 1,712,128 a------- c:\windows\system32\libmysql_d.dll
2008-08-30 11:59 174 a--sh--- c:\program files\desktop.ini
2008-08-30 11:37 665,600 a------- c:\windows\inf\drvindex.dat
2007-12-31 23:03 32 a------- c:\programdata\ezsid.dat
2007-12-31 23:03 32 a------- c:\progra~2\ezsid.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfc.dat
2007-09-01 09:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:34:48.13 ===============

Back to top

#17 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 08 August 2009 - 07:27 AM

Does it matter whether the infection comes through a p2p or not (not meant to argue with the rules, just curious)? I don't think the infections I've got were acquired through a p2p but this might not be provable.

The point is that using P2P is risky. P2P isn't always the culprit but as I said earlier, it has been involved in pretty big part of cases.

Could you disable word wrap in notepad (in edit format menu there) and then post those Kaspersky and DDS logs again, please? It's pretty difficult to read them because of those gaps between entries.

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

#18 Tulert

Advanced Member

Members
34 posts

Posted 08 August 2009 - 09:03 PM

Could you disable word wrap in notepad (in edit format menu there) and then post those Kaspersky and DDS logs again, please?

Sorry for that.

Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Thursday, August 6, 2009
Operating System: Microsoft Windows Vista Enterprise Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Thursday, August 06, 2009 00:42:53
Records in database: 2584686
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
E:\
F:\

Scan statistics:
Files scanned: 1271993
Threat name: 50
Infected objects: 350
Suspicious objects: 34
Duration of the scan: 26:52:21

File name / Threat name / Threats count
C:\Edited\download\Share2\Share\Share.exe Infected: not-a-virus:Client-P2P.Win32.Share.a 1
C:\Edited\download\Share2.zip Infected: not-a-virus:Client-P2P.Win32.Share.a 1

C:\PEBuilder\Bootable USB Utilities_Fuwi.zip Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1
C:\PEBuilder\USB Boot Utilities\mbrfix.exe Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1

PEBuilder => mine

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0000\4B3E038E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0001\4B3E0757.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0002\4B3E077A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0003\4B3E083F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0004\4B3E0949.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0005\4B3E0972.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0006\4B3E0A7E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80000\4FFD66C9.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80001.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80002.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80003.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80004.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80005.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80006.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0000\5FEE9FEC.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0001\5FEEA064.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0002\5FEEA0EA.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0003\5FEEA152.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0004\5FEEA21A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0005\5FEF9E5F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0006.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0007.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0008.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0009.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000B.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000C.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000D.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000E\5FEF9EF2.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0010\5FFD06BD.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0011\5FFD9D0B.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80000.VBN Infected: P2P-Worm.Win32.Kapucen.b 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: Trojan-Downloader.Win32.Agent.hjs 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: Trojan-Downloader.Win32.PurityScan.gc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80003.VBN Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80004.VBN Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN Infected: Trojan-Proxy.Win32.Horst.be 13
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN Infected: Trojan.Win32.Pakes.azc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80012.VBN Infected: P2P-Worm.Win32.Kapucen.b 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80013.VBN Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80014.VBN Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0000\4B3E038E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0001\4B3E0757.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0002\4B3E077A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0003\4B3E083F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0004\4B3E0949.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0005\4B3E0972.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine90C0006\4B3E0A7E.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80000\4FFD66C9.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80001.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80002.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80003.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80004.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80005.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDB80006.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0000\5FEE9FEC.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0001\5FEEA064.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0002\5FEEA0EA.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0003\5FEEA152.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0004\5FEEA21A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0005\5FEF9E5F.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0006.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0007.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0008.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0009.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000A.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000B.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000C.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000D.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC000E\5FEF9EF2.VBN Infected: Backdoor.Win32.Hupigon.fgvq 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0010\5FFD06BD.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\15EC0011\5FFD9D0B.VBN Infected: Trojan-Downloader.Win32.Zlob.ackb 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80000.VBN Infected: P2P-Worm.Win32.Kapucen.b 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: Trojan-Downloader.Win32.Agent.hjs 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80001.VBN Infected: Trojan-Downloader.Win32.PurityScan.gc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80003.VBN Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80004.VBN Infected: Trojan-Dropper.Win32.VB.lhn 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN Infected: Trojan-Proxy.Win32.Horst.be 13
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F8000E.VBN Infected: Trojan.Win32.Pakes.azc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80012.VBN Infected: P2P-Worm.Win32.Kapucen.b 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80013.VBN Infected: Trojan-Dropper.Win32.Delf.xo 2
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\62F80014.VBN Infected: Trojan-Dropper.Win32.Delf.xo 2
E:80828_Edited Passport\Edited-1 Nonparametric Regression.rar Infected: P2P-Worm.Win32.Kapucen.b 1
E:80828_Edited Passport\Edited-2 Infected: not-a-virus:AdWare.Win32.PurityScan.fk 1
E:80828_Edited Passport\Edited-3 Infected: Trojan-Downloader.Win32.Agent.hjs 1
E:80828_Edited Passport\Edited-4 Infected: not-a-virus:AdWare.Win32.ZenoSearch.ad 1
E:80828_Edited Passport\Edited-5 Infected: Trojan-Downloader.Win32.PurityScan.gc 1
E:80828_Edited Passport\Edited-6 Infected: P2P-Worm.Win32.Kapucen.b 1
E:80828_Edited Passport\Edited-7 Infected: Trojan-Dropper.Win32.Delf.xo 1

