PDA

View Full Version : Nasty Virus: Browser Helper Object (BHO) / IE Hijacker / Trojan



kileyp
2008-07-25, 20:10
Greetings,

I've got a nasty virus with the following characteristics (Hijack This logfile also pasted below):


Cannot launch IE explorer... so no internet access
Cannot install Spybot
SpywareGuard identifies a neverending stream of BHO alerts (usually located under C:\Windows\system32\hGVnNhij.dll
Spysweeper identifies the following viruses, but cannot remove them, including:



Adware found: coolwebsearch (cws)
Adware found: submithook
Adware found: cws gonnasearch
Adware found: cws_cassandra
Adware found: tubby toolbar
Adware found: zenosearchassistant
Adware found: virtumonde
Trojan downloader


Various pop-ups that warn of computer viruses, such as:


Internet attack attempt detected: Somebody's trying to infect your PC with spyware or harmful viruses. Run FULL SYSTEM SCAN..."
Windows Security Center system warning: Alert details file: qtasks.exe; Threat: CoolWebSearch; To remove detected threat you need to update windows antispyware protection. Click here to visit Windows Security Center web site...
Your Security and prvacy are at risk! Spyware has been detected on you computer! Click here to run a FULL SYSTEM SCAN to protect your data...
Replaced my background with permanent wallpaper that says "Warning: Spyware threat has been detected on your PC. Your computer has several fatal errors due to spyware activity. It is strongly recommened to install an antispyware software to close all security vulnerabilities. Antispyware software helps protect your PC against spyware and other security threats. Click Here to scan your PC for Spyware...
Warning: Your comnputer is infected with spyware! Help to protect your computer and remove spyware! Click here for more information...
Web page unavailable while offline: The Web page you requested is not available offline. To view this page, click Connect.
Windows Security Center system warning; Alert details; File: clrssn.exe; Threat: CoolWebSearch; Possible spyware infection has been detected on your computer by Windows Security Center. To remove detected threat you need to update Windows antispyware protection...
Internet attach attempt detected: Somebody's trying to infect your PC with spyware or harmful viruses. Run FULL SYSTEM SCAN to protect your system from Internet attacks, hijacking attempts and spyware. Click here for the list of available security updates...
Your computer is working slowly. Slow operation speed might have been caused by spyware. Download the latest...
Windows Security Center: Possible spyware infection detected. You need to update Windows antispyware protection to remove detected spyware from your computer. Click here for details...; Threat Name: Trojan Downloader.XS Risk Level (picture of 5 red boxes). Resources: How to remove: TrojanDownloader.XS; To remove detected threat please click here...





Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:58 AM, on 7/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Webroot\Spy Sweeper\SafeSweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,bbngxeh.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{40-0D-DF-F4-DW}] "C:\windows\system32\rwwnw64d.exe" DWram02FF
O4 - HKLM\..\Run: [40a40d5b] rundll32.exe "C:\WINDOWS\system32\ushjuchq.dll",b
O4 - HKLM\..\Run: [{f296f323-400c-b224-4cdf-7abf369098a7}] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] C:\WINDOWS\system32\tcntptdm.exe DWram02FF
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooff] C:\Program Files\Common Files\ooff\ooffm.exe
O4 - HKCU\..\Run: [vkbqo] C:\WINDOWS\system32\avpxny.exe reg_run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Policies\Explorer\Run: [{40A40DF4-031D-1033-1223-040826040001}] "C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntptdm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 8753 bytes

kileyp
2008-07-25, 21:14
To clarify, the Trojan found by SpySweeper is:

Trojan Horse found: trojan.gen

Please help!!!

kileyp
2008-07-26, 19:48
Just trying to get this moved back up on the list. Anyone out there with ideas on how to fix this?

tashi
2008-07-26, 22:51
Just trying to get this moved back up on the list. Anyone out there with ideas on how to fix this?

Hello kileyp,

Apprantly you missed the forum stickies.

In particular:
Post here if still waiting for help in the Malware Forum, (AFTER) FOUR days (http://forums.spybot.info/showthread.php?t=1137)



Please do not bump your thread, it will set your post date forward and add to your post count in the thread. Leading our volunteers to believe you are already being helped because they look for topics with no replies.

Topics started over a weekend/holiday may experience delay, as volunteer helpers also spend time with family etc.

Aside from which, the forum is busy and others have been waiting longer than a day, more victims than analysts at all help sites.

Regards.

Blade81
2008-07-30, 11:42
Hi

Post a fresh hjt log taken in normal mode, please :)

kileyp
2008-08-01, 09:39
Thanks so much for taking a look at this! Here is a fresh log.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:06 AM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\444.470
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\Rundll32.exe
C:\WINDOWS\system32\tcntptdm.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe,bbngxeh.exe,C:\WINDOWS\system32\uoyzsydz.exe,
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] "C:\Program Files\HPQ\Default Settings\cpqset.exe"
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [{40-0D-DF-F4-DW}] "C:\windows\system32\rwwnw64d.exe" DWram02FF
O4 - HKLM\..\Run: [40a40d5b] "rundll32.exe" "C:\WINDOWS\system32\ushjuchq.dll",b
O4 - HKLM\..\Run: [{f296f323-400c-b224-4cdf-7abf369098a7}] "C:\WINDOWS\System32\Rundll32.exe" "C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll" DllStart
O4 - HKLM\..\Run: [ExploreUpdSched] "C:\WINDOWS\system32\tcntptdm.exe" DWram02FF
O4 - HKLM\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ooff] C:\Program Files\Common Files\ooff\ooffm.exe
O4 - HKCU\..\Run: [vkbqo] C:\WINDOWS\system32\avpxny.exe reg_run
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Policies\Explorer\Run: [{40A40DF4-031D-1033-1223-040826040001}] "C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe" mc-110-12-0000140
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Deewoo.lnk = C:\WINDOWS\system32\tcntptdm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - C:\WINDOWS\444.470.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 10145 bytes

Blade81
2008-08-01, 10:01
Hi :)


Disable SpySweeper's realtime protection.

Open Spysweeper and click on Options
Choose Program Options and uncheck
load at windows
startup
.
On the left click
shields
and then uncheck everything.
Uncheck
home page shield
.
Uncheck
automatically restore default without notification
.
Exit the program.


A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine by running ComboFix. This tool is not a toy and not for everyday use.

1. Download combofix from any of these links and save it to Desktop:
Link 1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link 2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Link 3 (http://subs.geekstogo.com/ComboFix.exe)

**Note: It is important that it is saved directly to your desktop**

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you (C:\ComboFix.txt). Post that log & a fresh hjt log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.

If you have problems with Combofix usage, see here (http://www.bleepingcomputer.com/combofix/how-to-use-combofix)

kileyp
2008-08-01, 17:29
Hello,

I disabled all SpySweeper shields. However, Combofix will not launch from the infected computer.

Since I do not have internet access on the infected computer, I downloaded Combofix to the desktop of my healthy computer, copied it to a jump drive, and moved it to the desktop of my infected computer and double clicked. Nothing happens. I also tried a right click and "open as", and disabled the virus protection option. But that did not work either.

However, when I attempt to launch combofix from my healthy computer, it works. This is exactly what happened when I tried to load Spybot on my infected computer.

Any other ideas?

Blade81
2008-08-01, 22:24
Hi

Rename ComboFix.exe -> ComboFxx.exe and then try running again.

kileyp
2008-08-02, 00:12
Computer is looking a lot better... but Spyware Guard did pick up a few DLL warnings upon restart.

