PDA

View Full Version : Malware Infestation: Possible WM97/Luda-A Virus



emosamurai
2008-01-10, 22:32
I just launched my computer and noticed that on my desktop and within "My Computer" there were these .vbs files named "Girls.vbs" and "Money.vbs" and everywhere I look, I've got legitimately named files, but they are all vbs files. Here is the Kapersky log and my HJT log. I followed all of the instructions on the BEFORE you POST thread, ran Spybot, in regular mode and safe mode, and the only thing it's found is tracking cookies. Please help if you can!

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:23:08 PM, on 1/10/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by Dell
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\RunServices: [Win322L4oader] C:\Windows\system32\nodd.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Tartule] C:\Users\Daniel\Favorites\Tartule.lnk
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Policies\Explorer\Run: [NTSecurity] NTSecurity.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O4 - Startup: System.vbs
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 4547 bytes


By the way, my Kapersky log is too big to fit onto 1 post. Should I post it utilizing 2 posts?

Whatever else you need, please let me know. Again, please help!

katana
2008-01-14, 20:44
I'm afraid I have unpleasant news for you. You have a Very Dangerous infection on this machine.
The infection is delivered by Troj/RaHack-A (http://www.sophos.com/security/analyses/trojrahacka.html)

PLEASE NOTE:- we are not sure how much of this applies to Vista, but you should be aware of the possibility

It allows outsiders COMPLETE access to every keystroke, account, and password you use while on this machine, and complete access to any other data present...
IF this computer has been used for any kind of important data, my best recommendation is to Disconnect from Internet, Re-Format the entire drive and re-install your Operating system and Applications.

We can likely clean the infected files off the computer, and if you wish we will attempt to do so, but we cannot be sure that the infection didn't do something to your system to reduce the system security. In that instance, even after removal of the infection, you could be subject to another attack or takeover as soon as you re-connect to the Internet.

The Decision Whether to ReFormat or Not should be based on:
The use of the computer - this is the primary factor in the decision whether to re-format and re-install, or just disinfect.
The variety of malware - this influences the decision on whether to re-format and re-install, or just disinfect. IN THIS CASE we have a Backdoor Trojan, the worst kind.

If the Computer has been used for any important data, you are strongly advised to do the following, immediately:
Disconnect the infected computer from the internet and from any networked computers until the computer can be cleaned.
Back up all important data on the machine. Do not back up any Applications (programs). Those should be re-installed from the original source CDs or websites.
If you have ever used this computer for shopping, banking, or any transactions relating to your financial well being:
Call all of your banks, credit card companies, and financial institutions, informing them that you may be a victim of identity theft, and to put a watch on your accounts or change all your account numbers.
From a clean computer, change ALL your online passwords -- for ISP login, email, banks, financial accounts, PayPal, eBay, online companies, and any online forums or groups you belong to.
DO NOT change passwords or do any transactions while using the infected computer because the attacker will get the new password and transaction information.
Take any other steps you think appropriate for an attempted identity theft.

While you are deciding whether to ReFormat and Re-Install, a useful link is here: http://www.dslreports.com/faq/10063
Please let me know what you decide.

Please post the Kaspersky log, so I can see what else is present.

Do you have UAC turned off ?

emosamurai
2008-01-16, 02:17
Holy Crap!! This computer is a work computer! I spent all night last week (since this took so long to get a reply, I couldn't wait) cleaning and disinfecting it from all of the malware. Currently there is no other malware, daily scans of AVG and Trojan Remover show nothing else present.

Regedit, CMD, Task Manager, etc. all work fine, just like normal. Do you think it's still running somewhere in the background? I am at home now and won't return until tomorrow at 8:30am (CST) to that computer, what should I do first when I get back?

PLEASE respond ASAP so I can ensure that no one else at my work is infected!!!

Help!!

katana
2008-01-16, 03:12
If this is a works machine, then I recommend that you contact the IT department/person and inform them of my previous post.
This is a serious infection

# Allows others to access the computer
# Reduces system security

If you are the IT person, then I suggest you backup any files that you deem essential and then reformat.

If confidential data is stored on this machine then the risk involved is too great to try cleaning.

Here is a check list of items that you will need for a reformat.


1 - Backup Your Data
Copy all your data to a separate drive, CD, DVD, etc.
It may be a good idea to check the files that you backup with an online scanner, you don't want to be reinfected.
http://www.kaspersky.com/virusscanner

2 - Back Up Your Drivers
Particularly important if your computer was not delivered with driver CDs

Driver Genius Pro finds updates and backs up your drivers into an exe installer - very simple to re-install
Or there's the free DriverMax from http://www.innovative-sol.com

3 - Download Programs, Installers, and Updates
Make sure you have all the programs you will need to re-install such as an Antivirus, a Firewall, and, if not included on the installation disk, Microsoft's Service Pack 2 for Windows XP.
Take note of all the product keys and serial numbers. These may be on boxes, CDs, or in emails.

4 - Make Sure You Can Get Back Online
Check that you have modem drivers, set up instructions, and log-in details.

5 - Boot From The Windows CD and Install
Physically disconnect your internet cable between the computer and the modem/router
If your computer isn't set to boot from CD, look for the option to enter the BIOS setup during startup - usually Del, F1 or F2
In the BIOS, look for the option to change the order of boot devices
Select the CD drive as the first option
Save and exit

6 - Reload Drivers
Once the Windows installation is complete, re-load the drivers you save in 2 above

7 - Install Security Programs
Install your Antivirus, Firewall, and other security programs

8 - Install Any Microsoft Updates
Reconnect your computer to the internet and go to the Microsoft Updates site: http://update.microsoft.com/microsoftupdate
Download and install any required updates

9 - Install Any Programs
Finally, install any programs you need to run

If you have any questions, don't hesitate to ask.

emosamurai
2008-01-16, 03:36
I am the IT person, it's an office of 5 people. As far as confidential data, I am a graphic designer and I have an external hard drive with all of my art files, and the C drive just has essential system files and program files. Nothing too confidential....but where I am scared is that I'm on a network and attached to the network is our accounting computer. I can't have access granted to that computer. It has quick books and all of our customer data on it.

When I cleaned and disinfected it, it removed that "nodd.exe" and that "NTsecurity.exe" file because Trojan Remover said they were backdoor trojans, but do you think something can still be lingering?

katana
2008-01-16, 03:51
If those are the only files removed then yes, it is still infected.

At least one of the infections present has the following capabilities
This worm can spread over shared folders and removable media.
http://vil.nai.com/vil/content/v_143930.htm

I strongly suggest that you get a specialist company to check all your machines, and give advice for the future.
Your general security needs to be improved to prevent this happening again.

Unfortunately this forum is designed for private home PC's
We are not really equipped to deal with office networks, as all the machines need to be checked at the same time to prevent reinfection across the network.

emosamurai
2008-01-16, 04:39
Please continue to help me. I am going to work tomorrow early in the morning and try to re-install windows on my computer. Can I still post logs from HiJack and Kapersky to ensure that my computer is free? I know you said it might have spread to other computers, but before I go freaking out my boss and the rest of the staff, I need to try and totally clean out and ensure that my computer is clear and that I have the answers.

So, could you please continue to help me?

katana
2008-01-16, 14:41
The tools we use for cleaning are not recommended for use on office machines, however if you wish to continue please note :-

Neither I nor Safer Networking take any responsibility for damage to or loss of data from office/company computers if you use the tools suggested

==========================
SD Fix

DownloadSDFix (http://downloads.andymanchesta.com/RemovalTools/SDFix.exe) and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F5 key continually;
Instead of Windows loading as normal, the Advanced Options Menu should appear;
Select the first option, to run Windows in Safe Mode, then press Enter.
Choose your usual account.