Edited are RARs and ZIPs

E:\Edited\Bootable USB Utilities_Fuwi.zip Infected: not-a-virus:RiskTool.Win32.MBRFix.a 1

Fuwi.zip => mine

E:90524_Blackout\Edited-8 Infected: not-a-virus:RiskTool.Win32.MBRFix.a 2
E:90524_Blackout\Edited-9 Infected: Backdoor.Win32.Hupigon.fgvq 1
E:\Edited\Eudora\Junk.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 2
E:\Edited\Eudora\Kinder.mbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
E:\Edited\Eudora\Trash.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 9
E:\Edited\Grammar_2006_AV060822.rar Infected: Trojan-Dropper.Win32.VB.lhn 1
E:\Edited 4pack_AV060910.rar Infected: Trojan-Dropper.Win32.VB.lhn 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\hijack\viruses\horst.rar Infected: Trojan-Proxy.Win32.Horst.be 13
E:\Edited\hijack\viruses\horst.rar Infected: Trojan.Win32.Pakes.azc 1
E:\Edited finder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 2
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine1D80000.VBN Infected: Email-Worm.Win32.Swen 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine1E40000.VBN Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480000.VBN Infected: Exploit.VBS.Phel.a 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480001.VBN Infected: Exploit.VBS.Phel.a 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480002.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480003.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480004.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480005.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3480006.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine3580000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine35C0000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine35C0001.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0000.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0001.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0002.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0003.VBN Infected: Backdoor.Win32.Medbot.bb 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0004.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0005.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0006.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0007.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0008.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0009.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000A.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000B.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000C.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000D.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000E.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C000F.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0010.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0011.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0012.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0013.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0014.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0015.VBN Infected: Trojan-Proxy.Win32.Horst.cm 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0016.VBN Infected: Trojan-Downloader.Win32.Agent.ajd 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0017.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0018.VBN Infected: Backdoor.Win32.Medbot.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine36C0019.VBN Infected: Backdoor.Win32.IRCBot.nw 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0004.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0005.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0006.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0007.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0008.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C0009.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C000A.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C000B.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C000C.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine38C000D.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine40C0000.VBN Infected: not-a-virus:Porn-Dialer.Win32.Generic 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680000.VBN Infected: Trojan-Downloader.Win32.Zlob.ban 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680001.VBN Infected: Trojan-Downloader.Win32.Zlob.ban 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680002.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680003.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680004.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine4680005.VBN Infected: Trojan-Downloader.Win32.Zlob.bcl 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5780000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5880001.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5880003.VBN Infected: Trojan-Downloader.Win32.Zlob.bbc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine58C0000.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine58C0001.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine58C0002.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine58C0003.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine58C0004.VBN Infected: not-a-virus:PSWTool.Win32.RAS.a 3
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40004.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40005.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40006.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40007.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40008.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine5F40009.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040000.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040001.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040002.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040003.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040006.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040007.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040008.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6040009.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine604000A.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine604000B.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine61C0000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6200000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6380000.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6380001.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6380002.