Combofix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-01 16:17:47.1 - NTFSx86
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\#SharedObjects\77HEMU9G\interclick.com
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\#SharedObjects\77HEMU9G\interclick.com\ud.sol
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\kileyp\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Ssk.log
C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\Deewoo.lnk
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\{40A40~1
C:\Program Files\outlook
C:\Program Files\winupdates
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\temp\tn3
C:\WINDOWS\444.470
C:\WINDOWS\accesss.exe
C:\WINDOWS\astctl32.ocx
C:\WINDOWS\avpcc.dll
C:\WINDOWS\clrssn.exe
C:\WINDOWS\cpan.dll
C:\WINDOWS\ctfmon32.exe
C:\WINDOWS\ctrlpan.dll
C:\WINDOWS\default.htm
C:\WINDOWS\directx32.exe
C:\WINDOWS\dnsrelay.dll
C:\WINDOWS\Downloaded Program Files\Temp
C:\WINDOWS\editpad.exe
C:\WINDOWS\explore.exe
C:\WINDOWS\explorer32.exe
C:\WINDOWS\Fonts\'
C:\WINDOWS\Fonts\a.zip
C:\WINDOWS\funniest.exe
C:\WINDOWS\funny.exe
C:\WINDOWS\gfmnaaa.dll
C:\WINDOWS\helpcvs.exe
C:\WINDOWS\iedll.exe
C:\WINDOWS\iexplorer.exe
C:\WINDOWS\inetinf.exe
C:\WINDOWS\internet.exe
C:\WINDOWS\keyboard1.dat
C:\WINDOWS\lfn.exe
C:\WINDOWS\loader.exe
C:\WINDOWS\mainms.vpi
C:\WINDOWS\megavid.cdt
C:\WINDOWS\msconfd.dll
C:\WINDOWS\msspi.dll
C:\WINDOWS\mssys.exe
C:\WINDOWS\msupdate.exe
C:\WINDOWS\mswsc10.dll
C:\WINDOWS\mswsc20.dll
C:\WINDOWS\mtwirl32.dll
C:\WINDOWS\muotr.so
C:\WINDOWS\newname.dat
C:\WINDOWS\notepad32.exe
C:\WINDOWS\olehelp.exe
C:\WINDOWS\qttasks.exe
C:\WINDOWS\quicken.exe
C:\WINDOWS\rundll16.exe
C:\WINDOWS\rundll32.vbe
C:\WINDOWS\searchword.dll
C:\WINDOWS\sistem.exe
C:\WINDOWS\svchost32.exe
C:\WINDOWS\svcinit.exe
C:\WINDOWS\systeem.exe
C:\WINDOWS\system32\byXNeFvV.dll
C:\WINDOWS\system32\clbdll.dll
C:\WINDOWS\system32\clbdll.old
C:\WINDOWS\system32\clbinit.dll
C:\WINDOWS\system32\ddcApMgG.dll
C:\WINDOWS\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\core.cache.dsk
C:\WINDOWS\system32\gside.exe
C:\WINDOWS\system32\hGVnNhij.dll
C:\WINDOWS\system32\hljwugsf.bin
C:\WINDOWS\system32\hssjyvdq.dll
C:\WINDOWS\system32\iifCuTNF.dll
C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll
C:\WINDOWS\system32\jihNnVGh.ini
C:\WINDOWS\system32\jihNnVGh.ini2
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\qdvyjssh.ini
C:\WINDOWS\system32\qhcujhsu.ini
C:\WINDOWS\system32\setup.exe.tmp
C:\WINDOWS\system32\tcntptdm.exe
C:\WINDOWS\system32\uoyzsydz.exe
C:\WINDOWS\system32\ushjuchq.dll
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\zxdnt3d.cfg
C:\WINDOWS\systemcritical.exe
C:\WINDOWS\time.exe
C:\WINDOWS\uninst2.htm
C:\WINDOWS\unist1.htm
C:\WINDOWS\users32.exe
C:\WINDOWS\waol.exe
C:\WINDOWS\win32e.exe
C:\WINDOWS\win64.exe
C:\WINDOWS\winajbm.dll
C:\WINDOWS\window.exe
C:\WINDOWS\winmgnt.exe
C:\WINDOWS\x.exe
C:\WINDOWS\xplugin.dll
C:\WINDOWS\xxxvideo.hta
C:\WINDOWS\y.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CLBDRIVER
-------\Legacy_MSSECURITY1.209.4
-------\Legacy_NETWORK_MONITOR
-------\Legacy_WINDOWS_OVERLAY_COMPONENTS
-------\Service_MsSecurity1.209.4


((((((((((((((((((((((((( Files Created from 2008-07-01 to 2008-08-01 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-13 01:19 . 2008-07-13 01:19 64,332 --a------ C:\WINDOWS\system32\lufhyfanuj.exe
2008-07-13 01:17 . 2008-07-13 01:17 152,265 --a------ C:\WINDOWS\system32\g25.exe
2008-07-12 13:50 . 2008-07-12 13:50 147,456 --a------ C:\WINDOWS\system32\vbzip10.dll
2008-07-12 13:48 . 2004-08-04 08:00 4,224 --a------ C:\WINDOWS\system32\beep.sys
2008-07-12 13:47 . 2008-07-13 13:25 <DIR> d-------- C:\WINDOWS\system32\sfig
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\provdll
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\olixds18
2008-07-12 13:47 . 2008-07-13 13:25 <DIR> d-------- C:\WINDOWS\system32\OBDE
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\WINDOWS\system32\imp32
2008-07-12 13:47 . 2008-07-12 13:47 <DIR> d-------- C:\Temp\stmpv4
2008-07-12 13:47 . 2008-08-01 16:23 <DIR> d-------- C:\Temp
2008-07-05 01:15 . 2008-07-05 01:15 32,768 --a------ C:\WINDOWS\system32\olixds18\olixds182328.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k [X]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S1 mrxdavv;mrxdavv;C:\WINDOWS\system32\drivers\mrxdavv.sys []
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-ooff - C:\Program Files\Common Files\ooff\ooffm.exe
HKCU-Run-Skype - C:\Program Files\Skype\Phone\Skype.exe
HKLM-Run-{40-0D-DF-F4-DW} - C:\windows\system32\rwwnw64d.exe
HKLM-Run-40a40d5b - C:\WINDOWS\system32\ushjuchq.dll
HKLM-Run-{f296f323-400c-b224-4cdf-7abf369098a7} - C:\WINDOWS\system32\jbrsjczqrmqwcvu.dll
HKCU-Explorer_Run-{40A40DF4-031D-1033-1223-040826040001} - C:\Program Files\Common Files\{40A40DF4-031D-1033-1223-040826040001}\Update.exe
ShellExecuteHooks-{FBF23B40-E3F0-101B-8488-00AA003E56F8} - shdocvw.dll
Notify-opNHXnop - opNHXnop.dll
MSConfigStartUp-ccApp - C:\Program Files\Common Files\Symantec Shared\ccApp.exe
MSConfigStartUp-HPHUPD05 - c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
MSConfigStartUp-NAV CfgWiz - C:\Program Files\Common Files\Symantec Shared\CfgWiz.exe
MSConfigStartUp-SpybotSD TeaTimer - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
MSConfigStartUp-DXDllRegExe - dxdllreg.exe


.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxps://login.yahoo.com/config/login?.src=fpctx&.done=http://www.yahoo.com&rl=1


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-01 16:57:38
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-01 17:04:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-08-01 21:04:27

Pre-Run: 40,964,628,480 bytes free
Post-Run: 43,622,240,256 bytes free

309 --- E O F --- 2008-06-22 21:21:54



Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:09 PM, on 8/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9351 bytes

Blade81
2008-08-02, 01:01
Looks better but there's still work left to do.



Open notepad and copy/paste the text in the quotebox below into it:



Driver::
mrxdavv

File::
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys

Folder::
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\imp32
C:\Temp\stmpv4

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]



Save this as
CFScript

A word of warning: Neither I nor sUBs are responsible for any damage you may have caused your machine. This tool is not a toy and not for everyday use.

http://users.pandora.be/bluepatchy/miekiemoes/images/CFScript.gif

Refering to the picture above, drag CFScript into ComboFxx.exe
Then post the resultant log.


Combofix should never take more that 20 minutes including the reboot if malware is detected.
If it does, open Task Manager then Processes tab (press ctrl, alt and del at the same time) and end any processes of findstr, find, sed or swreg, then combofix should continue.
If that happened we want to know, and also what process you had to end.


Download ATF (Atribune Temp File) Cleaner© by Atribune (http://www.atribune.org/ccount/click.php?id=1) to your desktop.

Double-click ATF Cleaner.exe to open it

Under Main choose:
Windows Temp
Current User Temp
All Users Temp
Cookies
Temporary Internet Files
Prefetch
Java Cache
*The other boxes are optional*
Then click the Empty Selected button.

If you use Firefox:
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

If you use Opera:
Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click NO at the prompt.

Click Exit on the Main menu to close the program.


Please run an online scan with Kaspersky Online Scanner (http://www.kaspersky.nl/scanforvirus-en/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, click Yes.
The program will launch and start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings and select the following:
Scan using the following Anti-Virus database:
Extended (If available, otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK.
Under
select a target to scan
, select My Computer.
The scan will take a while so be patient and let it run. As it scans your machine very deeply it could take hours to complete, Kaspersky suggests running it during a time of low activity.Once the scan is complete:
Click on the Save as Text button.
Save the file to your desktop.
Copy and paste that information into your next post if the AV content will fit into one post only. Post a fresh hjt log (without forgetting above meantioned ComboFix resultant log) too.


Note for Internet Explorer 7 users: If at any time you have trouble with the Accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75 %. Once the license has been accepted, reset to 100%.

If having a problme doing the above

Make sure that your Internet security settings are set to default values.