Open the extracted SDFix folder and double click RunThis.bat to start the script.
Type Y to begin the cleanup process.
It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
Press any Key and it will restart the PC.
When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
(Report.txt will also be copied to Clipboard ready for posting back on the forum).
Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


Please post the Kaspersky log now.=======================

emosamurai
2008-01-16, 15:17
Can you post a link to the Kapersky scan?

katana
2008-01-16, 15:36
Kaspersky Online Scanner .
Your Antivirus and/or Antispyware may give a warning during the scan. This is perfectly normal
Go Here http://www.kaspersky.com/kos/eng/partner/default/kavwebscan.html

Read the Requirements and limitations before you click Accept.
Allow the ActiveX download if necessary
Once the database has downloaded, click Next.
Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
Click on "My Computer" and then put the kettle on!
When the scan has completed, click Save Report As...
Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.

emosamurai
2008-01-16, 15:43
Thank you, scanning now. I will post new log as soon as I finish. Could you also provide me with link to new HiJack program?

Thanks!

katana
2008-01-16, 15:44
Click here (http://www.trendsecure.com/portal/en-US/_download/HJTInstall.exe) to download HJTinstall.exe
Save HJTinstall.exe to your desktop.
Double click on the HJTinstall.exe icon on your desktop.
By default it will install to C:\\Program Files\\Trend Micro\\Hijack This.
Click I accept
Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
Click Save to save the log file and then the log will open in notepad.
Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
Come back here to this thread and Paste the log in your next reply.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

emosamurai
2008-01-16, 15:47
Here is latest HiJack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:46:36 AM, on 1/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Last.fm\LastFMHelper.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\corel\CorelDRAW Graphics Suite 13\Programs\CorelDRW.exe
C:\Program Files\adobe\Adobe Illustrator CS3\Support Files\Contents\Windows\Illustrator.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\conime.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [AVP] "C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\SYSTEM32\avgwlntf.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG7 Resident Shield Service (AvgCoreSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgrssvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 6.0 SOS\avp.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe

--
End of file - 6129 bytes

emosamurai
2008-01-16, 16:51
When I tried to run SDFix, it would launch a window and it would close very fast, and nothing would happen. I tried it many times, but to no avail.

Here is kaspersky log (split into numerous posts, it's over 80,000 characters)

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 8:38:20 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512843
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 162623
Number of viruses found: 4
Number of infected objects: 542
Number of suspicious objects: 0
Duration of the scan process: 00:52:13

Infected Object Name / Virus Name / Last Action
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$I5LGTAB.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$IDHYIJS.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$R5LGTAB.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$RDHYIJS.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-500\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-2826133206-2312993737-4083541239-500\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\$Recycle.Bin\S-1-5-21-918056312-2952985149-2686913973-500\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Bridge\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Bridge CS3\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Device Central CS3\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Help Viewer\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Illustrator CS2\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Illustrator CS3\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Photoshop CS3\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Photoshop CS3\LegalNotices.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Stock Photos\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Stock Photos CS3\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Adobe Utilities\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Illustrator 10\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\adobe\Photoshop 7.0\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Apple Software Update\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Apple Software Update\plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Apple Software Update\SoftwareUpdate.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Apple Software Update\SoftwareUpdateFiles.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Bonjour\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Broadcom\ASFConfig\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Broadcom\ASFIPMon\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Broadcom\BACS\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Broadcom\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Broadcom\WMI\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\CCleaner\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Adobe\Adobe PCD\cache\cache.db Object is locked skipped
C:\Program Files\Common Files\Adobe\Adobe PCD\pcd.db Object is locked skipped
C:\Program Files\Common Files\Adobe\caps\caps.db Object is locked skipped
C:\Program Files\Common Files\Adobe\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Apple\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Corel\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\GTK\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\InstallShield\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Java\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Macromedia\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Macrovision Shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\microsoft shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\ODBC\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Roxio Shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Services\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Services\verisign.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Sonic Shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\SpeechEngines\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\SureThing Shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\System\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Common Files\Wise Installation Wizard\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\corel\CorelDRAW Graphics Suite 13\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\corel\CorelDRAW Graphics Suite X3 Setup Files\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\corel\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\CyberLink\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\CyberLink\PowerDVD DX\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\CyberLink\Shared Files\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell\BAE\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell\Dell Welcome\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell AIO Printer A920\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell Printers\Additional Color Laser Software\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell Printers\Dell Color Laser 1320c\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Dell Printers\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\DivX\Artwork\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\DivX\AutoUpdate\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\DivX\DivX Content Uploader\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\DivX\DivX Web Player\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\DivX\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\ESET\Eset\Girls.vbs Infected: Virus.VBS.Agent.aj skipped

emosamurai
2008-01-16, 16:52
C:\Program Files\ESET\ESET NOD32 Antivirus\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\ESET\Install\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\ESET\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\faxtools\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Foxit Software\Foxit Reader\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Foxit Software\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\Drivers\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\Fonts\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\MenuData\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\MenuData\Printer1.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\MenuData\Printer2.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\MenuData\Printer3.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\MenuData\Printer4.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\Network\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\GCC Elite Series\Win98USB\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Google\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{105F3CE5-FE55-408E-BF30-E78F85BA0B12}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{281ECE39-F043-492B-8337-F2E546B5604A}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{5CD29180-A95E-11D3-A4EB-00C04F7BDB2C}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{92FD71D5-ED7E-40B2-8DF3-4B5E6F684367}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\InstallShield Installation Information\{E6E8DE8D-714A-4B5B-A84C-9DE5BBCE390F}\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Intel\Intel Matrix Storage Manager\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig1_ENU.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig2_ENU.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Intel\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Internet Explorer\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Internet Explorer\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Internet Explorer\Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Internet Explorer\SIGNUP\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iPod\Acknowledgements.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iPod\bin\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iPod\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\About iTunes.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\Acknowledgements.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\CD Configuration\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\iTunes.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\iTunesHelper.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\iTunesMiniPlayer.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\Mozilla Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\iTunes\Plug-Ins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\j2re1.4.2\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_de.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_es.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_fr.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_it.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_ja.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_ko.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_sv.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_zh_CN.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0\LICENSE_zh_TW.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\jre1.6.0_03\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Java\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Jetico\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Jetico\Translation\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\data\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\data\no_artist.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\data\no_cover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\imageformats\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\Microsoft.VC80.CRT\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Last.fm\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\LogMeIn\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\LogMeIn\x64\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\LogMeIn\x86\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\macromedia\Dreamweaver MX\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\macromedia\Extension Manager\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\macromedia\Flash 8\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\macromedia\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Microsoft CAPICOM 2.1.0.2\Lib\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Microsoft CAPICOM 2.1.0.2\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\CLIPART\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\MEDIA\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\Office10\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\OFFICE11\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\Stationery\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\microsoft office\Templates\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Miranda IM\Icons\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Miranda IM\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Miranda IM\Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Shared\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Shared\Sample1.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Shared\Sample2.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Shared\Sample3.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Movie Maker\Shared\Sample4.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\chrome\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\components\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\defaults\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\dictionaries\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\extensions\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\greprefs\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\Money.vbs Infected: Virus.VBS.Agent.aj skipped