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6380003.VBN Infected: Trojan-Downloader.Win32.Zlob.aui 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine6F40000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100000.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100001.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100002.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100003.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7100005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine7B00000.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280000.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280001.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280002.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280003.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280004.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280005.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280006.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280007.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280008.VBN Infected: Trojan-Proxy.Win32.Horst.ax 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD280009.VBN Infected: Trojan-Proxy.Win32.Horst.ax 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000A.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000B.VBN Infected: Trojan-Downloader.Win32.Agent.amc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000C.VBN Infected: Trojan-Proxy.Win32.Horst.be 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000D.VBN Infected: Trojan-Proxy.Win32.Horst.be 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000E.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineD28000F.VBN Infected: Trojan-Downloader.Win32.Agent.ako 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00000.VBN Infected: Trojan-Downloader.Win32.IstBar.is 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00001.VBN Infected: Trojan-Downloader.Win32.IstBar.is 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00004.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00005.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00006.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00007.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00008.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00009.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000A.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000B.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000C.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000D.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000E.VBN Infected: Email-Worm.Win32.Bagle.ek 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0000F.VBN Infected: Email-Worm.Win32.Bagle.ek 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00010.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00011.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00012.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00013.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00014.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00015.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00016.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00017.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00018.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00019.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001A.VBN Infected: Email-Worm.Win32.Mydoom.am 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001B.VBN Infected: Email-Worm.Win32.Mydoom.am 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001C.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001D.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001E.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0001F.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00020.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00021.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00022.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00023.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00024.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00025.VBN Infected: Email-Worm.Win32.Sober.p 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00026.VBN Infected: Trojan-Downloader.Win32.Bagle.g 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00027.VBN Infected: Trojan-Downloader.Win32.Bagle.g 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00028.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE00029.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0002A.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0002B.VBN Infected: Email-Worm.Win32.Bagle.cc 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0002C.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineDE0002D.VBN Infected: Trojan-Proxy.Win32.Horst.az 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineFFC0000.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\QuarantineFFC0003.VBN Infected: Trojan-Proxy.Win32.Horst.av 1
E:\Edited\ZwinkySetup2.3.50.21.ZJman000.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.dt 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\F3WPHOOK.DLL Infected: not-a-virus:Monitor.Win32.Agent.c 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\M3IDLE.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.ax 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\M3SLSRCH.EXE Infected: not-a-virus:AdTool.Win32.MyWebSearch.cl 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.du 1
E:\Edited\Program Files\MyWebSearch\bar\1.bin\MWSOEPLG.DLL Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.du 1
E:\Edited\Program Files\Qualcomm\Eudora\Junk.mbx Suspicious: Trojan-Spy.HTML.Fraud.gen 11
E:\Edited\Program Files\Qualcomm\Eudora\Kinder.mbx Infected: Trojan-Spy.HTML.Bayfraud.ib 1
E:\Edited 10-2006.rar Infected: P2P-Worm.Win32.Kapucen.b 1
E:\Edited le0.47c.zip Infected: not-a-virus:AdWare.Win32.Shopper.k 1
E:\Edited RBS(1).zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited RBS.zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited RBS.zip Infected: Trojan-Dropper.Win32.Delf.xo 2
E:\Edited Infected: not-a-virus:AdWare.Win32.Ucmore.a 1
E:\Edited Infected: not-a-virus:AdWare.Win32.Ucmore 1
E:\Edited\vnc-3.3.3r9_x86_win32\vnc_x86_win32\vncviewer\vncviewer.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
E:\Edited\vnc-3.3.3r9_x86_win32.zip Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.333 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
E:\Edited\Eudora\Trash.mbx Suspicious: Exploit.HTML.Iframe.FileDownload 2
E:\Edited 1300.exe Infected: not-a-virus:AdWare.Win32.OnFlow.d 1
The selected area was scanned.

