sroczynski
2008-04-17, 19:16
Downloaded zlob.downloader.vdt, I cannot start my computer in safemode using f5 or f8, I cannot remove the file either. Please help me. Here are my scan results.
Teresa
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 8:29:39 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/04/2008
Kaspersky Anti-Virus database records: 711126
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 43226
Number of viruses found: 12
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:32:42
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Desktop\WinSpyKillerSetup.exe Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe WiseSFXDropper: infected - 3 skipped
C:\Documents and Settings\Jill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe WiseSFX: infected - 3 skipped
C:\Program Files\iMesh\iMeshV7.exe WiseSFXDropper: infected - 3 skipped
C:\Program Files\iMesh Applications\iMesh MediaBar\MediaBar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\NetProject\sbun.exe_old Infected: Trojan-Downloader.Win32.Zlob.lhb skipped
C:\Program Files\NetProject\scu.exe_old Infected: Trojan-Downloader.Win32.Zlob.lhd skipped
C:\Program Files\Norton AntiVirus\Quarantine\0FE61107 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\22B7653D Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\261F4DA3 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A5268BC Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\47177FCC Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EBE7834 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126695.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126696.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126702.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126703.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126767.exe Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126790.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126791.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126818.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126819.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126826.dll Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126830.exe Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126831.dll Infected: Trojan-Downloader.Win32.Zlob.lgz skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126832.exe Infected: Trojan-Downloader.Win32.Zlob.lhd skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126833.exe Infected: Trojan-Downloader.Win32.Zlob.lhb skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\change.log Object is locked skipped
C:\WINDOWS\cmwtmf.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ae skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\892267\892267.dll Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\rg4uu12g.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\WinStat13.dll Infected: not-a-virus:AdWare.Win32.Winsta.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\zyudjofkua.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.aj skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:12 PM, on 4/17/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jill\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [sujk] C:\WINDOWS\System32\sujk.exe
O4 - HKCU\..\Policies\Explorer\Run: [art] C:\WINDOWS\System32\art.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - C:\WINDOWS\System32\vualf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 6894 bytes
sroc
Teresa
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, April 16, 2008 8:29:39 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 16/04/2008
Kaspersky Anti-Virus database records: 711126
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
Scan Statistics:
Total number of scanned objects: 43226
Number of viruses found: 12
Number of infected objects: 35
Number of suspicious objects: 0
Duration of the scan process: 01:32:42
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat Object is locked skipped
C:\Documents and Settings\All Users\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Desktop\WinSpyKillerSetup.exe Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Jill\My Documents\iMeshV7.exe WiseSFXDropper: infected - 3 skipped
C:\Documents and Settings\Jill\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jill\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe/WISE0104.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\iMesh\iMeshV7.exe WiseSFX: infected - 3 skipped
C:\Program Files\iMesh\iMeshV7.exe WiseSFXDropper: infected - 3 skipped
C:\Program Files\iMesh Applications\iMesh MediaBar\MediaBar.dll Infected: not-a-virus:AdWare.Win32.Mostofate.j skipped
C:\Program Files\NetProject\sbun.exe_old Infected: Trojan-Downloader.Win32.Zlob.lhb skipped
C:\Program Files\NetProject\scu.exe_old Infected: Trojan-Downloader.Win32.Zlob.lhd skipped
C:\Program Files\Norton AntiVirus\Quarantine\0FE61107 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\22B7653D Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\261F4DA3 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\2A5268BC Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\47177FCC Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\Program Files\Norton AntiVirus\Quarantine\6EBE7834 Infected: not-a-virus:AdWare.Win32.WebSearch.an skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126695.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126696.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126702.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126703.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126767.exe Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126790.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126791.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126818.dll Infected: Trojan-Downloader.Win32.Zlob.lgu skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126819.exe Infected: Trojan-Downloader.Win32.Zlob.lgv skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126826.dll Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126830.exe Object is locked skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126831.dll Infected: Trojan-Downloader.Win32.Zlob.lgz skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126832.exe Infected: Trojan-Downloader.Win32.Zlob.lhd skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\A0126833.exe Infected: Trojan-Downloader.Win32.Zlob.lhb skipped
C:\System Volume Information\_restore{E3968076-11F5-4503-97BB-42E12033B218}\RP500\change.log Object is locked skipped
C:\WINDOWS\cmwtmf.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.ae skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\892267\892267.dll Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\rg4uu12g.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\WinStat13.dll Infected: not-a-virus:AdWare.Win32.Winsta.a skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
C:\WINDOWS\zyudjofkua.exe Infected: not-a-virus:AdWare.Win32.BetterInternet.aj skipped
Scan process completed.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:10:12 PM, on 4/17/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Jill\Desktop\HJTInstall.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.imesh.com/sidebar.html?src=ssb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://search.imesh.com/sidebar.html?src=ssb
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.imesh.com/sidebar.html?src=ssb
R3 - URLSearchHook: (no name) - _{44F9B173-041C-4825-A9B9-D914BD9DCBB3} - (no file)
R3 - URLSearchHook: (no name) - {1BB22D38-A411-4B13-A746-C2A4F4EC7344} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: XBTP01621 - {C66AF7F0-2CF6-48cb-9F94-04EC2504B4FC} - C:\PROGRA~1\IMESHA~1\IMESHM~1\MediaBar.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: iMesh MediaBar - {B7D3E479-CC68-42B5-A338-938ECE35F419} - C:\Program Files\iMesh applications\iMesh MediaBar\MediaBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Internet Service - {51D81DD5-55B7-497F-95DB-D356429BB54E} - C:\Program Files\NetProject\wamdl.dll (file missing)
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKLM\..\Policies\Explorer\Run: [sujk] C:\WINDOWS\System32\sujk.exe
O4 - HKCU\..\Policies\Explorer\Run: [art] C:\WINDOWS\System32\art.exe
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - Startup: MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: NDWCab - http://www.neededware.com/ndw4.cab
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {11A02365-2859-4598-A9D5-4FDE99D67723} (PQIEBrowserConnector Class) - http://www.pqprintcenter.com/plugin/axversion/1611/printquick1611.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O22 - SharedTaskScheduler: hemimorphite - {12a31567-9883-4cc0-a684-ad5804394d69} - C:\WINDOWS\System32\vualf.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
--
End of file - 6894 bytes
sroc