emosamurai
2008-01-16, 16:53
C:\Program Files\mozilla firefox\plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\plugins\WMP Firefox Plugin License.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\QMCache00\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\arrow.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\arrowd.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\broken-image.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\grabber.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\loading-image.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-after-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-after-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-after.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-before-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-before-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-column-before.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-after-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-after-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-after.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-before-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-before-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-add-row-before.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-column-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-column-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-column.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-row-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-row-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\res\table-remove-row.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\searchplugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\temp\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\mozilla firefox\uninstall\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\chrome\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\chrome\icons\default\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\chrome\icons\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\chrome\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\components\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\components\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\autoconfig\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\messenger\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\pref\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\profile\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\defaults\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\dictionaries\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\dictionaries\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\extensions\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\extensions\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\components\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\extensions\talkback@mozilla.org\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\greprefs\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\greprefs\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\isp\en-US\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\isp\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\isp\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\plugins\Microsoft.VC80.CRT\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\plugins\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\dtd\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\entityTables\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\grabber.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-column-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-column-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-column.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-row-active.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-row-hover.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Mozilla Thunderbird\res\table-remove-row.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MSBuild\Microsoft\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MSBuild\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MSN\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MSXML 4.0\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Chinese_BIG5.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\CZECH.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Deutsch.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\English.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Espaol.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Franais.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Italiano.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Macedonian.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Magyar.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Nederlands.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Polski.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Russian.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Lang\Svenska.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\MWSnap\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Qualcomm\Eudora\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Qualcomm\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\PictureViewer.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\PropertyPanels\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\QTComponents\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\QTSystem\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\QTSystem\QTJava.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\QuickTime\QuickTimePlayer.Resources\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Reference Assemblies\Microsoft\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Reference Assemblies\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Roxio\Express Labeler 2\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Roxio\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Roxio\Update Manager\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Sigmatel\C-Major Audio\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Sigmatel\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.dap.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.default.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Dummies\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Help\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Includes\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Languages\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Skins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Skins\Italia.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Skins\Peace.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Updates\clsid.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Updates\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Updates\help.english.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Spybot - Search & Destroy\Updates\startup.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\SUPERAntiSpyware\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\SUPERAntiSpyware\Plugins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Uninstall Information\Money.vbs Infected: Virus.VBS.Agent.aj skipped

emosamurai
2008-01-16, 16:54
C:\Program Files\uTorrent\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\Backup\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\html\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\license.doc.vbs Object is locked skipped
C:\Program Files\winace\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\projects\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\sfxfiles\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\winace\technote.doc.vbs Object is locked skipped
C:\Program Files\Windows Calendar\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Calendar\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Defender\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Defender\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Journal\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Journal\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Journal\Templates\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Live Safety Center\History\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Live Safety Center\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Mail\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Mail\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Skins\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Media Player\Visualizations\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows NT\Accessories\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows NT\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows NT\TableTextService\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Photo Gallery\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Photo Gallery\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Sidebar\en-US\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Sidebar\Gadgets\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Sidebar\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Windows Sidebar\Shared Gadgets\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Zone Labs\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Program Files\Zone Labs\ZoneAlarm\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Adobe\Adobe PDF\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Adobe\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Adobe\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Adobe\Updater5\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Agnitum\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Agnitum\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Agnitum\Security Suite\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\ALM\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\ALM\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple\Installer Cache\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple Computer\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple Computer\Installer Cache\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple Computer\iTunes\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple Computer\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Apple Computer\QuickTime\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\CheckPoint\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\CheckPoint\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\CheckPoint\ZoneAlarm\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Corel\CorelDRAW Graphics Suite 13\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Corel\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Corel\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Dell\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Dell\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Dell\PowerDVD DX\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\ESET\ESET NOD32 Antivirus\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\ESET\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\ESET\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\FLEXnet\adobe_00080000_tsf.data Object is locked skipped
C:\ProgramData\FLEXnet\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\FLEXnet\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Google\Custom Buttons\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Google\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Google\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\ProgramData\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\ProgramData\InstallShield\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\InstallShield\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\InstallShield\UpdateService\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Kaspersky Lab\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Kaspersky Lab\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Last.fm\Client\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Last.fm\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Last.fm\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Assistance\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Crypto\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\DRM\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\HTML Help\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\IdentityCRL\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Machine Debug Manager\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Media Index\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Media Player\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\MF\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\MSDAIPP\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\ProgramData\Microsoft\Network\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Office\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Provisioning\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\RAC\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.45.Crwl Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\GatherLogs\SystemIndex\SystemIndex.45.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSStmp.log Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010001.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010002.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.ci Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010003.wsb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010004.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010005.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010006.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010007.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010008.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010009.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000B.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000C.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000D.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001000E.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010011.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010013.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010014.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010015.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010017.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\00010019.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\0001001A.wid Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\Indexer\CiFiles\INDEX.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\CiPT0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\PropMap\Used0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SecStore\CiST0000.000 Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk1.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.chk2.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Projects\SystemIndex\SystemIndex.Ntfy146.gthr Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\tmp.edb Object is locked skipped

emosamurai
2008-01-16, 16:56
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\Windows.edb Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf363C.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc\Ntf363D.tmp Object is locked skipped
C:\ProgramData\Microsoft\Search\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\User Account Pictures\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\User Account Pictures\guest.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\User Account Pictures\user.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Windows\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Windows\Templates\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Windows\Templates\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Windows Defender\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-11022006-050253.log Object is locked skipped
C:\ProgramData\Microsoft\Windows NT\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft\WPD\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft Help\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Microsoft Help\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Readme.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Sonic\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Sonic\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Backups\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Excludes\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Logs\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\Hupigon.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer1.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Snapshots\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\Spybot - Search & Destroy\Snapshots2\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\SUPERAntiSpyware.com\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\SUPERAntiSpyware.com\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\SUPERAntiSpyware.com\SUPERAntiSpyware\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\TuneUp Software\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\TuneUp Software\Money.vbs Infected: Virus.VBS.Agent.aj skipped
C:\ProgramData\TuneUp Software\TuneUp Utilities\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\SDFix\apps\dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\SDFix\apps\MD5File.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\SDFix\dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\OP_CACHE.ATR Object is locked skipped
C:\System Volume Information\OP_CACHE.IDX Object is locked skipped
C:\Users\Daniel\AppData\Local\Adobe\Updater5\aumLib.log Object is locked skipped
C:\Users\Daniel\AppData\Local\Last.fm\Client\iTunesPlugin.log Object is locked skipped
C:\Users\Daniel\AppData\Local\Last.fm\Client\LastFmHelper.log Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012008011620080117\index.dat Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{e3d1d45f-8e38-11dc-9efb-001d090632e6}.TM.blf Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{e3d1d45f-8e38-11dc-9efb-001d090632e6}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Daniel\AppData\Local\Microsoft\Windows\UsrClass.dat{e3d1d45f-8e38-11dc-9efb-001d090632e6}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\DD0DBD66d01/data.rar/SDFix/apps/dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\DD0DBD66d01/data.rar/SDFix/dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\DD0DBD66d01/data.rar/SDFix/apps/MD5File.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\DD0DBD66d01/data.rar Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\DD0DBD66d01 RarSFX: infected - 4 skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Daniel\AppData\Local\Mozilla\Firefox\Profiles\nxjljjd5.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\alm.log Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\amt.log Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\lilo23132 Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\lilo33132 Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\lilo43132 Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\lilo53132 Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\lilo63132 Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AB2.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AB3.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AC3.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AC4.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AC5.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT11AC6.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT12543.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT12544.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT12545.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT15F4A.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT15F4B.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT15F4C.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT1F82.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT1F83.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\WT1F84.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DF51.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DF5617.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DF5630.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DFA601.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DFA61A.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DFBABD.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~DFBAD6.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF4.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF5.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF6.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF7.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF8.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFF9.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMBFFA.tmp Object is locked skipped
C:\Users\Daniel\AppData\Local\Temp\~VMC00A.tmp Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Adobe\Logs\AISuitePea.log Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\Girls.vbs Infected: Virus.VBS.Agent.aj skipped
C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\cert8.db Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\formhistory.dat Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\history.dat Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\key3.db Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\parent.lock Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\search.sqlite Object is locked skipped
C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\nxjljjd5.default\urlclassifier2.sqlite Object is locked skipped