Back to top

#19 Tulert

Advanced Member

Members
34 posts

Posted 08 August 2009 - 09:05 PM

DDS

DDS (Ver_09-06-26.01) - NTFSx86
Run by Administrator at 12:32:52.02 on 08/07/2009 Fri
Internet Explorer: 7.0.6001.18000 BrowserJavaVersion: 1.6.0_14
AV: Symantec AntiVirus *On-access scanning enabled* (Updated) {FB06448E-52B8-493A-90F3-E43226D3305C}
SP: Symantec AntiVirus *enabled* (Updated) {6C85A515-B91D-4D2B-AF18-40984A4A8493}
SP: Windows Defender *disabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: SUPERAntiSpyware *enabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ibmpmsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Juniper Networks\Common Files\dsNcService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe
C:\Windows\System32\TPHDEXLG.exe
C:\Program Files\Common Files\Lenovo\Scheduler\tvtsched.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Lenovo\System Update\SUService.exe
C:\Program Files\Common Files\LogiShrd\LVCOMSER\LVComSer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\ThinkVantage\PrdCtr\LPMGR.EXE
C:\Windows\System32\TpShocks.exe
C:\Windows\System32\tp4serv.exe
C:\Program Files\Common Files\LogiShrd\LComMgr\Communications_Helper.exe
C:\Program Files\Logitech\QuickCam\Quickcam.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Google\Google Pinyin\GooglePinyinDaemon.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Common Files\Lenovo\Scheduler\scheduler_proxy.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Lenovo\Message Center Plus\MCPLaunch.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Windows\system32\wuauclt.exe
C:\DOWNLOAD\PROCESSEXPLORER\PROCEXP.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\AcroTray.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows Live\Toolbar\wltuser.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\Java\jre6\bin\jp2launcher.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Users\Administrator\AppData\Local\Temp\jkos-Administrator\binaries\ScanningProcess.exe
C:\Windows\System32\notepad.exe
C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\Symantec AntiVirus\SavUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\System32\mspaint.exe
C:\Windows\system32\NOTEPAD.EXE
c:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Users\Administrator\Desktop\dds.scr
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uStart Page = hxxp://www.google.com/
uSearch Bar = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.google.com
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Skype add-on (mastermind): {22bf413b-c6d2-4d91-82a9-a0f997ba588c} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {e15a8dc0-8516-42a1-81ea-dc94ec1acf10} - c:\program files\windows live\toolbar\wltcore.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: &Windows Live Toolbar: {21fa44ef-376d-4d53-9b0f-8a89d3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No File
TB: Adobe PDF: {47833539-d0c5-4125-9fa8-0819e2eaac93} - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [DAEMON Tools] "c:\program files\daemon tools\daemon.exe" -lang 1033
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
uRun: [MsnMsgr] "c:\program files\windows live\messenger\MsnMsgr.Exe" /background
uRun: [wclock] "c:\users\administrator\appdata\roaming\google\wclock.exe" 2
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [PWMTRV] rundll32 c:\progra~1\thinkpad\utilit~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
mRun: [BLOG] rundll32 c:\progra~1\thinkpad\utilit~1\BTVLogEx.DLL,StartBattLog
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [LPManager] c:\progra~1\thinkv~1\prdctr\LPMGR.exe
mRun: [TpShocks] TpShocks.exe
mRun: [TrackPointSrv] tp4serv.exe
mRun: [LogitechCommunicationsManager] "c:\program files\common files\logishrd\lcommgr\Communications_Helper.exe"
mRun: [LogitechQuickCamRibbon] "c:\program files\logitech\quickcam\Quickcam.exe" /hide
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Google IME Autoupdater] "c:\program files\google\google pinyin\GooglePinyinDaemon.exe"
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [TVT Scheduler Proxy] c:\program files\common files\lenovo\scheduler\scheduler_proxy.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AdobeCS4ServiceManager] "c:\program files\common files\adobe\cs4servicemanager\CS4ServiceManager.exe" -launchedbylogin
mRun: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
mRun: [Message Center Plus] c:\program files\lenovo\message center plus\MCPLaunch.exe /start
mRun: [Adobe Acrobat Speed Launcher] "c:\program files\adobe\acrobat 9.0\acrobat\Acrobat_sl.exe"
mRun: [<NO NAME>]
mRun: [Acrobat Assistant 8.0] "c:\program files\adobe\acrobat 9.0\acrobat\Acrotray.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\hotsyn~1.lnk - c:\program files\palmone\HOTSYNC.EXE
StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\vpncli~1.lnk - c:\windows\installer\{c91de044-d900-4f15-bbd1-44fd9d59b277}\Icon3E5562ED7.ico
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: E&xport to Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Semagic - c:\program files\semagic\link.htm
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~1\office12\ONBttnIE.dll
IE: {77BF5300-1474-4EC7-9980-D32B190E9B07} - {77BF5300-1474-4EC7-9980-D32B190E9B07} - c:\program files\skype\toolbars\internet explorer\SkypeIEPlugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~1\office11\REFIEBAR.DLL
DPF: {001EE746-A1F9-460E-80AD-269E088D6A01} - hxxp://Edited
DPF: {7FC1B346-83E6-4774-8D20-1A6B09B0E737} - hxxp://cid-14e08c9a5320b558.spaces.live.com/PhotoUpload/VistaMsnPUplden-us.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://Edited
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\admini~1\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\
FF - prefs.js: browser.search.selectedEngine - nciku
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/ig?hl=en&source=iglk
FF - component: c:\users\administrator\appdata\roaming\mozilla\firefox\profiles\lxskaejp.default\extensions\{6ac85730-7d0f-4de0-b3fa-21142dd85326}\platform\winnt\components\ColorZilla.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\NPinfotl.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\mozilla firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\mozilla firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\mozilla firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\mozilla firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\mozilla firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\mozilla firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");