To set default security settings for Internet Explorer:

* Open Internet Explorer.
* Go to the Tools menu, then choose Internet Options.
* Click on the Security tab.
* Make sure that all four item (Internet, Local intranet, Trusted sites, and Restricted sites) are set to their default settings.

kileyp
2008-08-02, 18:18
Hi,

ComboFix ran and got stuck on "stage 40 completed". I waited about 10 minutes, and tried pressing "ctrl + alt + del"... but it had no effect. I tried it again 10 minutes later... and same result. I let it run overnight... and this morning it was still stuck on stage 40 completed... ctrl alt del still didn't work. I shut down manually and restarted.... Combofix did not post a log of any sort. Any ideas on what I should do next?

Blade81
2008-08-02, 19:15
Hi

Try running ComboFix with following CFScript in safe mode (http://www.computerhope.com/issues/chsafe.htm#02):


KILLALL::

Driver::
mrxdavv

File::
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\vbzip10.dll
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys

Folder::
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\imp32
C:\Temp\stmpv4

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]

kileyp
2008-08-03, 04:32
Looks like it is still infected:

Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54


Kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today &rarr;.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today &rarr;.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes

kileyp
2008-08-03, 04:35
Looks like it is still infected :sad: Here are the three logs:

Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54


Kapersky log:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today &rarr;.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today &rarr;.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Hijack This Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes

kileyp
2008-08-03, 04:37
Looks like it is still infected :sad: Logs are too big for one posting. Will post separately.


Combo Fix Log:

ComboFix 08-07-31.06 - kileyp 2008-08-02 17:37:52.3 - NTFSx86 MINIMAL
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.369 [GMT -4:00]
Running from: C:\Documents and Settings\kileyp\Desktop\ComboFxx.exe
Command switches used :: C:\Documents and Settings\kileyp\Desktop\CFScript.txt

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\drivers\mrxdavv.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\vbzip10.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\Temp\stmpv4
C:\Temp\stmpv4\bnwe7.log
C:\WINDOWS\system32\beep.sys
C:\WINDOWS\system32\g25.exe
C:\WINDOWS\system32\imp32
C:\WINDOWS\system32\imp32\keysrve.exe
C:\WINDOWS\system32\lufhyfanuj.exe
C:\WINDOWS\system32\OBDE
C:\WINDOWS\system32\olixds18
C:\WINDOWS\system32\olixds18\olixds182328.exe
C:\WINDOWS\system32\provdll
C:\WINDOWS\system32\provdll\globsetup.exe
C:\WINDOWS\system32\sfig
C:\WINDOWS\system32\vbzip10.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_MRXDAVV
-------\Service_mrxdavv


((((((((((((((((((((((((( Files Created from 2008-07-02 to 2008-08-02 )))))))))))))))))))))))))))))))
.

2008-07-25 12:35 . 2008-07-25 12:35 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35 . 2008-07-25 11:35 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30 . 2008-07-25 09:30 <DIR> d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:30 . 2008-01-04 20:34 163,696 --a------ C:\WINDOWS\system32\drivers\ssidrv.sys
2008-07-25 09:30 . 2008-01-04 20:34 21,872 --a------ C:\WINDOWS\system32\drivers\sshrmd.sys
2008-07-25 09:30 . 2008-01-04 20:34 20,336 --a------ C:\WINDOWS\system32\drivers\SSFS0BB9.sys
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Program Files\Webroot
2008-07-25 09:29 . 2008-07-25 09:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:29 . 2008-01-04 20:56 1,526,640 --a------ C:\WINDOWS\WRSetup.dll
2008-07-25 09:16 . 2008-07-25 09:25 <DIR> d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25 . 2008-07-13 16:25 <DIR> d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39 . 2008-07-13 13:39 <DIR> d-------- C:\Webroot
2008-07-12 13:47 . 2008-08-02 01:07 <DIR> d-------- C:\Temp

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-13 20:46 --------- d-----w C:\Program Files\SpywareBlaster
2008-07-13 04:54 --------- d-----w C:\Program Files\Quicken
2008-06-13 13:10 272,128 ----a-w C:\WINDOWS\system32\drivers\bthport.sys
2005-11-01 13:24 28,672 ----a-w C:\Documents and Settings\kileyp\atwbxdet.dll
2005-08-09 13:03 28,672 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcdec.dll
2005-09-27 14:00 98,304 -c--a-w C:\Program Files\mozilla firefox\plugins\atgpcext.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 12:24 1694208]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [2006-03-30 17:45 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58 282624]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [2005-02-25 15:50 139320]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" [2004-09-22 20:00 94208]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2004-04-07 15:22 4730880]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [2004-03-01 13:05 200766]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-07-30 09:33 286720]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [2004-08-05 18:23 218240]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 21:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [2006-09-07 15:51 49263]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36 256576]
"nwiz"="nwiz.exe" [2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe]
"AGRSMMSG"="AGRSMMSG.exe" [2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 08:00 15360]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35 360448]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2006-08-03 16:00:18 25214]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-24 02:05:26 29696]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2006-02-21 09:24:21 1445904]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
-ra--c--- 2003-10-07 23:40 159744 C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
--a------ 2004-03-01 13:05 200766 C:\Program Files\HPQ\Default Settings\Cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2004-08-04 08:00 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
--a------ 2004-07-30 09:33 286720 C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
--a--c--- 2003-12-22 09:38 241664 C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
--a--c--- 2003-08-04 18:28 49152 C:\Program Files\HP\HP Software Update\hpwuSchd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
--a--c--- 2003-05-22 20:55 483328 C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
--a--c--- 2004-08-04 08:00 208952 C:\WINDOWS\ime\IMJP8_1\imjpmig.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2006-10-30 10:36 256576 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 12:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
-ra------ 2004-04-07 15:22 4730880 C:\WINDOWS\system32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
--a--c--- 2004-08-04 08:00 455168 C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2006-10-25 19:58 282624 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
--a------ 2004-08-05 18:23 218240 C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a--c--- 2005-02-20 18:06 32881 C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
--a--c--- 2003-08-19 02:01 110592 C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
-ra------ 2004-01-30 03:01 88363 C:\WINDOWS\AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
-ra------ 2004-04-07 15:22 323584 C:\WINDOWS\system32\nwiz.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\NetMeeting\\conf.exe"=
"C:\\Program Files\\BearShare\\BearShare.exe"=
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R4 black;black;C:\WINDOWS\system32\drivers\BlackDrv.sys [2004-09-09 10:30]
S3 RapFile;RapFile;C:\WINDOWS\system32\drivers\RapFile.sys [2003-06-19 18:40]
S3 RapNet;RapNet;C:\WINDOWS\system32\drivers\RapNet.sys [2003-06-19 18:40]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
\Shell\AutoRun\command - E:\DTSP_Launcher.exe

*Newly Created Service* - ENTDRV51
.
Contents of the 'Scheduled Tasks' folder

2008-07-12 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

2005-03-10 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE [2003-08-13 19:38]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-02 17:44:24
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\HPQ\Default Settings\cpqset.exe????????0?6?7?3??????? ???B???????????????B? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgbhp.exe
.
**************************************************************************
.
Completion time: 2008-08-02 17:52:18 - machine was rebooted [kileyp]
ComboFix-quarantined-files.txt 2008-08-02 21:52:13
ComboFix2.txt 2008-08-01 21:04:36

Pre-Run: 44,142,141,440 bytes free
Post-Run: 43,576,942,592 bytes free

192 --- E O F --- 2008-06-22 21:21:54

kileyp
2008-08-03, 04:39
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Saturday, August 02, 2008 9:26 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 2/08/2008
Kaspersky Anti-Virus database records: 1045635
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 63804
Number of viruses found: 19
Number of infected objects: 258
Number of suspicious objects: 0
Duration of the scan process: 02:46:42

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptExceptions.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\BOPDATA\_Date-20080802_Time-174316953_EnterceptRules.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\Agent_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\PrdMgr_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\Common Framework\Db\UpdaterUI_PATRICK_KILEY_7.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\AccessProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\BufferOverflowProtectionLog.txt Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Network Associates\VirusScan\OnAccessScanLog.txt Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\cert8.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\history.dat Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\key3.db Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\parent.lock Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\search.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\kileyp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Application Data\Mozilla\Firefox\Profiles\cq3e4rz6.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF7AC0.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\temp\~DF881.tmp Object is locked skipped
C:\Documents and Settings\kileyp\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat Object is locked skipped
C:\Documents and Settings\kileyp\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Application Data\Webroot\Spy Sweeper\Data\settings.dat Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip ZIP: infected - 1 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0023.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe/WISE0027.BIN Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFX: infected - 4 skipped
C:\Program Files\BearShare\Installer\BSINSTALL.exe WiseSFXDropper: infected - 4 skipped
C:\Program Files\ISS\issSensors\DesktopProtection\blackice-service.log Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.bak Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\Masters.const Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters\masters.mst Object is locked skipped
C:\Program Files\Webroot\Spy Sweeper\Masters.base Object is locked skipped
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir Infected: Trojan.Win32.DNSChanger.eys skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir/Setup.exe Infected: Trojan-Downloader.Win32.VB.bsa skipped
C:\QooBox\Quarantine\C\WINDOWS\Fonts\a.zip.vir ZIP: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\lfn.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\byXNeFvV.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ddcApMgG.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\gside.exe.vir NSIS: infected - 1 skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\iifCuTNF.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\olixds18\olixds182328.exe.vir Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\setup.exe.tmp.vir Infected: Trojan-Downloader.Win32.VB.eyh skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\tcntptdm.exe.vir Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\uoyzsydz.exe.vir Infected: Hoax.Win32.Renos.vajj skipped
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir Infected: Trojan.Win32.Monder.gen skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip/clbdll.dll Infected: Rootkit.Win32.Clbd.ez skipped
C:\QooBox\Quarantine\catchme2008-08-01_164537.81.zip ZIP: infected - 1 skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\0Dayz Nokia Gamez Appz Torrentboyz com Pack 12.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\202 ICONs aplics.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\202 ICONs aplics.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\a.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\a.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\ABBA - Rare Collected Remixes.(WWW.FACTORFORUMS.CO.UKFORUMS).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Plugins.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Adobe Photoshop Pro CS2 v9 0 Full + Keygen.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Advanced search.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Advanced search.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Aero Glass Themes XP Version IV + 32 themes (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Air America Radio - The Al Franken Show 080406 [mp3].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Alcohol 120 retail v1 9 5 4327 + Alcohol 120 retail - v1 95 4212.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\AOL Search records for 500,000 users AOL-data tgz.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Barnyard CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Big Brother US S07E14 PDTV XviD-VSS [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Blur-The Best Of 2CD(Darkside RG).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Browse categories.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Browse categories.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Burn the Fat, Feed the Muscle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\CAPCOM CPS2 Emulator for PSP beta 4.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Copyright policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Copyright policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DC Batman - The Killing Joke (comic book).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Deadwood S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\DJ Shadow - The Outsider - (Proper Advance) - 2006 - VOiCE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Dungeon Siege 2 Broken World KEYGEN-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Jessica Simpson 1500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\EasyFileSearch com-Pamela Anderson 500+pix.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ember rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ember rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Entourage S03E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Flat Out 2 Crack Only-RELOADED.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro 4 Patch NeW Release 08-06-06 by Glbez Team Hackz zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Google Earth Pro Final And a tutorial to make it a perfect working pro (full).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review (July-August 2006) - [www slotorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review Jan 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005(1).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir/Setup.exe Infected: Worm.Win32.VB.an skipped
C:\quarantine\Harvard Business Review July-Aug 2005.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, June 2006.zip.Vir.0 ZIP: infected - 1 skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Harvard Business Review, May 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 1 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 2 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How To Do Everything With vol 3 - 6in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\How to Solve Every Sudoku (Number Place) Puzzle { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Howard the Duck Issues 1-2.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IGPX - 023 - Fate [C-W] HQ.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\IRC chat.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\IRC chat.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Justin Timberlake feat T I- My Love.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\l'Equipe du 06 08 2006 pdf.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Lucky Louie S01E09 HDTV XviD-LOL [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Marvel Civil War.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Marvel Civil War.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Mastodon - Blood Mountain [2006].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\MegaArchive 8ooo Karaoke ita fr eng esp VanBascos ByMiraiam rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Nancy Drew Danger By Design [PCCD][English][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\National Geographic August 2006.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\National Geographic August 2006.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\New WordPress blog.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\New WordPress blog.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Noein - Mou Hitori no Kimi e [Shinsen-Subs].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\p.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\p.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC Civilization IV 4 RELOADED ShadowCast.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\PC World Power Guides - Available only to Subscribers { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Privacy policy.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Privacy policy.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Rapidshare Premium Pack 2006 version 4 - 43in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage Rides Again.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Redneck Rampage.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Redneck Rampage.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Scripts 2006 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Search Cloud.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Search Cloud.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SHOCKING! British Police destroy a memorial to race victims .wmv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Show all of today &rarr;.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Show all of today &rarr;.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Simply Acoustic Various 2CD's With covers (NiTrO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Sinchronicity S01E04 WS PDTV XviD-RiVER [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\SlySoft new Update 3-8-06 - 5in1 (AIO).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Space images super-high resolution [www ultratorrent net].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Speed 2 - Cruise Control 1997 DVDrip SWE.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Spikes Women of Action 2006 WS PDTV XviD-PAP [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom( widges-den com ).zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom-ZCCUSTOMS.NET.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Talladega Nights CAM XViD-SubAtom[www moviex info].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 3x10 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The 4400 S03E10 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Ant Bully [TS-Screener][V O English+Subs Spanish][2006][www newpct com].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Beatles Complete Songbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Complete Idiots Guide To Learning French On Your Own { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Dead Zone 5x08 (DSRip-ORENJi)[VTV].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Economist 2006-08-05 { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\The Night Listener 2006 CAM XViD - SubAtom { www IPTorrents com }.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Three Moons Over Milford S01E01 DSR XviD-ORENJi [eztv].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TMPGEnc Xpress v3 3 8 117 rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Top 100 [HipHop+R&amp;B]Billboard][August-06[Vol2]+Charts[@224].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\TV Shows.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\TV Shows.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Ultimate Ghosts n Goblins Goku Makaimura - JAP-PSP.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\Upload a torrent.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\Upload a torrent.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\user-ct-test-collection-01 txt-PARTIAL rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA - Big Tunes X-Rated.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\VA-Miami Vice-OST-2006-RNS [SOUNDTRACK].zip.Vir ZIP: infected - 1 skipped
C:\quarantine\XG Step Up 06.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\XG Step Up 06.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\You're Under Arrest Artbook.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A-Keep &amp; gg] Night Head Genesis - 02 [5E35B201] mkv.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[ADC-Elites] One Piece 274 [128ABB09] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[A_Z]Greg Martin {Hi Res}.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[EMD][Zero no Tsukaima][06][GB] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[HCG] Jya no Michi wa [Hebi Soft] zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[KissSub]Innocent Venus - 02[D1F2079C]Xvid avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[maplesnow][one piece][274][jap chn][HDTV][rv10] rmvb.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Nipponsei] NARUTO BEST HIT COLLECTION 2 zip.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[PSP]Every Extend Extra[JAP] [FULL] - [www ESPALPSP com] rar.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[Shinsen-Subs] Noein 24 [FINAL][CA131F86] avi.zip.Vir ZIP: infected - 1 skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir/Setup.exe Infected: P2P-Worm.Win32.VB.dw skipped
C:\quarantine\[S^M] One Piece 274 RAW avi.zip.Vir ZIP: infected - 1 skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228019.exe Infected: Trojan.Win32.Agent.sdd skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229367.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229410.exe Infected: Trojan-Downloader.Win32.Homles.br skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229411.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP547\A0229412.sys Infected: Rootkit.Win32.Agent.aol skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP549\A0230457.EXE Infected: Backdoor.Win32.Delf.jgi skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0234961.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe/data0003 Infected: not-a-virus:AdWare.Win32.BHO.cdk skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235012.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235013.exe Infected: Hoax.Win32.Renos.vajj skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235021.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bv skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235022.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235023.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235026.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll Infected: Trojan.Win32.Monder.gen skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.bp skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235130.exe Infected: Trojan-Downloader.Win32.VB.eyc skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe Infected: Trojan.Win32.DNSChanger.eyr skipped
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

kileyp
2008-08-03, 04:40
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:28 PM, on 8/2/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9488 bytes

Blade81
2008-08-04, 12:45
Hi

IMPORTANT I notice there are signs of one or more P2P (Peer to Peer) File Sharing Programs on your computer.

BearShare


I'd like you to read the this thread (http://forums.spybot.info/showthread.php?t=282).

Please go to Control Panel > Add/Remove Programs and uninstall the programs listed above (in red).

Delete these folders afterwards:

C:\MUSIC\Bear Share
C:\Program Files\BearShare

Empty Recycle Bin.

After that:

Download Deckard's System Scanner (DSS) (http://www.techsupportforum.com/sectools/Deckard/dss.exe) to your Desktop. Note: You must be logged onto an account with administrator privileges.