emosamurai
2008-01-16, 16:57
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. .. .. ... /[From "Donatas Pater" <Paterwbrmt@fechtclub.ch>][Date Sat, 15 Dec 2007 23:36:20 ... /card.scr Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. .. .. ... /[From "Donatas Pater" <Paterwbrmt@fechtclub.ch>][Date Sat, 15 Dec 2007 23:36:20 +0100]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. .. ... /[From "ioanna Plevyak" <ioanna461@readiminds.com>][Date Sat, 15 Dec 2007 13:05:07 +0100]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... / . .. ... / ... /[From Cindy Gaither <cjgaither@mac.com>][Date Fri, 14 Dec 2007 14:45:25 -0600]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... / . .. ... /[From "info" <Sales@jewelboxhousesdesign.com>][Date Thu, 13 Dec 2007 22:42:26 +0000]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... / . ... /[From "Jamie Willis" <jamie.willis@121cc.com>][Date Thu, 13 Dec 2007 16:34:35 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... / ... /[From "YouSendIt" <services@news.yousendit.com>][Date Wed, 12 Dec 2007 12:08:01 -0800]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbri ... /[From rick.henson@verizon.com][Date Mon, 10 Dec 2007 15:09:07 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 15:03:20 -060 ... /html Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 15:03:20 -060 ... /text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 15:03:20 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 14:57:55 -060 ... /html Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 14:57:55 -060 ... /text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 14:57:55 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12.88. . ... /[From "taylor martinez" <nitramrolyat@gmail.com>][Date Mon, 10 Dec 2007 14:50:29 - ... /UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12.88. . ... /[From "taylor martinez" <nitramrolyat@gmail.com>][Date Mon, 10 Dec 2007 14:50:29 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12.88. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 14:49:45 - ... /html Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12.88. ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 14:49:45 -0600]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD ... /[From from 76.186.41.193 by webmail-mf11.sysops.aol.com (64.12.88.224) with HTTP (WebMailUI); Mon, 10 Dec 2007 15:13:05 -0500][Date Mon, 10 Dec 2007 15:13:05 -0500]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD.org>][Date = =P5 ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 13:43:31 - ... /html Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD.org>][Date = =P5 ... /[From "Emily Ulbrich CTMS" <emily.ulbrich@gcisd.net>][Date Mon, 10 Dec 2007 13:43:31 -0600]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD.org>][Date = =P5 п Jdi8+ ... /[From Kellertrophy@aol.com][Date Mon, 10 Dec 2007 13:08:27 EST]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@c ... /[From "Zach Meeks" <zmeeks@SJD.org>][Date = =P5 п Jdi8+ x 475712E3.6040909@valleyviewproductions.com>]/text Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 10:07:41 -0700]/html/[From "Andrea Ochsner" <apochsner@kellerisd.net>][Date Wed, 05 Dec 2007 14:33:45 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 10:07:41 -0700]/html Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED/[From dave@crosstimbersmarketing.com][Date Wed, 05 Dec 2007 09:36:33 -0700]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED/[From "Stan Maddox" <stan@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:46:50 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox/[From <daniel@valleyviewproductions.com>][Date Wed, 5 Dec 2007 09:18:10 -0600]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Inbox Mail Berkeley mbox: infected - 28 skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Junk/[From "Strategies@Work, LLC" <info@StrategiesWork.com>][Date Thu, 06 Dec 2007 00:13:44 +0000]/UNNAMED/[From "Lonnie D. Price" <lonnie.price_eo@baxter.com>][Date Sun, 16 Dec 2007 21:54:01 -0700]/card.zip/card.scr Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Junk/[From "Strategies@Work, LLC" <info@StrategiesWork.com>][Date Thu, 06 Dec 2007 00:13:44 +0000]/UNNAMED/[From "Lonnie D. Price" <lonnie.price_eo@baxter.com>][Date Sun, 16 Dec 2007 21:54:01 -0700]/card.zip Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Junk/[From "Strategies@Work, LLC" <info@StrategiesWork.com>][Date Thu, 06 Dec 2007 00:13:44 +0000]/UNNAMED Infected: Trojan-Downloader.Win32.Agent.gbu skipped
C:\Users\Daniel\AppData\Roaming\Thunderbird\Profiles\5bdq9v3a.default\Mail\Local Folders\Junk Mail Berkeley mbox: infected - 3 skipped
C:\Users\Daniel\Desktop\SDFix.exe/data.rar/SDFix/apps/dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\Desktop\SDFix.exe/data.rar/SDFix/dummy.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\Desktop\SDFix.exe/data.rar/SDFix/apps/MD5File.exe Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\Desktop\SDFix.exe/data.rar Infected: Trojan.Win32.Obfuscated.na skipped
C:\Users\Daniel\Desktop\SDFix.exe RarSFX: infected - 4 skipped
C:\Users\Daniel\Desktop\Security Programs\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped

emosamurai
2008-01-16, 17:00
Alright, I've got a lot more, but I wanted to wait until I heard back from you if you want me to continue posting the log. It's WAY TOO LONG! As you can already tell I'm sure.

Please respond with further instructions for me.

katana
2008-01-16, 17:21
As you can tell from the log, you are heavily infected
Number of infected objects: 542
What Antivirus are you using now ?

Please do the following, hopefully it will remove some of those files.

Eset NOD32 Online AntiVirus

Run Eset NOD32 Online AntiVirus
http://www.eset.eu/online-scanner
Note: You will need to use Internet Explorer for this scan.

Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the activex control to install
Disable your current Antivirus software. You can usually do this with its Notfication Tray icon near the clock.
Click Start
Make sure that the option "Remove found threats" is checked, and the option "Scan unwanted applications" is checked
Click Scan
Wait for the scan to finish
Re-enable your Anvirisus software.
A logfile is created and located at C:\Program Files\EsetOnlineScanner\log.txt. Please include this on your post.

emosamurai
2008-01-16, 17:34
When I try to run the scanner, it gives me the error "Error: Update Failed (200)" and it just stalls out.

I am using FREE AVG as my antivirus.

emosamurai
2008-01-16, 17:36
Update: I disabled SpyBot's Resident Shield and it allowed the Update to progress and it's scanning now.

katana
2008-01-16, 17:44
Have you read the AVG Licensing rules ?

AVG Anti-Virus Free Edition is for private, non-commercial, single computer use only. The use of AVG Free within any organization or for commercial purposes is strictly prohibited.
http://free.grisoft.com/doc/download-free-anti-virus/us/frt/0
All the free AV's have the same rules.

I would recommend that you get the Paid version of either Kaspersky or NOD 32 installed on all the machines in the office.

In fact given the state of that machine and the fact that it is networked to other PC's ( including accounting ) I must insist that you get full Antivirus cover before we continue.

emosamurai
2008-01-16, 17:51
But if I am affected with some sort of backdoor trojan, should I be going online to purchase software? Wouldn't that information be available to the virus makers?

katana
2008-01-16, 17:57
Both company's do a free 30 day trial.

Download the package and then you can contact the sales department by phone to obtain a company License.

The respective websites have contact pages giving details on who to phone

emosamurai
2008-01-16, 17:59
So, I should download and install NOD 30-day trial for all computers, and then purchase the license for each one via the phone?

Ok, downloading trial now...

katana
2008-01-16, 18:05
http://www.eset.co.uk/support/index.php
Visit the above page, and find the location that you are posting from.