============= SERVICES / DRIVERS ===============

R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-5-4 208896]
R0 Shockprf;Shockprf;c:\windows\system32\drivers\ApsX86.sys [2007-3-2 100656]
R1 lenovo.smi;Lenovo System Interface Driver;c:\windows\system32\drivers\smiif32.sys [2006-8-30 13744]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2009-1-15 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-1-15 55024]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-2-27 101936]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-1-15 7408]

=============== Created Last 30 ================

2009-08-04 21:29 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-08-04 21:29 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-08-04 21:28 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-07-23 13:19 <DIR> --d----- c:\programdata\NOS
2009-07-21 21:09 405,204,727 a------- c:\windows\MEMORY.DMP
2009-07-16 18:16 <DIR> --d----- c:\program files\Malwarebytes Anti-Malware
2009-07-14 12:19 289,792 a------- c:\windows\system32\atmfd.dll
2009-07-14 12:19 156,672 a------- c:\windows\system32\t2embed.dll
2009-07-14 12:19 72,704 a------- c:\windows\system32\fontsub.dll
2009-07-14 12:19 10,240 a------- c:\windows\system32\dciman32.dll
2009-07-12 00:23 <DIR> --d----- c:\program files\Utilities

==================== Find3M ====================

2009-07-25 18:43 410,984 a------- c:\windows\system32\deploytk.dll
2009-07-18 11:06 827,904 a------- c:\windows\system32\wininet.dll
2009-07-18 11:01 78,336 a------- c:\windows\system32\ieencode.dll
2009-07-18 04:46 26,624 a------- c:\windows\system32\ieUnatt.exe
2009-07-13 13:36 38,160 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-07-13 13:36 19,096 a------- c:\windows\system32\drivers\mbam.sys
2009-06-14 12:20 86,016 a------- c:\windows\inf\infpub.dat
2009-06-14 12:20 143,360 a------- c:\windows\inf\infstrng.dat
2009-06-14 12:20 86,016 a------- c:\windows\inf\infstor.dat
2009-06-10 10:13 30,144 a------- c:\windows\system32\drivers\psadd.sys
2009-05-12 12:12 1,712,128 a------- c:\windows\system32\libmysql_d.dll
2008-08-30 11:59 174 a--sh--- c:\program files\desktop.ini
2008-08-30 11:37 665,600 a------- c:\windows\inf\drvindex.dat
2007-12-31 23:03 32 a------- c:\programdata\ezsid.dat
2007-12-31 23:03 32 a------- c:\progra~2\ezsid.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfi.dat
2006-11-02 07:42 287,440 a------- c:\windows\inf\perflib409\perfh.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfd.dat
2006-11-02 07:42 30,674 a------- c:\windows\inf\perflib409\perfc.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfi.dat
2006-11-02 04:20 287,440 a------- c:\windows\inf\perflib00\perfh.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfd.dat
2006-11-02 04:20 30,674 a------- c:\windows\inf\perflib00\perfc.dat
2007-09-01 09:21 8,192 a--sh--- c:\windows\users\default\NTUSER.DAT

============= FINISH: 12:34:48.13 ===============

Edited by Tulert, 09 August 2009 - 03:38 AM.

Back to top

#20 Blade81

Advanced Member

Volunteer Security Advisor
6557 posts

Posted 08 August 2009 - 09:26 PM

Hi,

Looks like beginning part of DDS log got cut off. Please post complete log.

Of those Kaspersky findings remove those you're not familiar with. Email related findings have to be handled by opening correspondent email file and delete suspicious looking email messages in. Those items in quarantine folder can be ignored. You should be able to clear them thru Symantec Antivirus.

How is the system running now?

Microsoft MVP Consumer Security 2008 2009 2010 2011 2012

ASAP & UNITE member since 2006

I don't help with logs thru PM so don't bother to post me one. If you have problems create a thread in the forum, please.
Don't post your log into other user's topic, create a new one.

Provided removal instructions are meant to be used in the correspondent user's case only.

Please use "Reply to this topic" -button while replying.

Back to top

Next

Back to Resolved/Inactive HijackThis Logs

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users