Close all applications and windows.
Double-click on dss.exe to run it, and follow the prompts.
When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt<-this one will be minimized
Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt and the extra.txt to your post. in your reply

kileyp
2008-08-06, 04:26
Deckard's System Scanner v20071014.68
Run by kileyp on 2008-08-05 21:09:37
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 5 Restore Point(s) --
27: 2008-08-06 01:09:45 UTC - RP554 - Deckard's System Scanner Restore Point
26: 2008-08-03 13:00:34 UTC - RP553 - Software Distribution Service 3.0
25: 2008-08-03 01:41:36 UTC - RP552 - Software Distribution Service 3.0
24: 2008-08-02 05:06:57 UTC - RP551 - ComboFix created restore point
23: 2008-08-01 20:11:07 UTC - RP550 - ComboFix created restore point


-- First Restore Point --
1: 2008-07-13 20:12:15 UTC - RP528 - System Checkpoint


Backed up registry hives.
Performed disk cleanup.

Total Physical Memory: 511 MiB (512 MiB recommended).


-- HijackThis (run as kileyp.exe) ----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:13 PM, on 8/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\kileyp\Desktop\DSS.exe
C:\DOCUME~1\kileyp\Desktop\kileyp.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9520 bytes

-- File Associations -----------------------------------------------------------

All associations okay.


-- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled ---------------------

R1 NaiAvTdi1 - c:\windows\system32\drivers\mvstdi5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R2 ATNT40K (ActiveTouch NT Appsharing Driver) - c:\windows\system32\drivers\atnt40k.sys
R3 EntDrv51 - c:\windows\system32\drivers\entdrv51.sys <Not Verified; Network Associates, Inc; Virus Scan Enterprise, Entercept>
R3 NaiAvFilter1 - c:\windows\system32\drivers\naiavf5x.sys <Not Verified; Network Associates, Inc.; VirusScan>
R4 black - c:\windows\system32\drivers\blackdrv.sys <Not Verified; Internet Security Systems, Inc.; ICEpac>

S3 RapFile - c:\windows\system32\drivers\rapfile.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>
S3 RapNet - c:\windows\system32\drivers\rapnet.sys <Not Verified; Internet Security Systems, Inc.; Rap Protection System>


-- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------

R2 BlackICE - "c:\program files\iss\isssensors\desktopprotection\blackd.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems Inc. blackd>
R2 CCALib8 (Canon Camera Access Library 8) - c:\program files\canon\cal\calmain.exe <Not Verified; Canon Inc.; >
R2 McAfeeFramework (McAfee Framework Service) - "c:\program files\network associates\common framework\frameworkservice.exe" /servicestart <Not Verified; Network Associates, Inc.; McAfee Common Framework>
R2 McTaskManager (Network Associates Task Manager) - "c:\program files\network associates\virusscan\vstskmgr.exe" <Not Verified; Network Associates, Inc.; VirusScan Enterprise>

S3 hpqwmi (HP WMI Interface) - c:\program files\hpq\shared\hpqwmi.exe <Not Verified; Hewlett-Packard Development Company, L.P.; hpqwmi Module>
S3 RapApp - "c:\program files\iss\isssensors\desktopprotection\rapapp.exe" <Not Verified; Internet Security Systems, Inc.; Internet Security Systems, Inc. Rap Protection System>


-- Device Manager: Disabled ----------------------------------------------------

Class GUID: {4D36E972-E325-11CE-BFC1-08002BE10318}
Description: Cisco Systems VPN Adapter
Device ID: ROOT\NET\0000
Manufacturer: Cisco Systems
Name: Cisco Systems VPN Adapter
PNP Device ID: ROOT\NET\0000
Service: CVirtA


-- Scheduled Tasks -------------------------------------------------------------

2008-07-12 14:22:20 284 --a------ C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2005-03-09 22:31:34 366 --a------ C:\WINDOWS\Tasks\Symantec NetDetect.job


-- Files created between 2008-07-05 and 2008-08-05 -----------------------------

2008-08-02 18:04:10 0 d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2008-08-02 18:04:07 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-01 16:10:00 68096 --a------ C:\WINDOWS\zip.exe
2008-08-01 16:10:00 161792 --a------ C:\WINDOWS\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-08-01 16:09:59 49152 --a------ C:\WINDOWS\VFind.exe
2008-08-01 16:09:59 212480 --a------ C:\WINDOWS\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-08-01 16:09:59 136704 --a------ C:\WINDOWS\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-08-01 16:09:59 98816 --a------ C:\WINDOWS\sed.exe
2008-08-01 16:09:59 80412 --a------ C:\WINDOWS\grep.exe
2008-08-01 16:09:59 89504 --a------ C:\WINDOWS\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-25 12:35:08 0 d-------- C:\Documents and Settings\LocalService\Application Data\Webroot
2008-07-25 11:35:20 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-25 09:30:28 0 d-------- C:\Documents and Settings\NetworkService\Application Data\Webroot
2008-07-25 09:29:58 0 d-------- C:\Program Files\Webroot
2008-07-25 09:29:58 0 d-------- C:\Documents and Settings\All Users\Application Data\Webroot
2008-07-25 09:16:01 0 d-------- C:\Program Files\SpywareGuard
2008-07-13 16:25:41 0 d-------- C:\Documents and Settings\kileyp\Application Data\Webroot
2008-07-13 13:39:21 0 d-------- C:\Webroot
2008-07-13 13:32:05 0 d-------- C:\Documents and Settings\LocalService\Application Data\Identities
2008-07-13 13:26:12 0 d--h----- C:\Documents and Settings\LocalService\NetHood
2008-07-13 13:26:12 0 dr------- C:\Documents and Settings\LocalService\My Documents
2008-07-13 13:25:45 0 d-------- C:\Documents and Settings\LocalService\Start Menu
2008-07-13 13:25:45 0 dr-h----- C:\Documents and Settings\LocalService\Recent
2008-07-12 13:54:39 4718592 --a------ C:\Documents and Settings\kileyp\ntuser.dat
2008-07-12 13:49:08 0 dr------- C:\Documents and Settings\LocalService\Favorites
2008-07-12 13:47:10 0 d-------- C:\Temp


-- Find3M Report ---------------------------------------------------------------

2008-08-02 17:39:57 0 d-------- C:\Program Files\Common Files
2008-07-13 16:46:09 0 d-------- C:\Program Files\SpywareBlaster
2008-07-13 00:54:03 0 d-------- C:\Program Files\Quicken


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [10/25/2006 07:58 PM]
"McAfeeUpdaterUI"="C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" [02/25/2005 03:50 PM]
"ShStatEXE"="C:\Program Files\Network Associates\VirusScan\SHSTAT.exe" [09/22/2004 08:00 PM]
"NvCplDaemon"="RUNDLL32.exe" [08/04/2004 08:00 AM C:\WINDOWS\system32\rundll32.exe]
"nwiz"="nwiz.exe" [04/07/2004 03:22 PM C:\WINDOWS\system32\nwiz.exe]
"Cpqset"="C:\Program Files\HPQ\Default Settings\cpqset.exe" [03/01/2004 01:05 PM]
"eabconfg.cpl"="C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" [07/30/2004 09:33 AM]
"SSC_UserPrompt"="C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe" [08/05/2004 06:23 PM]
"AGRSMMSG"="AGRSMMSG.exe" [01/30/2004 03:01 AM C:\WINDOWS\AGRSMMSG.exe]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [01/12/2006 09:52 PM]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe" [09/07/2006 03:51 PM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [10/30/2006 10:36 AM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 08:00 AM]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [10/13/2004 12:24 PM]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" [03/30/2006 05:45 PM]

C:\Documents and Settings\kileyp\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [8/29/2003 7:05:35 PM]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [8/3/2006 4:00:18 PM]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [9/24/2005 2:05:26 AM]
EMC VPN Client.lnk - C:\Program Files\EMC VPN\VPN Client\vpngui.exe [2/21/2006 9:24:21 AM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WebrootSpySweeperService]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Quicken Scheduled Updates.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk
backup=C:\WINDOWS\pss\Quicken Scheduled Updates.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AGRSMMSG]
AGRSMMSG.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Apoint]
C:\Program Files\Apoint2K\Apoint.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cpqset]
C:\Program Files\HPQ\Default Settings\cpqset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\eabconfg.cpl]
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Component Manager]
"C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
"C:\Program Files\HP\HP Software Update\HPWuSchd.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon05]
C:\WINDOWS\system32\hphmon05.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IMJPMIG8.1]
"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"C:\Program Files\Messenger\msmsgs.exe" /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
nwiz.exe /install

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002A]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PHIME2002ASync]
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\qttask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
"C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b3557d82-2d83-11dc-a05a-000fb04483b2}]
AutoRun\command- E:\DTSP_Launcher.exe




-- End of Deckard's System Scanner: finished at 2008-08-05 21:13:54 ------------

kileyp
2008-08-06, 04:27
Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Home Edition (build 2600) SP 2.0
Architecture: X86; Language: English

CPU 0: AMD Athlon(tm) XP Processor 3000+
Percentage of Memory in Use: 54%
Physical Memory (total/avail): 510.98 MiB / 235 MiB
Pagefile Memory (total/avail): 1248.85 MiB / 1017.53 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1948.9 MiB

C: is Fixed (NTFS) - 74.52 GiB total, 52.2 GiB free.
D: is CDROM (CDFS)

\\.\PHYSICALDRIVE0 - TOSHIBA MK8025GAS - 74.53 GiB - 1 partition
\PARTITION0 (bootable) - Installable File System - 74.52 GiB - C:



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is enabled.