Contact ESET (NOD) and tell them how many machines that you need to cover.
They will probably have a package that gives multiple Licensing.

emosamurai
2008-01-16, 18:11
On phone with ESET now...

emosamurai
2008-01-16, 18:14
Even though I may be re-installing or reformatting my computer, and maybe other computers, it's still suggested that I install brand new anti-virus?

katana
2008-01-16, 18:16
Why not ?
You will need the AV's anyway, and it will tell you how bad the others are.

emosamurai
2008-01-16, 18:18
Good advice.

I just purchased the ESET Smart Security Business Edition for all 7 computers. I will be downloading them to the computers in a few minutes.

emosamurai
2008-01-16, 18:27
Ok, I scanned the accounting computer with Kaspersky and it found 1 infestation of something, and 4 infected files. Not nearly the amount of crap I have...

I finished the scan of the ESET online scanner and it found no threats.

emosamurai
2008-01-16, 18:30
Here is ESET Online Log:

# version=4
# OnlineScanner.ocx=1.0.0.56
# OnlineScannerDLLA.dll=1, 0, 0, 51
# OnlineScannerDLLW.dll=1, 0, 0, 51
# OnlineScannerUninstaller.exe=1, 0, 0, 49
# vers_standard_module=2798 (20080116)
# vers_arch_module=1.062 (20080115)
# vers_adv_heur_module=1.064 (20070717)
# EOSSerial=707d8507a1476b42aee2a9f9f7665b8c
# end=finished
# remove_checked=true
# unwanted_checked=true
# utc_time=2008-01-16 04:21:19
# local_time=2008-01-16 10:21:19 (-0600, Central Standard Time)
# country="United States"
# osver=6.0.6000 NT
# scanned=427666
# found=0
# scan_time=2732

What next?

katana
2008-01-16, 18:34
Install the Antivirus on each machine, update it, and then run a full scan.

When that is done run HJT on each machine post the log from your machine in your reply, and attach the HJT logs from the other machines to your post.

emosamurai
2008-01-16, 18:34
Do you want the log of the accounting KAS scan?

katana
2008-01-16, 18:36
If you have it, yes please.

Then I can tell you how bad it is :p:

emosamurai
2008-01-16, 18:38
Log of Accounting Computer:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, January 16, 2008 10:22:03 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/01/2008
Kaspersky Anti-Virus database records: 512843
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 100171
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 01:22:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Documents\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\Downloads\R148843.EXE Object is locked skipped
C:\Documents and Settings\All Users\Documents\Downloads\R166998.EXE Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.ASX Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.BMP Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\MUSIC.WMA Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\Beethoven's Symphony No. 9 (Scherzo).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Music\Sample Music\New Stories (Highway Blues).wma Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Desktop.ini Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Blue hills.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\DESKTOP.INI Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Sunset.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Water lilies.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Pictures\Sample Pictures\Winter.jpg Object is locked skipped
C:\Documents and Settings\All Users\Documents\My Videos\Desktop.ini Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Neil\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Neil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Neil\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Neil\Local Settings\History\History.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Neil\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT Object is locked skipped
C:\Documents and Settings\Neil\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Neil\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Common Files\Intuit\QuickBooks\qbsdklog.txt Object is locked skipped
C:\Program Files\ESET\cache\CACHE.NDB Object is locked skipped
C:\Program Files\ESET\infected\SIOPBKBA.NQF Infected: Trojan-Downloader.Win32.VB.aya skipped
C:\Program Files\ESET\logs\virlog.dat Object is locked skipped
C:\Program Files\ESET\logs\warnlog.dat Object is locked skipped
C:\Program Files\Intuit\QuickBooks 2006\QBWin.log Object is locked skipped
C:\Program Files\Intuit\QuickBooks 2006\Valley View 10-03-05 START.QBW Object is locked skipped
C:\Program Files\Intuit\QuickBooks 2006\Valley View 10-03-05 START.QBW.TLG Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\master.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\mastlog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\model.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\modellog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\tempdb.mdf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\Data\templog.ldf Object is locked skipped
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTBCM\LOG\ERRORLOG Object is locked skipped
C:\Program Files\Sygate\SPF\debug.log Object is locked skipped
C:\Program Files\Sygate\SPF\rawlog.log Object is locked skipped
C:\Program Files\Sygate\SPF\seclog.log Object is locked skipped
C:\Program Files\Sygate\SPF\syslog.log Object is locked skipped
C:\Program Files\Sygate\SPF\tralog.log Object is locked skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP826\A0107975.exe/stream/data0008 Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP826\A0107975.exe/stream Infected: not-a-virus:Client-IRC.Win32.mIRC.621 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP826\A0107975.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{CCA15F78-7193-4CA6-8115-2B570DD6546C}\RP893\change.log Object is locked skipped
C:\WINDOWS\$NtUninstallKB833407$\bssym7.ttf Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\pfirewall.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{21321870-A68B-48AF-BB05-C6791E1A8CB7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\Perflib_Perfdata_220.dat Object is locked skipped
C:\WINDOWS\WIADEBUG.LOG Object is locked skipped
C:\WINDOWS\WIASERVC.LOG Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

katana
2008-01-16, 18:47
That isn't good really :sick:

The file that ESET found and quarantined was Win32.VB.aya

A Backdoor is a software program that gives an attacker unauthorized access to a machine and the means for remotely controlling the machine without the user's knowledge. A Backdoor compromises system integrity by making changes to the system that allow it to by used by the attacker for malicious purposes unknown to the user.http://research.sunbelt-software.com/threatdisplay.aspx?name=Backdoor.Win32.VB.aya&threatid=69029

the other files were IRC related, I doubt that the machine was used for online chat so it means they were from the infection.
IRC is used by malware to send the stolen data.

I think you should tell your boss now :euro:

emosamurai
2008-01-16, 18:52
He already knows, I told him when I came in this morning. It doesn't help much. He's a good ole' boy from Tennessee that doesn't understand the computer world. He's trusting me to do everything and get it taken care of. The IRC was installed by a user here to chat with, but it has been un-installed for a while now, is it still on there?

What steps do I need to take now?

katana
2008-01-16, 19:30
If the IRC was installed by you, that is great news :cool:
It is not active, but it is still in system restore files.

As for next steps....


Install the Antivirus on each machine, update it, and then run a full scan.

When that is done run HJT on each machine post the log from your machine in your reply, and attach the HJT logs from the other machines to your post.

emosamurai
2008-01-16, 19:52
Alright, I am scanning all computers as we speak, and I will post HJT logs of my computer and attach HJT logs of the rest as soon as they are all done scanning.

Thanks!!

emosamurai
2008-01-16, 20:54
Here is my Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:51:28 PM, on 1/16/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\ESET\ESET Smart Security\ecls.exe
C:\Program Files\mozilla firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\Crusty.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} (OnlineScanner Control) - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O20 - Winlogon Notify: avgwlntf - C:\Windows\
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Broadcom ASF IP and SMBIOS Mailbox Monitor (ASFIPmon) - Broadcom Corporation - C:\Program Files\Broadcom\ASFIPMon\AsfIpMon.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: dlbk_device - - C:\Windows\system32\dlbkcoms.exe
O23 - Service: Dell Printer Status Watcher (DLPWD) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLPWDNT.EXE
O23 - Service: Dell Printer Status Database (DLSDB) - Dell Inc. - C:\Program Files\Dell Printers\Additional Color Laser Software\Status Monitor\DLSDBNT.EXE
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: SigmaTel Audio Service (STacSV) - SigmaTel, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

--
End of file - 4578 bytes


Attached are 3 logs: ACCT is accounting.

katana
2008-01-16, 21:12
Your log looks fine now :)

ACCT has LogMeIn installed, this is a remote access program.
If you were aware of its presence, then there is no problem with it.

Drew-- Fine

Robert --- Fine.

Apart from the the comment above on the ACCT machine, they all look good.

