PDA

View Full Version : Vundo and fake anti-virus



DeltaFiveSix
2008-07-28, 15:25
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:22:06 AM, on 7/28/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfsem.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Toshiba\IVP\ISM\pinger.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Windows\Sys2E40.exe
C:\Windows\Sys39C4.exe
C:\Windows\Sys5FF9.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\RocketDock\RocketDock.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsCtrl.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\CAPPActiveProtection.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\rundll32.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Sys8007.exe] C:\Windows\Sys8007.exe
O4 - HKLM\..\Run: [Sys861F.exe] C:\Windows\Sys861F.exe
O4 - HKLM\..\Run: [Sys862F.exe] C:\Windows\Sys862F.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Sys8007.exe] C:\Windows\Sys8007.exe
O4 - HKCU\..\Run: [Sys861F.exe] C:\Windows\Sys861F.exe
O4 - HKCU\..\Run: [Sys862F.exe] C:\Windows\Sys862F.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsCtrl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUICECooLSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 13465 bytes

steamwiz
2008-08-04, 00:16
Hi

Please go here and upload any one of these files ...

C:\Windows\Sys2E40.exe
C:\Windows\Sys39C4.exe
C:\Windows\Sys5FF9.exe

http://www.virustotal.com/flash/index_en.html

Click the browse button & browse to the file on your computer

Post back the results ... right click on the page > select all

right click again copy

post the results in your next post here...

-
THEN ...

Download Deckard's System Scanner (formerly Comboscan) (http://www.geekstogo.com/forum/index.php?automodule=downloads&showfile=19) to your Desktop.

Note: You must be logged onto an account with administrator privileges.

1. Close all applications and windows.
2. Double-click on dss.exe to run it, and follow the prompts.
3. When the scan is complete, two text files will open - main.txt <- this one will be maximized and extra.txt <-this one will be minimized
4. Copy (Ctrl+A then Ctrl+C) and paste (Ctrl+V) the contents of main.txt in your next reply.
5. Then do the same with extra.txt

Note: you'll find extra.txt here :- C:\Deckard\System Scanner\extra.txt

Please remember to post both txt files ...


Note: some firewalls may warn that sigcheck.exe is trying to access the internet - please ensure that you allow sigcheck.exe permission to do so.

THEN ..

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner (http://www.kaspersky.com/virusscanner)

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.

The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make sure that the following are selected:

Scan using the following Anti-Virus database:


Extended (if available otherwise Standard)


Scan Options:


Scan Archives Scan Mail Bases

Click OK
Now under select a target to scan:

Select My Computer

The program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.

Now click on the Save as Text button:

Once finished, save the log to your Desktop as filename KAV.txt


THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Anti-Malware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.


steam

DeltaFiveSix
2008-08-04, 00:32
I can't locate SysXXXX.exe files but I remember seeing some in Symantec when it ran the auto-protect. I'm pretty sure it deleted them when it was doing that before.

I'm not sure if you want me to run the other scans yet or not so I'll wait for that instruction again.

I also would like to add that the pop-ups for the fake anti-virus software have stopped appearing for the past few days. Maybe I should post another HJT log?

steamwiz
2008-08-05, 01:34
Hi

The reason I asked you to get one of those files checked for me is because they were all shown as running in the Running processes: of the hijackthis log you posted ... so they were definitely there when you ran that last hijackthis :)

Please do run the scans I asked for, the DSS log will include a new hijackthis scan, so no need to run one separately, if you run the scans and post the logs, we'll have an idea whether the malware has been deleted or is just in hiding :)

steam

DeltaFiveSix
2008-08-05, 16:56
I've completed all the scans following instruction but DSS only gave me a main.txt file. There wasn't even an extra.txt file in the Deckard folder. But here are all the reports without extra.txt.

Deckard's System Scanner v20071014.68
Run by Kyle on 2008-08-04 19:40:39
Computer is in Normal Mode.
--------------------------------------------------------------------------------

Total Physical Memory: 1014 MiB (1024 MiB recommended).