FirstRunDisabled is set.


[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows® NetMeeting®"
"C:\\Program Files\\BearShare\\BearShare.exe"="C:\\Program Files\\BearShare\\BearShare.exe:*:Disabled:BearShare"
"C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe"="C:\\Program Files\\Network Associates\\Common Framework\\FrameworkService.exe:*:Enabled:McAfee Framework Service"
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"="C:\\Program Files\\Real\\RealPlayer\\realplay.exe:*:Disabled:RealPlayer"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\kileyp\Application Data
CLASSPATH=.;C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
CLIENTNAME=Console
CommonProgramFiles=C:\Program Files\Common Files
COMPUTERNAME=PATRICK_KILEY_7
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\kileyp
LOGONSERVER=\\PATRICK_KILEY_7
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;C:\Program Files\QuickTime\QTSystem
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 12 Stepping 0, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=0c00
ProgramFiles=C:\Program Files
PROMPT=$P$G
QTJAVA=C:\Program Files\Java\jre1.5.0_09\lib\ext\QTJava.zip
SESSIONNAME=Console
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\kileyp\LOCALS~1\Temp
TMP=C:\DOCUME~1\kileyp\LOCALS~1\Temp
USERDOMAIN=PATRICK_KILEY_7
USERNAME=kileyp
USERPROFILE=C:\Documents and Settings\kileyp
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

kileyp (admin)
Administrator.PATRICK_KILEY_7 (admin)


-- Add/Remove Programs ---------------------------------------------------------

--> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
--> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
--> C:\WINDOWS\system32\\MSIEXEC.EXE /I {09DA4F91-2A09-4232-AB8C-6BC740096DE3} REMOVE=UpdateMgrFeature
--> C:\WINDOWS\system32\\MSIEXEC.EXE /x {9541FED0-327F-4df0-8B96-EF57EF622F19}
--> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
AC3Filter (remove only) --> C:\Program Files\AC3Filter\uninstall.exe
Ad-Aware SE Personal --> C:\PROGRA~1\Lavasoft\AD-AWA~1\UNWISE.EXE C:\PROGRA~1\Lavasoft\AD-AWA~1\INSTALL.LOG
Adobe Acrobat 7.0.8 Professional --> msiexec /I {AC76BA86-1033-0000-7760-000000000002}
Adobe Download Manager 2.0 (Remove Only) --> "C:\Program Files\Common Files\Adobe\ESD\uninst.exe"
Adobe Reader 6.0.1 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A00000000001}
Adobe Reader 7.0.8 --> MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A70000000000}
Agere Systems AC'97 Modem --> agrsmdel
ALPS Touch Pad Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}\setup.exe" UNINSTALL
Apple Software Update --> MsiExec.exe /I{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}
Athlon 64 Processor Driver --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x9
Broadcom 802.11 Driver --> C:\WINDOWS\system32\BCMWLU00.exe verbose /rootkey=Software\Broadcom\802.11\UninstallInfo
Canon Camera Access Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CAL\Uninst.ini"
Canon Camera Support Core Library --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CSCLIB\Uninst.ini"
Canon Camera Window DC_DV 5 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC\Uninst.ini"
Canon Camera Window DC_DV 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini"
Canon Camera Window MC 6 for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\CameraWindowMC\Uninst.ini"
Canon G.726 WMP-Decoder --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\G726Decoder\G726DecUnInstall.ini"
Canon MovieEdit Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\MVWUninst.ini"
Canon RAW Image Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\RAW Image Task\Uninst.ini"
Canon RemoteCapture Task for ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini"
Canon Utilities EOS Utility --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\EOS Utility\Uninst.ini"
Canon Utilities PhotoStitch --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\PhotoStitch\Uninst.ini"
Canon Utilities ZoomBrowser EX --> "C:\Program Files\Common Files\Canon\UIW\1.2.0.0\Uninst.exe" "C:\Program Files\Canon\ZoomBrowser EX\Program\Uninst.ini"
Centra Client --> C:\PROGRA~1\Centra\Client\bin\updater.exe -uninstall
Centra Symposium --> C:\PROGRA~1\Centra\bin\launcher.exe uninstall
CentraOne --> C:\PROGRA~1\CENTRA~1\bin\launcher.exe uninstall
Chinese Flashcards v2.1 --> "C:\Program Files\ChineseTools\unins000.exe"
Crack-Gmat Diagnostic Test --> "C:\Program Files\Gmat-Diagnostic-Test\unins000.exe"
DAQbilling 3 --> C:\Antek\UNWISE.EXE C:\Antek\DAQbill3Install.LOG
Desktop Protector (BlackICE) --> C:\Program Files\ISS\issSensors\DesktopProtection\uninstall.exe
DivX --> C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter --> C:\Program Files\DivX\ConverterUninstall.exe /CONVERTER
DivX Player --> C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER
eFax Messenger 4.0 --> C:\Program Files\eFax Messenger 4.0\Uninstall.exe
eRoom 7 --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\eRoom 7\Uninst.isu" -c"C:\Program Files\eRoom 7\eRClientUninstall.dll"
Executive Viewer Web Client 5.2 (English) --> C:\WINDOWS\DOWNLO~1\wcuninst5en.exe C:\WINDOWS\Downloaded Program Files\wcuninst5en.dat
Express Rip Uninstall --> C:\Program Files\NCH Swift Sound\ExpressRip\uninst.exe
FastStone Screen Capture --> "C:\Program Files\FastStone Screen Capture\uninstall.exe"
HijackThis 2.0.2 --> "E:\HijackThis.exe" /uninstall
HP Deskjet Preloaded Printer Drivers --> MsiExec.exe /X{F419D20A-7719-4639-8E30-C073A040D878}
HP Image Zone 3.5 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP PSC & OfficeJet 3.5 --> "C:\Program Files\HP\Digital Imaging\{0FABD3D7-3036-4e78-B29D-58957ADB0A12}\setup\hpzscr01.exe" -datfile hposcr03.dat
HP Software Update --> MsiExec.exe /X{34957B51-9676-41CE-9E52-44AE91B73F1C}
InterVideo WinDVD --> "C:\Program Files\InstallShield Installation Information\{98E8A2EF-4EAE-43B8-A172-74842B764777}\setup.exe" REMOVEALL
iPod for Windows 2005-02-07 --> C:\Program Files\Common Files\InstallShield\Driver\8\Intel 32\IDriver.exe /M{78B50D1D-642C-4B89-BCC7-352EAE3614D7} /l1033
iTunes --> MsiExec.exe /I{446DBFFA-4088-48E3-8932-74316BA4CAE4}
J2SE Runtime Environment 5.0 Update 9 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150090}
Java 2 Runtime Environment, SE v1.4.2_03 --> MsiExec.exe /I{7148F0A8-6813-11D6-A77B-00B0D0142030}
Kaspersky Online Scanner --> C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
KODAK Gallery Upload Software --> MsiExec.exe /I{B7F98125-4955-41E3-8A71-4CE11CE9C198}
LEGATO EmailXtender Shortcut Addin 4.70 --> MsiExec.exe /X{BEF5B614-5652-49B5-90A0-7F47DABA0E9F}
Lexmark Printer Software Uninstall --> C:\Program Files\Lexmark\Install\Uninstall.exe
LiveUpdate 1.90 (Symantec Corporation) --> C:\Program Files\Symantec\LiveUpdate\LSETUP.EXE /U
Macromedia Flash Player 8 --> C:\WINDOWS\system32\Macromed\Flash\UninstFl.exe
McAfee VirusScan Enterprise --> MsiExec.exe /I{5DF3D1BB-894E-4DCD-8275-159AC9829B43}
Meeting Manager for Internet Explorer --> MsiExec.exe /I{F2AB2488-A0BF-4A9B-98A9-A88CF20FD2FF}
Memories Disc Creator 2.0 --> MsiExec.exe /X{2E132061-C78A-48D4-A899-1D13B9D189FA}
Microsoft Office Live Meeting 2005 --> MsiExec.exe /I{3C527E13-C82E-464D-B417-9A2067DA31EA}
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Project Professional 2003 --> MsiExec.exe /I{903B0409-6000-11D3-8CFE-0150048383C9}
Microsoft Office Visio Professional 2003 --> MsiExec.exe /I{90510409-6000-11D3-8CFE-0150048383C9}
Mozilla Firefox (2.0.0.16) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSN Money Investment Toolbox --> "C:\Program Files\Microsoft Money 2006\MNYCoreFiles\Setup\uninst.exe" /s:5
muvee autoProducer DVD Edition - HPH --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{882F2BCD-C6A3-4D91-8A09-B2B34CB7E481}\setup.exe" -l0x9 anything
Norton WMI Update --> MsiExec.exe /X{1526D87C-A955-4FAB-BF18-697BA457E352}
NVIDIA nForce Drivers --> C:\WINDOWS\system32\nvuninst.exe Uninstall C:\WINDOWS\system32\NVU004.nvu,NVIDIA nForce Drivers
NVIDIA Windows 2000/XP Display Drivers --> rundll32.exe C:\WINDOWS\system32\nvinstnt.dll,NvUninstallNT4 nvcp.inf
OpSession Engine --> C:\WINDOWS\IsUninst.exe -f"C:\Program Files\Common Files\OpSession\Engine\Uninst.isu" -c"C:\Program Files\Common Files\OpSession\Engine\uninstall.dll
PCI 1620 Cardbus Controller and Software --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{97355297-21C8-40CD-96D3-48E58037A9B8} /l1033
Peregrine 5.1.3 --> MsiExec.exe /I{11936086-4C96-4A3E-B42D-74FE323DFC7A}
Photosmart 140,240,7200,7600,7700,7900 Series --> C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\setup\hpzscr01.exe -datfile hphscr01.dat
Quick Launch Buttons 5.00 B3 --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{CEB326EC-8F40-47B2-BA22-BB092565D66F}\setup.exe" -l0x9 -uninst
Quicken 2005 --> C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{2DBE41DD-2129-4C65-A3D3-5647236A60F3} anything
QuickTime --> MsiExec.exe /I{50D8FFDD-90CD-4859-841F-AA1961C7767A}
RealPlayer --> C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek RTL8139/810x Fast Ethernet NIC Driver Setup --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{97AA0C55-AFAD-4126-B21C-F1318FB6DADA}\setup.exe" -l0x9 REMOVE
RecordNow! --> MsiExec.exe /I{9541FED0-327F-4DF0-8B96-EF57EF622F19}
Skype™ 3.6 --> MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
Sonic Update Manager --> MsiExec.exe /I{09DA4F91-2A09-4232-AB8C-6BC740096DE3}
Spy Sweeper --> "C:\Program Files\Webroot\Spy Sweeper\unins000.exe"
SpywareBlaster v3.5.1 --> "C:\Program Files\SpywareBlaster\unins000.exe"
SpywareGuard v2.2 --> "C:\Program Files\SpywareGuard\unins000.exe"
Switch Uninstall --> C:\Program Files\NCH Swift Sound\Switch\uninst.exe
The Rosetta Stone --> C:\WINDOWS\unvise32.exe C:\Program Files\The Rosetta Stone\TRS Support\uninstal.log
Undisker --> C:\WINDOWS\UnGins.exe "C:\Program Files\Undisker\install.log"
VPN Client --> RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5624C000-B109-11D4-9DB4-00E0290FCAC5}\setup.exe" -l0x9 VpnUninstall
WavePad Uninstall --> C:\Program Files\NCH Swift Sound\WavePad\uninst.exe
WebEx --> C:\PROGRA~1\WebEx\atcliun.exe
Zone Deluxe Games --> MsiExec.exe /I{66C018BD-6F16-4B32-B4CD-1DC1B21FBDFF}


-- Application Event Log -------------------------------------------------------

Event Record #/Type1481 / Warning
Event Submitted/Written: 08/05/2008 08:58:55 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The scan of C:\MUSIC\Bear Share\Adobe Acrobat 7.0 Professional.zip\AIOD.DLL has taken too long to complete and is being canceled. Scan engine version used is 4400 DAT version 4763.(from PATRICK_KILEY_7 IP 192.168.1.2 user SYSTEM running VirusScan Enter 8.0 OAS)

Event Record #/Type1476 / Error
Event Submitted/Written: 08/05/2008 08:47:52 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The update failed; see event log.(from PATRICK_KILEY_7 IP 192.168.1.2 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Event Record #/Type1470 / Error
Event Submitted/Written: 08/03/2008 08:57:59 AM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The update failed; see event log.(from PATRICK_KILEY_7 IP 192.168.1.2 user SYSTEM running VirusScan Ent. 8.0.0 UPD)

Event Record #/Type1466 / Error
Event Submitted/Written: 08/02/2008 09:28:33 PM
Event ID/Source: 1002 / Application Hang
Event Description:
Hanging application firefox.exe, version 1.8.20080.62306, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Event Record #/Type1465 / Warning
Event Submitted/Written: 08/02/2008 09:21:01 PM
Event ID/Source: 257 / Alert Manager Event Interface
Event Description:
VirusScan Enterprise: The scan of D:\QUICKTIME\QUICKTIMEINSTALLER.EXE\QUICKTIMEINSTALLER.EXE has taken too long to complete and is being canceled. Scan engine version used is 4400 DAT version 4763.(from PATRICK_KILEY_7 IP 192.168.1.2 user SYSTEM running VirusScan Enter 8.0 OAS)



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type21358 / Error
Event Submitted/Written: 08/05/2008 08:46:50 PM
Event ID/Source: 7011 / Service Control Manager
Event Description:
Timeout (30000 milliseconds) waiting for a transaction response from the Netman service.

Event Record #/Type21303 / Warning
Event Submitted/Written: 08/02/2008 09:42:29 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by update.exe.

Event Record #/Type21302 / Warning
Event Submitted/Written: 08/02/2008 09:42:10 PM
Event ID/Source: 240 / Win32k
Event Description:
A request to suspend power was denied by update.exe.

Event Record #/Type21300 / Error
Event Submitted/Written: 08/02/2008 09:26:22 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.5.
The machine with the IP address 192.168.1.3 did not allow the name to be claimed by
this machine.

Event Record #/Type21299 / Error
Event Submitted/Written: 08/02/2008 09:21:10 PM
Event ID/Source: 4321 / NetBT
Event Description:
The name "MSHOME :1d" could not be registered on the Interface with IP address 192.168.1.5.
The machine with the IP address 192.168.1.3 did not allow the name to be claimed by
this machine.



-- End of Deckard's System Scanner: finished at 2008-08-05 21:13:54 ------------

Blade81
2008-08-06, 08:17
Hi

Delete following file:
C:\MUSIC\Bear Share\Quicken 2008 Premium.zip

and folder:
C:\quarantine


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version Java components and update to the latest version...

Updating Java:

Download the latest version of Java Runtime Environment (JRE) 6 Update 7 (http://java.sun.com/javase/downloads/index.jsp).
Scroll down to where it says
The J2SE Runtime Environment (JRE) allows end-users to run Java applications.

Click the
Download
button to the right.
Select Windows on platform combobox and check the box that says:
Accept License Agreement. Click continue.

The page will refresh.
Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
Close any programs you may have running - especially your web browser.
Go to Start > Control Panel double-click on Add/Remove programs and remove all older versions of Java.
Check any item with Java Runtime Environment (JRE or J2SE) in the name.
Click the Remove or Change/Remove button.
Repeat as many times as necessary to remove each Java versions.
Reboot your computer once all Java components are removed.
Then from your desktop double-click on jre-6u7-windows-i586-p.exe to install the newest version.



Please download Malwarebytes' Anti-Malware (http://www.besttechie.net/tools/mbam-setup.exe) to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location. The log can also be found here: C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Please post contents of that file & a fresh hjt log in your next reply.

PepiMK
2008-08-06, 19:22
(testing page 3 only, please disregard)

kileyp
2008-08-07, 16:00
Hi Blade,

Thanks for continuing to work with me on this. I really appreciate all your help. I could not find a Bear Share folder under the music folder. I believe we deleted the entire folder when uninstalling Bear Share.

Everything else is done, including the scan... will post the log files this evening.