I would recommend giving each a scan at the Kaspersky site though, as different scanners pick up different things.

emosamurai
2008-01-16, 21:33
Can I attach KAS logs for each of them for you to analyze?

katana
2008-01-16, 21:35
Go on then :coffee:

emosamurai
2008-01-16, 23:10
Katana, my Kaspersky log is too big to post in 1 post and I don't want to take up 10 posts again, and it's too big to attach. I am going to upload it to a server and host it, and then attach it that way.

Here is the link: http://www.divshare.com/download/3500557-72c

emosamurai
2008-01-16, 23:12
I am still awaiting logs from the other computers. As soon as I get them, I will attach them as well.

emosamurai
2008-01-16, 23:14
Here is the link for the ACCT KAS log:
http://www.divshare.com/download/3500662-2dd

emosamurai
2008-01-16, 23:23
And here is the final KAS log...

http://www.divshare.com/download/3500758-9d0

katana
2008-01-17, 00:58
Your log is still showing heavy infection, we will deal with that in a moment.

ACCT is fine :bigthumb:

It looks like the infection tried to start on DREW machine unless Z:\ is a separate drive
Z:\$RECYCLE.BIN\$IBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$RBMIBWZ.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\Readme.vbs --> Virus.VBS.Agent.aj
Z:\$RECYCLE.BIN\$I7E9vbs --> Virus.VBS.Agent.aj
Z:\Recycled\Readme.vbs --> Virus.VBS.Agent.aj

Now then, your machine .... are you going to reformat it ?

emosamurai
2008-01-17, 01:00
Z:/ is a shared separate drive that both DREW and I access. It's full of art files, .eps, .ai, .cdr, etc....It's an external hard drive.

What do you suggest? Trying to clean off my infection, or should I just reformat?

katana
2008-01-17, 01:03
I'm just trying to find out some info on VBS.Agent.aj to see if it just drops files, or infects legitimate ones.

I will be back as soon as I can

emosamurai
2008-01-17, 01:04
Thank you! I'll be awaiting your response.

katana
2008-01-17, 01:36
OK, it looks like it just drops copies of itself everywhere.

Let's try this ( I take no responsibility if it doesn't work !!!!!!)




OTMoveIt
Please download the OTMoveIt2 by OldTimer (http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe).

Save it to your desktop.
Please Right-Click OTMoveIt2.exe Run as Administrator
Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Program Files\adobe\Adobe Photoshop CS3\LegalNotices.vbs
C:\Program Files\Common Files\Services\verisign.vbs
C:\Program Files\GCC Elite Series\MenuData\Printer1.vbs
C:\Program Files\GCC Elite Series\MenuData\Printer2.vbs
C:\Program Files\GCC Elite Series\MenuData\Printer3.vbs
C:\Program Files\GCC Elite Series\MenuData\Printer4.vbs
C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig1_ENU.vbs
C:\Program Files\Intel\Intel Matrix Storage Manager\Imsm_help_fig2_ENU.vbs
C:\Program Files\iPod\Acknowledgements.vbs
C:\Program Files\iTunes\About iTunes.vbs
C:\Program Files\iTunes\Acknowledgements.vbs
C:\Program Files\Java\jre1.6.0\LICENSE.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_de.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_es.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_fr.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_it.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_ja.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_ko.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_sv.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_zh_CN.vbs
C:\Program Files\Java\jre1.6.0\LICENSE_zh_TW.vbs
C:\Program Files\Last.fm\data\no_artist.vbs
C:\Program Files\Last.fm\data\no_cover.vbs
C:\Program Files\Microsoft CAPICOM 2.1.0.2\License\license.vbs
C:\Program Files\Movie Maker\Shared\Sample1.vbs
C:\Program Files\Movie Maker\Shared\Sample2.vbs
C:\Program Files\Movie Maker\Shared\Sample3.vbs
C:\Program Files\Movie Maker\Shared\Sample4.vbs
C:\Program Files\mozilla firefox\plugins\WMP Firefox Plugin License.vbs
C:\Program Files\mozilla firefox\res\arrow.vbs
C:\Program Files\mozilla firefox\res\arrowd.vbs
C:\Program Files\mozilla firefox\res\broken-image.vbs
C:\Program Files\mozilla firefox\res\grabber.vbs
C:\Program Files\mozilla firefox\res\loading-image.vbs
C:\Program Files\mozilla firefox\res\table-add-column-after-active.vbs
C:\Program Files\mozilla firefox\res\table-add-column-after-hover.vbs
C:\Program Files\mozilla firefox\res\table-add-column-after.vbs
C:\Program Files\mozilla firefox\res\table-add-column-before-active.vbs
C:\Program Files\mozilla firefox\res\table-add-column-before-hover.vbs
C:\Program Files\mozilla firefox\res\table-add-column-before.vbs
C:\Program Files\mozilla firefox\res\table-add-row-after-active.vbs
C:\Program Files\mozilla firefox\res\table-add-row-after-hover.vbs
C:\Program Files\mozilla firefox\res\table-add-row-after.vbs
C:\Program Files\mozilla firefox\res\table-add-row-before-active.vbs
C:\Program Files\mozilla firefox\res\table-add-row-before-hover.vbs
C:\Program Files\mozilla firefox\res\table-add-row-before.vbs
C:\Program Files\mozilla firefox\res\table-remove-column-active.vbs
C:\Program Files\mozilla firefox\res\table-remove-column-hover.vbs
C:\Program Files\mozilla firefox\res\table-remove-column.vbs
C:\Program Files\mozilla firefox\res\table-remove-row-active.vbs
C:\Program Files\mozilla firefox\res\table-remove-row-hover.vbs
C:\Program Files\mozilla firefox\res\table-remove-row.vbs
C:\Program Files\Mozilla Thunderbird\res\grabber.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-after.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-column-before.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-after.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-add-row-before.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-column-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-column-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-column.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-row-active.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-row-hover.vbs
C:\Program Files\Mozilla Thunderbird\res\table-remove-row.vbs
C:\Program Files\MWSnap\Lang\Chinese_BIG5.vbs
C:\Program Files\MWSnap\Lang\CZECH.vbs
C:\Program Files\MWSnap\Lang\Deutsch.vbs
C:\Program Files\MWSnap\Lang\English.vbs
C:\Program Files\MWSnap\Lang\Espaol.vbs
C:\Program Files\MWSnap\Lang\Franais.vbs
C:\Program Files\MWSnap\Lang\Italiano.vbs
C:\Program Files\MWSnap\Lang\Macedonian.vbs
C:\Program Files\MWSnap\Lang\Magyar.vbs
C:\Program Files\MWSnap\Lang\Nederlands.vbs
C:\Program Files\MWSnap\Lang\Polski.vbs
C:\Program Files\MWSnap\Lang\Russian.vbs
C:\Program Files\MWSnap\Lang\Svenska.vbs
C:\Program Files\QuickTime\QTSystem\QTJava.vbs
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.dap.vbs
C:\Program Files\Spybot - Search & Destroy\Dummies\dummy.default.vbs
C:\Program Files\Spybot - Search & Destroy\Skins\Italia.vbs
C:\Program Files\Spybot - Search & Destroy\Skins\Peace.vbs
C:\Program Files\Spybot - Search & Destroy\Updates\clsid.vbs
C:\Program Files\Spybot - Search & Destroy\Updates\desc.english.vbs
C:\Program Files\Spybot - Search & Destroy\Updates\help.english.vbs
C:\Program Files\Spybot - Search & Destroy\Updates\startup.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw120.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw32.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_bw48.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color120.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color32.vbs
C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.vbs
C:\ProgramData\Microsoft\User Account Pictures\guest.vbs
C:\ProgramData\Microsoft\User Account Pictures\user.vbs
C:\ProgramData\Spybot - Search & Destroy\Recovery\Hupigon.vbs
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer.vbs
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsExplorer1.vbs
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterTaskManager.vbs
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSystem.vbs


Return to OTMoveIt2, right click in the "Paste List of Files/Folders to be Moved" window (under the light blue bar) and choose Paste.

Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):



C:\Girls.vbs /s
C:\Money.vbs /s
C:\LegalNotices.vbs /s
C:\Readme.vbs /s


Return to OTMoveIt2, right click in the "Paste List Of Files/Patterns To Search For and Move" window (under the yellow bar) and choose Paste.

Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTMoveIt2

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Please attach the OTMI log to your reply

emosamurai
2008-01-17, 01:41
Log too big too post and/or attach.

Here's link.

http://www.divshare.com/download/3502149-264

katana
2008-01-17, 01:48
Right click - run as admin OTMoveIt Click Cleanup,
it will now connect to the internet and get a list of files to delete.
When a box pops up click YES.

Now if you scan again at Kaspersky you "should" be clean

emosamurai
2008-01-17, 01:54
Alrighty, I'm going to let Kaspersky run through the night, I'm heading home now, but when I get in tomorrow morning, if anything pops up, can I still post the logs for you to check?

katana
2008-01-17, 01:55
Yup ;)

See you tomorrow, let me know how you get on :bigthumb:

emosamurai
2008-01-17, 01:57
Thanks for everything you've done for me today! I truly don't know how to thank you.

I'll let you know tomorrow how things are...

Have a great night!

-Dan in Texas

emosamurai
2008-01-17, 16:33
Here is the newest KAS log....it's better.

Again, too big to post and to attach:

http://www.divshare.com/download/3509973-d61

katana
2008-01-17, 17:26
Congratulations your logs look clean :bigthumb:
The only files found are in system restore and recycle bin

Let’s see if I can help you keep it that way

First lets tidy up

Delete any logs we have produced and empty your recycle bin


Reset System Restore.
Now you should disable System restore to purge any infected files and then re-enable it,

Turn off System Restore.
Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Uncheck All drives
Click "Turn Off System Restore" at the prompt then click "Apply",
Restart your computer

Turn ON System Restore

Click the Vista/Start icon
Right Click Computer
Click Properties.
Click the System Protection tab.
Checkmark All drives that were selected previously
then click "Apply",
Restart your computer

The following is some info to help you stay safe and clean.
( Vista users must ensure that any programs are Vista compatible BEFORE installing )
I'm not sure how much of the following you are allowed to use, as it is designed for home use rather than commercial, but I will give you the list anyway

Online Scanners
I would recommend a scan at one or more of the following sites at least once a month.

http://www.nanoscan.com
http://www.pandasoftware.com/activescan/com/activescan_principal.htm
http://www.kaspersky.com/kos/eng/partner/71706/kavwebscan.html

AntiSpyware
AntiSpyware is not the same thing as Antivirus.
Different AntiSpyware programs detect different things, so in this case it is recommended that you have more than one.
You should only have one running all the time, the other/s should be used "on demand" on a regular basis.
All of the programs in this list have a free version,
it is worth paying for one and having "realtime" protection, unless you intend to do a manual scan often.
Spybot - Search & Destroy (http://www.safer-networking.org/) <<< A must have program It includes host protection and registry protection A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
a-squared Free (http://www.emsisoft.com/en/software/free/) <<< A good "realtime" or "on demand" scanner
AVG Anti-Spyware 7.5 (http://www.ewido.net/en/) <<< A good "realtime" or "on demand" scanner
superantispyware (http://www.superantispyware.com/) <<< A good "realtime" or "on demand" scanner
Ad-Aware 2007 Free (http://www.lavasoftusa.com/products/ad_aware_free.php) <<< A good "realtime" or "on demand" scanner

Prevention
These programs don't detect malware, they help stop it getting on your machine in the first place.
Each does a different job, so you can have more than one
Winpatrol (http://www.winpatrol.com) An excellent startup manager and then some !! Notifies you if programs are added to startup Allows delayed startup A must have addition
SpywareBlaster 3.5.1 (http://www.javacoolsoftware.com/spywareblaster.html) SpywareBlaster sets killbits in the registry to prevent known malicious activex controls from installing themselves on your computer.
SpywareGuard 2.2 (http://www.javacoolsoftware.com/spywareguard.html) SpywareGuard provides real-time protection against spyware. Not required if you have other "realtime" antispyware or Winpatrol
ZonedOut (http://www.funkytoad.com/content/view/15/33/) Formerly known as IE-SPYAD, adds a long list of sites and domains associated with known advertisers and marketers to the Restricted sites zone of Internet Explorer.
MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.zip) This little program packs a powerful punch as it blocks ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial (http://www.mvps.org/winhelp2002/hosts.htm) by WinHelp2002. Not required if you are using other host file protections

Internet Browsers
Microsoft has worked hard to make IE.7 a more secure browser, unfortunately whilst it is still the leading browser of choice it will always be under attack from the bad guys.
Using a different web browser can help stop malware getting on your machine.

Make your Internet Explorer more secure - This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.

Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialise and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.

Next press the Apply button and then the OK to exit the Internet Properties page.

If you are still using IE6 then either update, or get one of the following.
FireFox (http://www.mozilla.com/en-US/firefox/) With many addons available that make customization easy this is a very popular choice NoScript and AdBlockPlus addons are essential
Opera (http://www.opera.com/) Another popular alternative
Netscape (http://browser.netscape.com/addons) Another popular alternative Also has Addons available

Cleaning Temporary Internet Files and Tracking Cookies
Temporary Internet Files are mainly the files that are downloaded when you open a web page.
Unfortunately, if the site you visit is of a dubious nature or has been hacked, they can also be an entry point for malware.
It is a good idea to empty the Temporary Internet Files folder on a regular basis.

Tracking Cookies are files that websites use to monitor which sites you visit and how often.
A lot of Antispyware scanners pick up these tracking cookies and flag them as unwanted.
CAUTION :- If you delete all your cookies you will lose any autologin information for sites that you visit, and will need your passwords

Both of these can be cleaned manually, but a quicker option is to use a program
ATF Cleaner (http://www.atribune.org/content/view/19/2/) Free and very simple to use
CCleaner (http://www.ccleaner.com/) Free and very flexible, you can chose which cookies to keep

Also PLEASE read this article.....So How Did I Get Infected In The First Place (http://forum.malwareremoval.com/viewtopic.php?t=4959)

The last and most important thing I can tell you is UPDATE.
If you don't update your security programs (Antivirus, Antispyware even Windows) then you are at risk.
Malware changes on a day to day basis. You should update every week at the very least.

If you follow this advice then (with a bit of luck) you will never have to hear from me again :D


If you could post back one more time to let me know everything is OK, then I can have this thread archived.

Happy surfing K'

emosamurai
2008-01-17, 17:48
Where can I find those files that are in the "Recycle Bin" and "System Restore" to delete them? The recycle bin is empty, but obviously something keeps coming up.

I've turned system restore off, and I'm a little confused as to what to do next.

katana
2008-01-17, 17:56
Turn off system restore >>> reboot the machine >> Turn on system restore.
This will wipe all the restore points, and then create a fresh (clean) one.
You are best doing this on all the machines.