-- HijackThis (run as Kyle.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:41:20 PM, on 8/4/2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Symantec AntiVirus\VPTray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\Explorer.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Synaptics\SynTP\SynToshiba.exe
C:\Users\Kyle\Pictures\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Kyle.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.toshibadirect.com/dpdstart
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [TPwrMain] %ProgramFiles%\TOSHIBA\Power Saver\TPwrMain.EXE
O4 - HKLM\..\Run: [HSON] %ProgramFiles%\TOSHIBA\TBS\HSON.exe
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [KeyAccess] C:\Windows\keyacc32.exe
O4 - HKLM\..\Run: [cctray] "C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe"
O4 - HKLM\..\Run: [capfasem] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [QOELOADER] "C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [PINGER] C:\TOSHIBA\IVP\ISM\pinger.exe /run
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Belkin Network USB Hub Control Center.lnk = C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe
O4 - Global Startup: NovaBACKUP Tray Control.lnk = C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsCtrl.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/us/kavwebscan_unicode.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Backup Scheduler - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\CBP\DCSchdlerSRVC.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: CaCCProvSP - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: CPUCooLServer Service (CPUCooLServer) - Unknown owner - C:\Program Files\CPUICECooLSrv.exe (file missing)
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NovaStor NovaBACKUP Backup/Copy Engine (NsService) - NovaStor - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PPCtlPriv - CA, Inc. - C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe
O23 - Service: Real time Backup Loader - Unknown owner - C:\Program Files\NovaStor\NovaStor NovaBACKUP\DR\Fsloader.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Swupdtmr - Unknown owner - c:\Toshiba\IVP\swupdate\swupdtmr.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - TOSHIBA Corporation - C:\Windows\system32\TODDSrv.exe
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: HIPS Event Manager (UmxAgent) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe
O23 - Service: HIPS Configuration Interpreter (UmxCfg) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe
O23 - Service: HIPS Firewall Helper (UmxFwHlp) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe
O23 - Service: HIPS Policy Manager (UmxPol) - CA - C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe

--
End of file - 14373 bytes

-- Files created between 2008-07-04 and 2008-08-04 -----------------------------

2008-08-03 21:30:50 0 d-------- C:\Program Files\SystemRequirementsLab
2008-08-01 22:02:58 4096 --a------ C:\Windows\d3dx.dat
2008-07-30 19:23:21 0 d-------- C:\Program Files\Digsby
2008-07-30 03:02:38 25644032 --a------ C:\Windows\system32\imageres.dll <Not Verified; Microsoft Corporation; Microsoft® Windows® Operating System>
2008-07-29 19:41:40 0 d-------- C:\World of Warcraft
2008-07-29 19:41:40 0 d-------- C:\Program Files\Common Files\Blizzard Entertainment
2008-07-29 18:59:28 0 d-------- C:\Users\All Users\FLEXnet
2008-07-29 18:46:18 0 d-------- C:\Program Files\ToniArts
2008-07-29 13:04:28 0 d-------- C:\Program Files\Common Files\Control Panels
2008-07-29 12:58:44 0 d-------- C:\Users\All Users\ALM
2008-07-29 11:36:13 0 d-------- C:\Program Files\Common Files\Macrovision Shared
2008-07-28 07:43:16 246784 --a------ C:\Windows\system32\wvUolMFx.dll
2008-07-28 07:42:39 33152 -----n--- C:\Windows\system32\wvUMGaBt.dll
2008-07-28 07:37:36 35328 -----n--- C:\Windows\system32\xxyYOfEW.dll
2008-07-27 21:48:40 0 d-------- C:\Program Files\Disney
2008-07-27 15:25:14 560 --a------ C:\Windows\eReg.dat
2008-07-27 15:20:12 0 d-------- C:\Program Files\Total War
2008-07-27 15:18:35 306688 --a------ C:\Windows\IsUninst.exe <Not Verified; InstallShield Software Corporation; InstallShield® unInstaller>
2008-07-27 14:12:09 0 d-------- C:\Program Files\DAEMON Tools Lite
2008-07-27 13:58:05 0 d-------- C:\Program Files\DAEMON Tools Toolbar
2008-07-27 13:13:48 0 d-------- C:\Program Files\America's Army Server Manager
2008-07-27 13:09:06 0 d-------- C:\Program Files\America's Army
2008-07-24 21:14:14 0 d-------- C:\Program Files\DirectX
2008-07-24 20:49:52 0 d-------- C:\Program Files\WarRock
2008-07-22 21:50:46 0 d-------- C:\Program Files\iPod
2008-07-22 21:50:41 0 d-------- C:\Program Files\iTunes
2008-07-22 21:47:29 0 d-------- C:\Program Files\QuickTime
2008-07-21 17:26:12 0 dr------- C:\Users\Admin\Searches
2008-07-21 17:25:50 0 dr------- C:\Users\Admin\Contacts
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Templates
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Start Menu
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\SendTo
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Recent
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\PrintHood
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\NetHood
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Local Settings
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Cookies
2008-07-21 17:25:03 0 d--hs---- C:\Users\Admin\Application Data
2008-07-21 17:25:02 0 d--hs---- C:\Users\Admin\My Documents
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Videos
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Saved Games
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Pictures
2008-07-21 17:24:57 1310720 --ahs---- C:\Users\Admin\NTUSER.DAT
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Music
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Links
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Favorites
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Downloads
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Documents
2008-07-21 17:24:57 0 dr------- C:\Users\Admin\Desktop
2008-07-21 17:24:57 0 d--h----- C:\Users\Admin\AppData
2008-07-20 21:51:02 0 d-------- C:\Users\All Users\Stardock
2008-07-19 22:21:28 1024 ---h----- C:\diskfile1
2008-07-19 16:33:00 14848 ---h----- C:\logicinf.bin
2008-07-19 16:32:46 77472 --a------ C:\Windows\system32\drivers\dcsnap.sys
2008-07-19 16:32:46 155648 --a------ C:\Windows\system32\drivers\DCDisk.sys
2008-07-19 16:32:39 512 -r-hs---- C:\FARSBOOT.BIN
2008-07-19 16:32:39 388 -r-hs---- C:\DCMBRBIN
2008-07-19 16:29:20 0 d-------- C:\Users\All Users\NovaStor
2008-07-19 16:27:59 0 d-------- C:\Program Files\NovaStor
2008-07-18 13:54:04 0 d-------- C:\sa130d0v170
2008-07-13 17:18:25 0 d-------- C:\Program Files\VMware
2008-07-13 10:58:05 1720086 --a------ C:\Windows\system32\TmpA44108970
2008-07-13 10:57:47 1720086 --a------ C:\Windows\system32\TmpA44090453
2008-07-11 09:36:25 53248 --a------ C:\Windows\PSEXESVC.EXE <Not Verified; Sysinternals; Sysinternals PsExec>
2008-07-11 09:23:25 161792 --a------ C:\Windows\swreg.exe <Not Verified; SteelWerX; SteelWerX Registry Editor>
2008-07-11 01:49:28 0 d-------- C:\Program Files\Maketorrent 2
2008-07-10 09:49:48 0 d-------- C:\Program Files\CoreCodec
2008-07-10 05:28:14 0 d-------- C:\Windows\SQLTools9_KB948109_ENU
2008-07-10 03:37:13 0 d-------- C:\Windows\SQL9_KB948109_ENU
2008-07-09 22:07:34 0 d-------- C:\Program Files\Bodrag
2008-07-09 10:00:32 68096 --a------ C:\Windows\zip.exe
2008-07-09 10:00:32 98816 --a------ C:\Windows\sed.exe
2008-07-09 10:00:32 80412 --a------ C:\Windows\grep.exe
2008-07-09 10:00:32 89504 --a------ C:\Windows\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-07-09 10:00:31 49152 --a------ C:\Windows\VFind.exe
2008-07-09 10:00:31 136704 --a------ C:\Windows\swsc.exe <Not Verified; SteelWerX; SteelWerX Service Controller>
2008-07-09 09:59:22 212480 --a------ C:\Windows\swxcacls.exe <Not Verified; SteelWerX; SteelWerX Extended Configurator ACLists>
2008-07-06 18:24:43 0 d-------- C:\Users\All Users\WindowsSearch
2008-07-06 06:40:54 0 d-------- C:\Program Files\MagicISO
2008-07-04 11:37:52 34693 --a------ C:\Windows\scunin.dat
2008-07-04 11:37:44 967 --a------ C:\Windows\ScUnin.pif
2008-07-04 11:37:43 94208 --a------ C:\Windows\ScUnin.exe <Not Verified; Blizzard Entertainment; Starcraft Uninstaller>
2008-07-04 11:36:40 0 d-------- C:\Program Files\Starcraft


-- Find3M Report ---------------------------------------------------------------

2008-08-04 17:39:21 0 d-------- C:\Users\Kyle\AppData\Roaming\uTorrent
2008-08-03 21:30:51 0 d-------- C:\Users\Kyle\AppData\Roaming\SystemRequirementsLab
2008-08-02 17:22:47 12693 --a------ C:\Users\Kyle\AppData\Roaming\.googlewebacchosts
2008-07-31 06:15:26 0 d-------- C:\Program Files\Google
2008-07-30 19:36:29 0 d-------- C:\Users\Kyle\AppData\Roaming\.purple
2008-07-30 19:26:44 0 d-------- C:\Users\Kyle\AppData\Roaming\Digsby
2008-07-29 20:02:34 0 d-------- C:\Program Files\Common Files
2008-07-29 19:00:19 0 d-------- C:\Users\Kyle\AppData\Roaming\Adobe
2008-07-29 18:46:16 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-07-29 18:41:30 0 d-------- C:\Users\Kyle\AppData\Roaming\Uniblue
2008-07-29 13:10:52 0 d-------- C:\Program Files\Common Files\Adobe
2008-07-28 22:23:07 0 d-------- C:\Users\Kyle\AppData\Roaming\gtk-2.0
2008-07-23 01:07:55 0 d-------- C:\Program Files\Firaxis Games
2008-07-23 00:49:26 0 d-------- C:\Program Files\dvdSanta
2008-07-22 21:48:48 0 d-------- C:\Program Files\Bonjour
2008-07-20 17:48:59 0 d-------- C:\Users\Kyle\AppData\Roaming\dvdcss
2008-07-19 22:47:39 0 d-------- C:\Program Files\EA GAMES
2008-07-19 16:33:01 4194304 -r-h----- C:\spc_kern
2008-07-17 11:13:02 0 d-------- C:\Users\Kyle\AppData\Roaming\Media Player Classic
2008-07-13 18:57:02 0 d-------- C:\Program Files\iolo
2008-07-13 11:01:25 0 d-------- C:\Program Files\Jasc Software Inc
2008-07-13 10:56:50 0 d-------- C:\Program Files\AviSynth 2.5
2008-07-11 03:17:56 0 d-------- C:\Program Files\Microsoft SQL Server
2008-07-10 08:13:10 0 d-------- C:\Program Files\Windows Mail
2008-07-09 09:14:02 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-06 19:37:05 0 d-------- C:\Program Files\Deskshare
2008-07-06 19:37:05 0 d-------- C:\Program Files\Common Files\DeskShare Shared
2008-07-06 19:37:04 0 d-------- C:\Program Files\bobyte
2008-07-04 07:40:47 0 d-------- C:\Program Files\uTorrent
2008-07-02 18:32:37 737280 --a------ C:\Windows\iun6002.exe <Not Verified; Indigo Rose Corporation; Setup Factory 6.0 Runtime Module>
2008-06-28 13:05:00 0 d-------- C:\Users\Kyle\AppData\Roaming\Mozilla
2008-06-27 15:25:44 0 d-------- C:\Users\Kyle\AppData\Roaming\NeroDigital™
2008-06-24 22:19:30 0 d-------- C:\Users\Kyle\AppData\Roaming\Google
2008-06-23 10:54:19 0 d-------- C:\Program Files\DivX
2008-06-23 10:39:14 356352 --a------ C:\Windows\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-06-23 00:48:50 0 d-------- C:\Program Files\Common Files\Nero
2008-06-17 16:16:56 115343360 -r-h----- C:\spc_root
2008-06-17 16:16:48 5242880 -r-h----- C:\spc_init
2008-06-06 04:37:53 0 d-------- C:\Program Files\RocketDock
2008-05-30 19:22:48 802816 --a------ C:\Windows\system32\divx_xx11.dll <Not Verified; DivX, Inc.; DivX?>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx0c.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:48 823296 --a------ C:\Windows\system32\divx_xx07.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 815104 --a------ C:\Windows\system32\divx_xx0a.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-30 19:22:46 683520 --a------ C:\Windows\system32\DivX.dll <Not Verified; DivX, Inc.; DivX®>
2008-05-22 18:22:18 3596288 --a------ C:\Windows\system32\qt-dx331.dll
2008-05-22 18:19:46 196608 --a------ C:\Windows\system32\dtu100.dll <Not Verified; DivX, Inc.; DivX, Inc. dtu100>
2008-05-22 18:19:46 81920 --a------ C:\Windows\system32\dpl100.dll <Not Verified; DivX, Inc.; DivX, Inc. dpl100>
2008-05-22 18:18:54 12288 --a------ C:\Windows\system32\DivXWMPExtType.dll
2008-05-15 18:16:25 2823 --a------ C:\Windows\mozver.dat


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{32099AAC-C132-4136-9E9A-4E364A424E17}"= C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [07/17/2008 07:27 AM 691656]

[-HKEY_CLASSES_ROOT\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj.1]
[HKEY_CLASSES_ROOT\TypeLib\{3E288F79-03E4-4983-A48E-0D879B51FF19}]
[HKEY_CLASSES_ROOT\DTToolbar.ToolBandObj]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [04/03/2008 10:51 AM]
"RtHDVCpl"="RtHDVCpl.exe" [03/11/2008 05:53 PM C:\Windows\RtHDVCpl.exe]
"TPwrMain"="C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE" [12/20/2006 03:16 AM]
"HSON"="C:\Program Files\TOSHIBA\TBS\HSON.exe" [12/07/2006 08:49 PM]
"HWSetup"="C:\Program Files\TOSHIBA\Utilities\HWSetup.exe" [11/01/2006 12:06 PM]
"SVPWUTIL"="C:\Program Files\TOSHIBA\Utilities\SVPWUTIL.exe" [01/18/2006 08:06 PM]
"KeyAccess"="C:\Windows\keyacc32.exe" [06/08/2007 02:00 PM]
"cctray"="C:\Program Files\CA\CA Internet Security Suite\cctray\cctray.exe" [11/27/2007 09:42 PM]
"capfasem"="C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\capfasem.exe" [07/31/2008 11:13 PM]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [07/27/2007 07:00 AM]
"QOELOADER"="C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spam\QSP-5.1.18.0\QOELoader.exe" [11/28/2007 08:17 AM]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [11/22/2006 06:12 PM]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [11/28/2006 07:34 AM]
"PINGER"="C:\TOSHIBA\IVP\ISM\pinger.exe" [07/20/2006 04:45 PM]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [08/24/2007 08:00 AM]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [02/18/2008 04:29 PM]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05/15/2008 06:13 PM]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [02/11/2008 08:13 PM]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [02/11/2008 08:13 PM]
"Persistence"="C:\Windows\system32\igfxpers.exe" [02/11/2008 08:13 PM]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [07/10/2008 09:47 AM]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [05/27/2008 10:50 AM]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [07/10/2008 10:51 AM]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [05/10/2007 10:46 PM]
"@"="" []
"Adobe_ID0EYTHM"="C:\PROGRA~1\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE" [03/20/2007 04:40 PM]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="C:\Windows\ehome\ehTray.exe" [01/19/2008 03:33 AM]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" [02/28/2008 05:07 PM]
"RocketDock"="C:\Program Files\RocketDock\RocketDock.exe" [09/02/2007 01:58 PM]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [01/19/2008 03:33 AM]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [07/24/2008 11:02 AM]
"Uniblue RegistryBooster 2"="c:\program files\uniblue\registrybooster 2\StartRegistryBooster.exe" []

C:\Users\Kyle\Start Menu\Programs\Startup\
Belkin Network USB Hub Control Center.lnk - C:\Program Files\Belkin\Network USB Hub Control Center\Connect.exe [3/21/2008 9:02:01 PM]

C:\ProgramData\Start Menu\Programs\Startup\
NovaBACKUP Tray Control.lnk - C:\Program Files\NovaStor\NovaStor NovaBACKUP\NsCtrl.exe [6/17/2008 4:56:16 PM]
Run Google Web Accelerator.lnk - C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe [7/9/2007 11:24:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"EnableLUA"=0 (0x0)
"EnableUIADesktopToggle"=0 (0x0)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoInstrumentation"=1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\PFW]
UmxWnp.Dll 01/31/2007 03:00 PM 79368 C:\Windows\System32\UmxWNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=KATRACK.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\00TCrdMain]
%ProgramFiles%\TOSHIBA\FlashCards\TCrdMain.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cafwc]
C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe -cl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
"C:\Program Files\DAEMON Tools Lite\daemon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"C:\Program Files\iTunes\iTunesHelper.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LtMoh]
C:\Program Files\ltmoh\Ltmoh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"C:\Program Files\QuickTime\QTTask.exe" -atboottime

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SmoothView]
%ProgramFiles%\Toshiba\SmoothView\SmoothView.exe

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE Mcx2Svc WebClient SstpSvc
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum
WindowsMobile wcescomm rapimgr
LocalServiceRestricted WcesComm RapiMgr


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\F]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1eab8f52-c138-11dc-bdc0-0016d4fc3df5}]
AutoRun\command- F:\Autorun.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4d008b31-a32e-11dc-b5af-0016d4fc3df5}]
AutoRun\command- E:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{af8d580e-a8f1-11dc-a0c7-0016d4fc3df5}]
AutoRun\command- F:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b3-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- I:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c22cf7b6-9d4f-11dc-97dc-0016d4fc3df5}]
AutoRun\command- H:\LaunchU3.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eefbe5b7-5c05-11dd-a4ff-0016d4fc3df5}]
AutoRun\command- F:\Autoplay.exe -auto


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI



-- End of Deckard's System Scanner: finished at 2008-08-04 19:42:38 ------------


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, August 5, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Monday, August 04, 2008 16:07:43
Records in database: 1053458
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\

Scan statistics:
Files scanned: 268161
Threat name: 20
Infected objects: 90
Suspicious objects: 0
Duration of the scan: 12:51:14


File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340000\49B7C016.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ac 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan.Win32.Agent.wam 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Hoax.HTML.Secureinvites.d 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001.VBN Infected: Trojan-Downloader.Win32.Small.tzu 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005.VBN Infected: Trojan.Win32.Vapsup.fth 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480006.VBN Infected: Trojan.Win32.Vapsup.gag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00000\5AD622B5.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00001\5AD622E6.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17680000\5FFA7F3C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340000\49B7C016.VBN Infected: Trojan-Downloader.Win32.Mutant.aqt 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ac 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan.Win32.Agent.wam 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Hoax.HTML.Secureinvites.d 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001.VBN Infected: Trojan-Downloader.Win32.Small.tzu 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005.VBN Infected: Trojan.Win32.Vapsup.fth 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480006.VBN Infected: Trojan.Win32.Vapsup.gag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00000\5AD622B5.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00001\5AD622E6.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011B\5AD7B985.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011D\5AD7BA77.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011E\5AD7BAE0.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011F\5AD7BDDF.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17680000\5FFA7F3C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\Users\Kyle\Music\LimeWire\03 Track 3.wma Infected: Trojan-Downloader.WMA.Wimad.l 1
C:\Windows\System32\wvUolMFx.dll Infected: Trojan.Win32.Monder.wp 1

The selected area was scanned.


Malwarebytes' Anti-Malware 1.20
Database version: 933
Windows 6.0.6001 Service Pack 1

9:52:49 AM 8/5/2008
mbam-log-8-5-2008 (09-52-38).txt

Scan type: Quick Scan
Objects scanned: 43732
Time elapsed: 9 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\xxyYOfEW.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\wvUMGaBt.dll (Trojan.Vundo) -> No action taken.
C:\Windows\System32\wvUolMFx.dll (Trojan.Vundo) -> No action taken.

DeltaFiveSix
2008-08-05, 17:10
Sorry, I posted the mbam log before removing threats. Here's the correct one.

Malwarebytes' Anti-Malware 1.24
Database version: 1012
Windows 6.0.6001 Service Pack 1

10:09:26 AM 8/5/2008
mbam-log-8-5-2008 (10-09-26).txt

Scan type: Quick Scan
Objects scanned: 42892
Time elapsed: 7 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Windows\System32\xxyYOfEW.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUMGaBt.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\Windows\System32\wvUolMFx.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

steamwiz
2008-08-06, 01:04
Hi

I see you have a P2P program installed, because of new policy in this forum I am obliged to ask you to read this post :-

http://forums.spybot.info/showpost.php?p=218503&postcount=4

I am not going to ask you to uninstall any P2P programs, because you could uninstall them, then when we are finished re-install them again, which is just wasting your time & mine. But I do ask that you read the above thread carefully so that you are aware of the dangers of P2P, use any P2P program sparingly, & always have any file downloaded via a P2P program scanned for malware before running it.

Have the file scanned at any of these sites :-

http://virusscan.jotti.org/
http://www.virustotal.com/flash/index_en.html
http://www.virscan.org/

We can work without the "extra.txt" but it would have been helpful, if there is likely to be anything in it which I need, I will get you to get it for me another way.

First, using one of the scanning sites listed above, have one of these files scanned for me, & post the results :-

C:\Windows\system32\TmpA44108970
C:\Windows\system32\TmpA44090453

THEN ...

1. Find & delete this file :- C:\Users\Kyle\Music\LimeWire\03 Track 3.wma > Infected: Trojan-Downloader.WMA.Wimad.l

2. empty your Symantec AntiVirus Quarantine

3. Run & post a new KASPERSKY ONLINE SCANNER 7 REPORT.......

How's the computer running ? any problems ?

steam

DeltaFiveSix
2008-08-06, 20:54
I emptied the Symantec quarantine as instructed but it seems as though there's more in it now or I somehow did something wrong. As far as computer performance, everything seems to be running fine other than some games slowing down after a bit of gameplay but I think that's at fault to hardware. Here are the reports, though.

Antivirus Version Last Update Result
AhnLab-V3 2008.8.6.0 2008.08.05 -
AntiVir 7.8.1.15 2008.08.05 -
Authentium 5.1.0.4 2008.08.05 -
Avast 4.8.1195.0 2008.08.05 -
AVG 8.0.0.156 2008.08.05 -
BitDefender 7.2 2008.08.05 -
CAT-QuickHeal 9.50 2008.08.05 -
ClamAV 0.93.1 2008.08.05 -
DrWeb 4.44.0.09170 2008.08.05 -
eSafe 7.0.17.0 2008.08.05 -
eTrust-Vet 31.6.6009 2008.08.05 -
Ewido 4.0 2008.08.05 -
F-Prot 4.4.4.56 2008.08.05 -
F-Secure 7.60.13501.0 2008.08.05 -
Fortinet 3.14.0.0 2008.08.05 -
GData 2.0.7306.1023 2008.08.05 -
Ikarus T3.1.1.34.0 2008.08.05 -
K7AntiVirus 7.10.404 2008.08.05 -
Kaspersky 7.0.0.125 2008.08.06 -
McAfee 5354 2008.08.05 -
Microsoft 1.3807 2008.08.06 -
NOD32v2 3330 2008.08.05 -
Norman 5.80.02 2008.08.05 -
Panda 9.0.0.4 2008.08.05 -
PCTools 4.4.2.0 2008.08.05 -
Prevx1 V2 2008.08.06 -
Rising 20.56.12.00 2008.08.05 -
Sophos 4.31.0 2008.08.05 -
Sunbelt 3.1.1537.1 2008.08.01 -
Symantec 10 2008.08.06 -
TheHacker 6.2.96.393 2008.08.04 -
TrendMicro 8.700.0.1004 2008.08.05 -
VBA32 3.12.8.2 2008.08.05 -
ViRobot 2008.8.5.1324 2008.08.05 -
VirusBuster 4.5.11.0 2008.08.05 -
Webwasher-Gateway 6.6.2 2008.08.05 -
Additional information
File size: 1720086 bytes
MD5...: 1b35adfbdd89c2e7f5d1b50f020ea7db
SHA1..: 0b4aa359ba34134b562a26ba4adbc3631652a5cd
SHA256: fa5cf9d1edb16494db7e7599e3fe3f3b2ab5e6c9b9943be93d2e33773dcdf84d
SHA512: 58adac7f0d432a4e8246992f5aa0f4d2735e7729d9f4173c6335f1ebb4228052
a7878523ec139b750ed937cc31420ed5431384356bc0708ec5fb38d0a11042eb
PEiD..: -
PEInfo: -


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Wednesday, August 6, 2008
Operating System: Microsoft Windows Vista Home Premium Edition, 32-bit Service Pack 1 (build 6001)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Wednesday, August 06, 2008 08:17:51
Records in database: 1059935
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
G:\

Scan statistics:
Files scanned: 265355
Threat name: 17
Infected objects: 114
Suspicious objects: 0
Duration of the scan: 10:06:22


File name / Threat name / Threats count
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ac 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan.Win32.Agent.wam 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Hoax.HTML.Secureinvites.d 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001.VBN Infected: Trojan-Downloader.Win32.Small.tzu 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005.VBN Infected: Trojan.Win32.Vapsup.fth 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480006.VBN Infected: Trojan.Win32.Vapsup.gag 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00000\5AD622B5.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00001\5AD622E6.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011B\5AD7B985.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011D\5AD7BA77.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011E\5AD7BAE0.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011F\5AD7BDDF.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00120\5AD7BE49.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00120\5AD7BE49.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00121\5AD7BEB4.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00122\5AD7BF41.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00122\5AD7BF41.VBN Infected: Trojan.Win32.Monder.gen 1
C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17680000\5FFA7F3C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ac 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan.Win32.Agent.wam 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.ap 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: not-a-virus:FraudTool.Win32.UltimateAntivirus.an 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\01340001\49B7C03C.VBN Infected: Hoax.HTML.Secureinvites.d 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00000\48F9726C.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00001\48F972B9.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00001\48F972B9.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00002\48F972E1.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00003\48F97306.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00003\48F97306.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00004\48F97334.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00005\48F97362.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00005\48F97362.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00006\48F97388.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00007\48F973AE.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\08E00007\48F973AE.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480001.VBN Infected: Trojan-Downloader.Win32.Small.tzu 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480002\4F6E6278.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480003.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.epc 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480004.VBN Infected: Trojan.Win32.Vapsup.fcy 6
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480005.VBN Infected: Trojan.Win32.Vapsup.fth 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0F480006.VBN Infected: Trojan.Win32.Vapsup.gag 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340000\59BCDA08.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\11340001\59BCDA2E.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00000\5AD622B5.VBN Infected: Trojan-Downloader.Win32.Agent.xkd 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00001\5AD622E6.VBN Infected: not-a-virus:FraudTool.Win32.WinAntiVirus.af 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011B\5AD7B985.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011C\5AD7BA06.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011D\5AD7BA77.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011E\5AD7BAE0.VBN Infected: Trojan.Win32.Monderc.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D0011F\5AD7BDDF.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00120\5AD7BE49.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00120\5AD7BE49.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00121\5AD7BEB4.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00122\5AD7BF41.VBN Infected: Trojan-Downloader.Win32.Small.gll 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\12D00122\5AD7BF41.VBN Infected: Trojan.Win32.Monder.gen 1
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\17680000\5FFA7F3C.VBN Infected: not-a-virus:FraudTool.Win32.Agent.ag 1

The selected area was scanned.

steamwiz
2008-08-07, 00:16
Hi

The file you had scanned appears to be clean, but I'd like to have a look at it myself...

Please go here :-

http://www.thespykiller.co.uk/index.php?board=1.0

Start a new topic ...title files for steamwiz

put this in your post :-

for steamwiz ...

link :- http://forums.spybot.info/showthread.php?t=31694

C:\Windows\system32\TmpA44108970
C:\Windows\system32\TmpA44090453


then please find either one of these files :-

C:\Windows\system32\TmpA44108970
C:\Windows\system32\TmpA44090453

... zip it & attach it to the post...

-

Well, you're absolutely right, there are more showing in the Symantec AntiVirus\Quarantine now, than there were before....

I've no idea why they didn't delete, but the good news is that malware was ONLY found in the symantec AntiVirus\Quarantine folder, & as this is already Quarantined, it will cause no problems where it is.

I don't use Symantec AntiVirus myself, but maybe the fact there are 2 quarantine folders has some bearing on it ...

C:\ProgramData\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine
C:\Users\All Users\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Please run this on-line scan :-

http://www.bitdefender.com/scan8/ie.html

Scan the whole computer & let it Disinfect/delete all it finds ...

copy & paste here its report here please.

steam

DeltaFiveSix
2008-08-07, 17:49
BitDefender Online Scanner

Scan report generated at: Thu, Aug 07, 2008 - 06:57:00

Scan path: C:\;D:\;F:\;G:\;


Statistics

Time
02:36:11

Files
621130

Folders
30249

Boot Sectors
3

Archives
3491

Packed Files
63559


Results

Identified Viruses
1

Infected Files
1

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
1


Engines Info

Virus Definitions
1426478

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
16

Archive plugins
43

Unpack plugins
7

E-mail plugins
6

System plugins
5


Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes


Scanned File

Status
C:\Users\Kyle\Documents\Downloads\Metal Gear Solid 4 Original Soundtrack.zip=>Metal Gear Solid 4 Original Soundtrack.exe
Infected with: Trojan.Dropper.SFD

C:\Users\Kyle\Documents\Downloads\Metal Gear Solid 4 Original Soundtrack.zip=>Metal Gear Solid 4 Original Soundtrack.exe
Deleted

C:\Users\Kyle\Documents\Downloads\Metal Gear Solid 4 Original Soundtrack.zip
Updated

steamwiz
2008-08-07, 22:49
Hi

I expected BitDefender to find & delete all those files in the Symantec quarantine folder, but it didn't see any ...

Have another look in the Symantec AntiVirus\Quarantine folder & see if it's now empty ?

I've had a look at the file you uploaded, I don't see anything suspicious in it, it appears to be something related to a blues album called StrawbAiry Soul ? possibly a file generated during a burn/copy operation ? ... anyway I don't see it as a problem.

steam

DeltaFiveSix
2008-08-07, 22:52
I had actually gone into both quarantine folders again and deleted everything prior to running the scan and they're both still empty as of now. It seems as though everything has been taken care of now, correct? I don't notice any problems on my end.

steamwiz
2008-08-08, 23:36
Hi

Yep ... everything looks OK now :)

Just one thing, I notice your java is out-of-date ... there have been 7 updates to java since the version you are using ...

Go to add/remove programs and uninstall any earlier versions ... in your case :-

jre1.6.0

Then You can go here and install the latest version of Java.

http://java.sun.com/javase/downloads/index.jsp

Scroll down the page to 'Java Runtime Environment (JRE) 6 Update 7' and press the 'Download' button.


Running an out-of-date version of java is an infection risk.

Then ... Before you leave the site ...

Please Have a look here at ways to keep your computer safe :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing :)

steam

DeltaFiveSix
2008-08-09, 06:10
Yeah I noticed something about my Java being out of date a couple days ago but haven't been on the ball to fix that yet. I'll definitely do it as soon as I can though.

Thanks for all the help and suggestions.

steamwiz
2008-08-09, 21:12
You're very welcome :)

I'll lock this thread now that it is resolved.

steam