Blade81
2008-08-07, 18:01
Ok. I'll wait for your reply :)

kileyp
2008-08-12, 08:52
Hey Sorry for the delay... was out of town this weekend and coulnd't get to it. Here are the log files

Mbam-log-8-7-2008
Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 2

8:00:39 PM 8/7/2008
mbam-log-8-7-2008 (20-00-39).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 98049
Time elapsed: 1 hour(s), 12 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Desktop) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\QooBox\Quarantine\C\WINDOWS\444.470.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hGVnNhij.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\hssjyvdq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\lufhyfanuj.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\ushjuchq.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\imp32\keysrve.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\provdll\globsetup.exe.vir (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227850.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227874.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP544\A0227910.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0227980.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228020.exe (Adware.BHO) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228021.dll (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP545\A0228333.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP546\A0229398.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235024.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235027.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP550\A0235025.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235129.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235131.exe (Trojan.DNSChanger) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{A53AFC92-EDE6-4047-A115-B8F9660A6BBE}\RP551\A0235134.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Documents and Settings\kileyp\results.txt (Malware.Trace) -> Quarantined and deleted successfully.

Hijack This:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:46 AM, on 8/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\kileyp\Desktop\HiJackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q304&bd=pavilion&pf=laptop
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] "nwiz.exe" /install
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [eabconfg.cpl] "C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe" /Start
O4 - HKLM\..\Run: [SSC_UserPrompt] "C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe"
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe" AcPro7_0_8 -reboot 1
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: EMC VPN Client.lnk = C:\Program Files\EMC VPN\VPN Client\vpngui.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://itcentral.corp.emc.com
O15 - Trusted Zone: http://itonline.isus.emc.com
O15 - Trusted Zone: http://itportal.corp.emc.com
O15 - Trusted Zone: http://www.emcu.isus.emc.com
O15 - Trusted Zone: http://itcentral.corp.emc.com (HKLM)
O15 - Trusted Zone: http://itonline.isus.emc.com (HKLM)
O15 - Trusted Zone: http://itportal.corp.emc.com (HKLM)
O16 - DPF: {036F8A56-0BC8-4607-8F98-D3231E6FF5ED} (CentraUpdaterAxCtl Class) - http://www.vclass.emc.com/SiteRoots/main/Install/win32/CentraUpdaterAx.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.nl/scanforvirus-en/kavwebscan_unicode.cab
O16 - DPF: {C3CBFE35-9BE8-11D1-B31B-006008948294} (OrgPublisher PluginX) - http://www.aquire.com/codebase70/OrgPubX.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\blackd.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\EMC VPN\VPN Client\cvpnd.exe
O23 - Service: HP WMI Interface (hpqwmi) - Hewlett-Packard Development Company, L.P. - C:\Program Files\HPQ\SHARED\HPQWMI.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\issSensors\DesktopProtection\RapApp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe

--
End of file - 9484 bytes

Blade81
2008-08-12, 09:02
Well congrats, it appears your system is all clean Are you still noticing any problems? If not, it's time to secure your system to prevent against further intrusions.


THESE STEPS ARE VERY IMPORTANT

Let's reset system restore
Reset and Re-enable your System Restore to remove infected files that have been backed up by Windows. The files in System Restore are protected to prevent any programs changing those files. This is the only way to clean these files: You will lose all previous restore points which are likely to be infected. Please note you need Administrator Access to do clean the restore points.

1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.
NOTE: only do this ONCE,NOT on a regular basis




Now lets uninstall ComboFix:

Click START then RUN
Now type Combofix /u in the runbox and click OK




Uninstall old Adobe Reader and get the latest one here (http://www.filehippo.com/download_adobe_reader/).


UPDATING WINDOWS AND INTERNET EXPLORER

IMPORTANT: You Need to Update Windows and Internet Explorer to protect your computer from the malware that is around on the Internet. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the critical updates.

If you are running Microsoft Office, or any portion thereof, go to the Microsoft's Office Update site and make sure you have at least all the critical updates installed (Free) Microsoft Office Update.


Make your Internet Explorer more secure

This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.



The following are recommended third party programs that are designed to keep your computer clean. A link as well as a brief description is included with each item.


Download SpywareBlaster
Spyware blaster is a program that stops known malicious activex controls from installing on your computer. It works by changing settings in your registry. It makes
kill bits
in the registry, so that certain activex controls can't install.
If you don't know what activex controls are, see here (http://www.webopedia.com/TERM/A/ActiveX_control.html)
You can download SpywareBlaster here here (http://majorgeeks.com/downloadget.php?id=2859&file=11&evp=61b0e8ad41924a03c37615f4682b4cef)
SpywareBlaster tutorial (http://www.bleepingcomputer.com/forums/tutorial49.html)

hosts file:
Every version of windows has a hosts file as part of them. In a very basic sense, they are used to locate webpages. We can customize a hosts file so that it blocks certain webpages. However, it can slow down certain computers. This is why using a hosts file is optional!!
Download it here (http://www.mvps.org/winhelp2002/hosts.htm). Make sure you read the instructions on how to install the hosts file. There is a good tutorial here (http://www.bleepingcomputer.com/forums/tutorial51.html)
If you decide to download the hosts file, the slowdown problems can usually be avoided by following these steps:
Click the start button (at the lower left hand corner of your screen) Click run In the dialog box, type services.msc hit enter, then locate dns client Highlight it, then double-click it. On the dropdown box, change the setting from automatic to manual. Click ok


Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly. For more info, check this (http://www.bleepingcomputer.com/forums/tutorial60.html) webpage out.
See here (http://www.freebyte.com/antivirus/#firewalls) to choose one if you don't have 3rd party firewall.



Just a final reminder for you. I am trying to stress these two points.
UPDATE UPDATE UPDATE!!! Make sure you do this about every 1-2 weeks.
Make sure all of your security programs are up to date.
Run the Malwarebytes' Anti-malware regularly. (Once or twice a week minimum.)
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.



Once again, please post and tell me how things are going with your system... problems etc.

Have a great day,
Blade :cool:

kileyp
2008-08-15, 20:39
Followed all the steps you recommended... except for host file and firewall. Don't think I'm going to install the host file... but will do the firewall, if the computer speeds up.

The computer seemed to slow down after installing Spyware Doctor

It doesn't appear that any specific programs are using lots of CPU, except for System Idle Process (averaging 98%). But anything I do takes a lot of time (opening Word docs, deleting files, etc.)

Also, I cannot open Quicken 2005 (which is the original version that was not infected). The program freezes on the launch screen... and I need to open it to back up the data before I install the new version of Quicken from the website.

Should I remove any of the following software that I downloaded trying to remove the virus?


Ad-Aware SE Personal
Kapersky Online Scanner
McAfee VirusScan Enterprise
Norton WMI Update
Spy Sweeper
SpywareBlaster v.3.5.1
Spyware Guard v2.2
ATF-Cleaner
HiJack This
DSS


Based on your note is seems like I should definitely keep Malwarebytes and Spyware Doctor.

Blade81
2008-08-15, 21:14
Followed all the steps you recommended... except for host file and firewall. Don't think I'm going to install the host file... but will do the firewall, if the computer speeds up.

The computer seemed to slow down after installing Spyware Doctor

It doesn't appear that any specific programs are using lots of CPU, except for System Idle Process (averaging 98%). But anything I do takes a lot of time (opening Word docs, deleting files, etc.)

Also, I cannot open Quicken 2005 (which is the original version that was not infected). The program freezes on the launch screen... and I need to open it to back up the data before I install the new version of Quicken from the website.

Could you try defrag hard drives to see if it has any positive impact to Quicken 2005 opening? I'm not familiar with Quicken but why can't you install new version of it? Doesn't new version support things created with 2005 version?


Should I remove any of the following software that I downloaded trying to remove the virus?


Ad-Aware SE Personal
Kapersky Online Scanner
McAfee VirusScan Enterprise
Norton WMI Update
Spy Sweeper
SpywareBlaster v.3.5.1
Spyware Guard v2.2
ATF-Cleaner
HiJack This
DSS


Based on your note is seems like I should definitely keep Malwarebytes and Spyware Doctor.

You need to have one antivirus program and 1-2 anti-spyware programs. So, from your list following programs are those I recommend to save:

Ad-Aware SE Personal
Malwarebytes' Anti-Malware
McAfee VirusScan Enterprise
SpywareBlaster v.3.5.1
ATF-Cleaner (for occasional cleaning of temporary items)


Other programs meantioned on your list can be uninstalled/removed. Also, uninstall your Adobe Reader and get the latest version here (http://www.filehippo.com/download_adobe_reader/).

Blade81
2008-08-22, 10:42
Since this issue appears to be resolved ... this Topic has been closed. Glad I could help. :)

Note:If it has been five days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh HijackThis log and a link to your previous thread.

If it has been less than five days since your last response and you need the thread re-opened, please send me or MOD a private message (pm). A valid, working link to the closed topic is required.