The recycle folders are
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$I5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$IDHYIJS.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$R5LGTAB.vbs"
"C:\$Recycle.Bin\S-1-5-21-2708822051-1969383407-3736298607-1000\$RDHYIJS.vbs"
"C:\Users\Daniel\Desktop\SDFix.exe"
"D:\$RECYCLE.BIN\S-1-5-21-2708822051-1969383407-3736298607-1000\Money.vbs"
"G:\$RECYCLE.BIN\$IBMIBWZ.vbs"
"G:\$RECYCLE.BIN\$RBMIBWZ.vbs"
"G:\$RECYCLE.BIN\Readme.vbs"
"G:\$RECYCLE.BIN\$I7E9vbs"
"G:\Recycled\Readme.vbs"

The ones on C:\ are most likely from different accounts on the machine.
You would need to log into each account and empty the bin.

I don't know where G:\ is located, is it an external drive or a physical drive on another machine ?

emosamurai
2008-01-17, 18:00
G:/ is the same as DREW's Z:/, it's the external hard drive.

katana
2008-01-17, 18:04
I'm not sure how to empty recycle on a external drive, but I have just found this.


With External HD turned ON (so Windows can see it)
Do this:
R click Recycle Bin
Hit Properties.
Setup box w/tabs comes up.
On 1st tab put bullet in Global
Hit Apply, OK.
Now Recycle Bin will recieve all deleted files/folders from BOTH drives.

AND now you can also *SEE* what was deleted from External HD (source drive letter will show in Recycle Bin).

Give it a try and let me know what happens

emosamurai
2008-01-17, 18:08
I went to Properties on the Recycle Bin, but those options aren't available. There is no GLOBAL or a place for a bullet.

katana
2008-01-17, 18:21
Have you tried looking on the G:\ and D:\ drives to see if there is a recycle bin there ?

Or you could do a search for
Readme.vbs and Money.vbs ( make sure you select search everywhere )
and then delete them. As they are already in recycle this will remove them completely

emosamurai
2008-01-17, 18:32
Ok, so I found some .vbs files, but they are located on the External HD, under System Volume Information and within a restore folder. But I followed your directions, turning system restore off and then on again, with 2 restarts, but does that work for an external HD?

When I try to delete the vbs files on the HD under System Volume Information, nothing happens.

katana
2008-01-17, 18:39
When you go through the options for system restore, you should see an option for the external drive.
Make sure you UN- select it, that will stop windows from checking it.
You may need to do the same for all machines that link to it, I am not sure how it works on a network like that.

emosamurai
2008-01-17, 18:45
As you can see from this screenshot, it only lists my C drive, and the Dell Installed D drive, which is just a RECOVER drive, nothing but system files on that one, don't use it for anything.

So I don't know how to adjust system restore settings for that External.

http://farm3.static.flickr.com/2350/2199241729_6bc23c531e_o.jpg

katana
2008-01-17, 18:47
What make of drive is it ?

Which machine was it connected to first ?

emosamurai
2008-01-17, 18:51
It's a Maxtor OneTouch and it's connected directly to my computer. DREW can access it through the network, but that's it.

http://images.techtree.com/ttimages/story/maxtor-onetouch-80-USB.jpg

katana
2008-01-17, 18:58
What options do you get if you right click >> properties on G:\ ?

emosamurai
2008-01-17, 19:01
http://farm3.static.flickr.com/2235/2200063518_6836824b7e.jpg?v=0

katana
2008-01-17, 19:11
Well, if you click the clean up button there that will sort the recycle bin problems :)

did you install any software for the Maxtor drive ?
According to the website it is something called "FreeAgent Pro" there should be an option in there to disable system restore on that drive

emosamurai
2008-01-17, 21:27
I don't seem to have that application installed and can't find the disk.

katana
2008-01-17, 21:35
Let's see if we can find something relating to the Maxtor drive

Installed Programs
Please could you give me a list of the programs that are installed.
Start HijackThis
Click on the Config button
Click on the Misc Tools button
Click on the Open Uninstall Manager button.

You will see a list with the programs installed in your computer.
Click on save list button and specify where you would like to save this file.
When you press Save button a notepad will open with the contents of that file.
Simply copy and paste the contents of that notepad into your next post.

emosamurai
2008-01-17, 21:44
Adobe Anchor Service CS3
Adobe Asset Services CS3
Adobe Bridge CS3
Adobe Bridge Start Meeting
Adobe Camera Raw 4.0
Adobe CMaps
Adobe Color Common Settings
Adobe Color Common Settings
Adobe Color EU Extra Settings
Adobe Color JA Extra Settings
Adobe Color NA Recommended Settings
Adobe Default Language CS3
Adobe Device Central CS3
Adobe ExtendScript Toolkit 2
Adobe ExtendScript Toolkit 2
Adobe Flash Player ActiveX
Adobe Flash Player Plugin
Adobe Fonts All
Adobe Help Viewer CS3
Adobe Illustrator 7.0.1
Adobe Illustrator CS3
Adobe Illustrator CS3
Adobe Linguistics CS3
Adobe PDF Library Files
Adobe Setup
Adobe Setup
Adobe Setup
Adobe Shockwave Player
Adobe Stock Photos CS3
Adobe Type Support
Adobe Update Manager CS3
Adobe Version Cue CS3 Client
Adobe WinSoft Linguistics Plugin
Adobe XMP Panels CS3
Apple Mobile Device Support
Apple Software Update
Broadcom ASF Management Applications
Broadcom Management Programs
Browser Address Error Redirector
CCleaner (remove only)
CorelDRAW Graphics Suite X3
CorelDRAW Graphics Suite X3
Dell ETS Factory Installation
Dell Printer Software
Dell System Customization Wizard
DivX Content Uploader
DivX Web Player
EN
ESET Online Scanner
ESET Smart Security
FontNav
Foxit Reader
GIMP 2.4.2
GTK+ Runtime 2.12.1 rev b (remove only)
HijackThis 2.0.2
Intel(R) Matrix Storage Manager
iTunes
Java(TM) 6 Update 3
Java(TM) SE Runtime Environment 6
Kaspersky Online Scanner
Last.fm 1.4.2.58376
LogMeIn
Microsoft Office Small Business Edition 2003
Microsoft Office XP Media Content
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (2.0.0.11)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB941833)
MWSnap 3
NVIDIA Drivers
PDF Settings
PowerDVD
QuickTime
Roxio Creator Audio
Roxio Creator BDAV Plugin
Roxio Creator Copy
Roxio Creator Data
Roxio Creator DE
Roxio Creator Tools
Roxio Express Labeler
Roxio Update Manager
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Sonic Activation Module
SpamBayes 1.0.4
Spybot - Search & Destroy
Trojan Remover 6.6.5
Update Manager
User's Guides
WinAce Archiver
Windows Live OneCare safety scanner
Windows Media Player Firefox Plugin

katana
2008-01-17, 21:57
There is nothing there that we need.

Is there an .exe on the G:\ drive ?
I am wondering if those system restore files are related to the Maxtor one touch facility.
The program to run it would probably be on the external drive itself

emosamurai
2008-01-17, 22:01
No .exe on the G: drive. There's nothing on the disk but folders of all of the art. Nothing else.

katana
2008-01-17, 22:05
Ok, I'm stumped :mad:

Technically, if you can't find out how to delete them then you can't restore them.
So they are safe where they are.

The only thing I can suggest is try one of the tech forums or even contact Maxtor.

emosamurai
2008-01-17, 22:13
Ok, I'll keep checking and see what I can find. Maybe deleting them in safe mode will work, who knows?

But as far as malware is concerned, virus, etc., everything seems to be working great! I can't thank you enough for all of your help and patience.

I'll bookmarks those sites you sent and enact a much better secure environment here at work. I also appreciate you making an exception and helping me here at work. You don't know how much you've done!!! :)

For official purposes, you can now archive this post. emosamurai's computer is clean and working efficiently now, by way of katana!!

If I ever need any help (hopefully never again), you know who I'm coming to. :D: